Open Access
ARTICLE
Comprehensive Information Security Evaluation Model Based on Multi-Level Decomposition Feedback for IoT
Jinxin Zuo1, 3, Yueming Lu1, 3, *, Hui Gao2, 3, Ruohan Cao2, 3, Ziyv Guo2, 3, Jim Feng4
1 School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, 100876, China.
2 School of Information and Communication Engineering, Beijing University of Posts and Telecommunications, Beijing, 100876, China.
3 Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing, 100876, China.
4 Amphenol Global Interconnect Systems, San Jose, CA 95131, USA.
* Corresponding Author: Yueming Lu. Email: .
Computers, Materials & Continua 2020, 65(1), 683-704. https://doi.org/10.32604/cmc.2020.010793
Received 30 March 2020; Accepted 29 May 2020; Issue published 23 July 2020
Abstract
The development of the Internet of Things (IoT) calls for a comprehensive information security evaluation framework to quantitatively measure the safety score and
risk (S&R) value of the network urgently. In this paper, we summarize the architecture
and vulnerability in IoT and propose a comprehensive information security evaluation
model based on multi-level decomposition feedback. The evaluation model provides an
idea for information security evaluation of IoT and guides the security decision maker for
dynamic protection. Firstly, we establish an overall evaluation indicator system that
includes four primary indicators of threat information, asset, vulnerability, and
management, respectively. It also includes eleven secondary indicators of system
protection rate, attack detection rate, confidentiality, availability, controllability,
identifiability, number of vulnerabilities, vulnerability hazard level, staff organization,
enterprise grading and service continuity, respectively. Then, we build the core algorithm
to enable the evaluation model, wherein a novel weighting technique is developed and a
quantitative method is proposed to measure the S&R value. Moreover, in order to better
supervise the performance of the proposed evaluation model, we present four novel
indicators includes residual risk, continuous conformity of residual risk, head-to-tail
consistency and decrease ratio, respectively. Simulation results show the advantages of
the proposed model in the evaluation of information security for IoT.
Keywords
Cite This Article
J. Zuo, Y. Lu, H. Gao, R. Cao, Z. Guo
et al., "Comprehensive information security evaluation model based on multi-level decomposition feedback for iot,"
Computers, Materials & Continua, vol. 65, no.1, pp. 683–704, 2020.
Citations