@Article{cmc.2020.010793,
AUTHOR = {Jinxin Zuo, Yueming Lu, Hui Gao, Ruohan Cao, Ziyv Guo, Jim Feng},
TITLE = {Comprehensive Information Security Evaluation Model Based on  Multi-Level Decomposition Feedback for IoT},
JOURNAL = {Computers, Materials \& Continua},
VOLUME = {65},
YEAR = {2020},
NUMBER = {1},
PAGES = {683--704},
URL = {http://www.techscience.com/cmc/v65n1/39589},
ISSN = {1546-2226},
ABSTRACT = {The development of the Internet of Things (IoT) calls for a comprehensive information security evaluation framework to quantitatively measure the safety score and 
risk (S&R) value of the network urgently. In this paper, we summarize the architecture 
and vulnerability in IoT and propose a comprehensive information security evaluation 
model based on multi-level decomposition feedback. The evaluation model provides an 
idea for information security evaluation of IoT and guides the security decision maker for 
dynamic protection. Firstly, we establish an overall evaluation indicator system that 
includes four primary indicators of threat information, asset, vulnerability, and 
management, respectively. It also includes eleven secondary indicators of system 
protection rate, attack detection rate, confidentiality, availability, controllability, 
identifiability, number of vulnerabilities, vulnerability hazard level, staff organization, 
enterprise grading and service continuity, respectively. Then, we build the core algorithm 
to enable the evaluation model, wherein a novel weighting technique is developed and a 
quantitative method is proposed to measure the S&R value. Moreover, in order to better 
supervise the performance of the proposed evaluation model, we present four novel 
indicators includes residual risk, continuous conformity of residual risk, head-to-tail 
consistency and decrease ratio, respectively. Simulation results show the advantages of 
the proposed model in the evaluation of information security for IoT.},
DOI = {10.32604/cmc.2020.010793}
}