@Article{cmc.2020.010793, AUTHOR = {Jinxin Zuo, Yueming Lu, *, Hui Gao, Ruohan Cao, Ziyv Guo, Jim Feng}, TITLE = {Comprehensive Information Security Evaluation Model Based on Multi-Level Decomposition Feedback for IoT}, JOURNAL = {Computers, Materials \& Continua}, VOLUME = {65}, YEAR = {2020}, NUMBER = {1}, PAGES = {683--704}, URL = {http://www.techscience.com/cmc/v65n1/39589}, ISSN = {1546-2226}, ABSTRACT = {The development of the Internet of Things (IoT) calls for a comprehensive information security evaluation framework to quantitatively measure the safety score and risk (S&R) value of the network urgently. In this paper, we summarize the architecture and vulnerability in IoT and propose a comprehensive information security evaluation model based on multi-level decomposition feedback. The evaluation model provides an idea for information security evaluation of IoT and guides the security decision maker for dynamic protection. Firstly, we establish an overall evaluation indicator system that includes four primary indicators of threat information, asset, vulnerability, and management, respectively. It also includes eleven secondary indicators of system protection rate, attack detection rate, confidentiality, availability, controllability, identifiability, number of vulnerabilities, vulnerability hazard level, staff organization, enterprise grading and service continuity, respectively. Then, we build the core algorithm to enable the evaluation model, wherein a novel weighting technique is developed and a quantitative method is proposed to measure the S&R value. Moreover, in order to better supervise the performance of the proposed evaluation model, we present four novel indicators includes residual risk, continuous conformity of residual risk, head-to-tail consistency and decrease ratio, respectively. Simulation results show the advantages of the proposed model in the evaluation of information security for IoT.}, DOI = {10.32604/cmc.2020.010793} }