Data Security Threat Evaluation Using Bayesian Prioritization Method

R.Anusha; Ch.Sivaramamohana Rao

doi:https://doi.org/10.14445/22312803/IJCTT-V4I8P183

Research Article | Open Access | Download PDF

Volume 4 | Issue 8 | Year 2013 | Article Id. IJCTT-V4I8P183 | DOI : https://doi.org/10.14445/22312803/IJCTT-V4I8P183

Data Security Threat Evaluation Using Bayesian Prioritization Method

R.Anusha, Ch.Sivaramamohana Rao

Citation :

R.Anusha, Ch.Sivaramamohana Rao, "Data Security Threat Evaluation Using Bayesian Prioritization Method," International Journal of Computer Trends and Technology (IJCTT), vol. 4, no. 8, pp. 2844-2849, 2013. Crossref, https://doi.org/10.14445/22312803/IJCTT-V4I8P183

Abstract

Over the past few years Web services and applications have increased both popularity and complexity. Due to the lots of data, web services have moved to multitier design where files are uploaded to usually the internet server server run as begining and the data is outsourced onto the database server run as backend. Due to their high levels of presence, web services were always the target of attacks. To overcome this increase in application and data complexity, web services web services have moved to multitiered. The front end include web server which can certainly responsible for your application and offers that output to back end i.e. file or database server. This strategy is beneficial to obtain the intrusion at both beginning and back end of web application.[1] This system has been utilized to monitor the behavior across beginning web server and back end database server or file server using IDS. This system is able to detect intrusion in static and dynamic web application.IDS have maximum accuracy that is mainly responsible to recognize intrusion. In Existing approach, Multi Tier Security System, an IDS system that models the network behavior of user sessions across both the front-end web server and the back-end database. Proposed work analyze the owner sessions hijacking and db request monitoring .We implemented Multi Tier Security Guard using an Apache server with Oracle Database and lightweight virtualization.

Keywords

Two-Tie Architecture, HTTPS,Business Logic And Client Tier,SQL Injection

References

[1] T. Sommestad, M. Ekstedt and P. Johnson, A probabilistic relational model for security threat analysis,computers & Security, vol.29, no.6, pp.659-679, 2010.
[2] L.D. Bodin, L. A. Gordon and M. P. Loeb, Data security and threat management, Communications of the ACM, vol.51, no.4, pp.64-68, 2008.
[3] N. Feng and M. Li, An data systems security threat evaluation model under uncertain environment, Applied Soft Computing, vol.11, no.7, pp.4332-4340, 2011.
[4] B. Karabacak and I. Sogukpinar, ISRAM: Data security threat analysis method, Computers and Security, vol.24, no.2, pp.147-159, 2005.
[5] D. Zhao, J. Liu and Z. Zhang, Method of threat evaluation of data security based on neural networks, Proc. of IEEE 2009 International Conference on Machine Learning and Cybernetics, vol.1,no.6, pp.1127-1132, 2009.
[6] T. L. Saaty, Multicriteria Decision Making: The Analytic Hierarchy Process, 2nd Edition, RSW Pub., Pittsburgh, 1990.
[7] H. J. Hwang and H. S. Hwang, Computer-aided fuzzyAHP decision model and its application to school food service problem, International Journal of Innovative Computing, Data and Control, vol.2, no.1, pp.125-137, 2006.
[8] I. Nakaoka, M. Matsumura, J. I. Kushida and K. Kamei, A proposal of group decision support system for Kansei commodity purchase using SOM and its applications, International Journal of Innovative Computing, Data and Control, vol.5, no.12(B), pp.4915-4926, 2009.
[9] B. Guan, C. Lo, P. Wang and J. Hwang, Evaluation of data security related threats of an organization – The application of the multi-criteria decision-making method, Proc. of IEEE the 37th Annual International Carnahan Conference on Security, pp.168-175, 2003.
[10] L. D. Bodin, L. A. Gordon and M. P. Loeb, Evaluating data security investments using the analytic hierarchy process, Communications of the ACM, vol.48, no.2, pp.78-83, 2005.
[11] C. Xu and J. Lin, An data system security evaluation model based on AHP and GRAP, Proc. of IEEE International Conference on Web Data Systems and Mining, pp.493-496, 2009.
[12] I. Syamsuddin and J. Hwang, The use of AHP in security policy decision making: An open office calc application, Journal of Software, vol.5, no.10, 2010.
[13] M. Y. Huang, Research on data security evaluation of internet of things electronic commerce based on AHP, Advanced Materials Research, vol.217-218, pp.1355-1360, 2011.
[14] X. Zhang, Z. Huang, G. Wei and X. Zhang, Data security threat evaluation methodology research: Group decision making and analytic hierarchy process, Proc. of IEEE the 2nd World Congress on Software Engineering, vol.2, pp.157-160, 2010.
[15] A. Altuzarra, J. M. Moreno-Jimnez and M. Salvador, A Bayesian prioritization procedure for AHP-group decision making, European Journal of Operational Research, vol.182, no.1, pp.367-382, 2007.
[16] T. L. Saaty, Group decision-making and the AHP, in The Analytic Hierarchy Process: Applications and Studies, B. L. Golden, E. A. Wasil and P. T. Harker (eds.), New York, Springer-Verlag, 1989.
[17] R. Ramanathan and L. S. Ganesh, Group preference aggregation methods employed in AHP: An evaluation and an intrinsic process for deriving members’ weightages, European Journal of Operational Research, vol.79, no.2, pp.249-265, 1994.
[18] E. Forman and K. Peniwati, Aggregating individual judgments and priorities with the analytic hierarchy process, European Journal of Operational Research, vol.108, no.1, pp.165-169, 1998.
[19] R. F. Dyer and E. H. Forman, Group decision support with the analytic hierarchy process, Decision Support Systems, vol.8, no.2, pp.99-124, 1992.
[20] G. Crawford and C. Williams, A note on the analysis of subjective judgment matrices, Journal of Mathematical Psychology, vol.29, no.4, pp.387-405, 1985.
[21] J. Aguarn and J. M. Moreno-Jimnez, Local stability intervals in the analytic hierarchy process,European Journal of Operational Research, vol.125, no.1, pp.113-132, 2000.
[22] T. L. Saaty, Procedures for synthesizing ratio judgements, Journal of Mathematical Psychology,vol.27, no.1, pp.93-102, 1983.
[23] M. A. Tanner and W. H. Wong, The calculation of posterior distributions by data augmentation,Journal of the American Statistical Association, vol.82, no.398, pp.528-540, 1987.
[24] J. M. Alho and J. Kangas, Analyzing uncertainties in experts’opinions of forest plan performance,Forest Science, vol.43, pp.521-528, 1997.
[25] I. Basak, Probabilistic judgments specified partially in the analytic hierarchy process, European Journal of Operational Research, vol.108, no.1, pp.153-164, 1998.
[26] A. Salo and R. P. Hmlinen, Preference programming multicriteria weighting models under incomplete data, in Handbook of Multicriteria Analysis, C. Zopounidis and P. M. Pardalos (eds.), Berlin,Springer, 2010.
[27] S. H. Kim and B. S. Ahn, Group decision making procedure considering preference strength under incomplete data, Computers & Operations Research, vol.24, no.12, pp.1101-1112, 1997.
[28] P. Gargallo, J. M. Moreno-Jimnez and M. Salvador, AHP-group decision making: A Bayesian approach based on mixtures for group pattern identification, Group Decision and Negotiation, vol.16,no.6, pp.485-506, 2007.