Research on automated knowledge base generation methods of information security risk analysis expert systems

Abstract

In recent years, fast digitalization and the increasing use of information technologies have increased the efficiency of companies and posed new challenges for information security. Changing information technologies (IT) are becoming more accessible to businesses of all sizes; increasingly more cloud computing services are being developed. It would be difficult to find an organization nowadays that has no digital information to secure. Information security risk assessment can help identify vulnerabilities and risks on time and select risk mitigation measures. The main challenge for information security risk assessment is having the personnel competent to perform such assessments. This problem is particular to small and medium-sized businesses. Such issues can be addressed using expert systems (ESs) that enable information security risk assessments without information security experts. However, the main problem with the use of ES for information security risk assessment is the updating of the ES knowledge base. The knowledge base needs to be updated regularly and frequently due to everchanging threats. Updating the knowledge base is a costly and complex process that requires the involvement of experts. To date, most knowledge bases are created and updated manually, so there is a need to automate this process, ensuring the knowledge base is relevant and the process is cheaper and faster. It is also important to reuse the existing sources of information security knowledge with reliable and relevant information. The dissertation consists of an introduction, five main chapters, and general conclusions. The first chapter introduces ES for information security risk assessment, discusses the existing methods of forming and updating the ES knowledge base, and identifies potential sources of information security knowledge. The second chapter presents an approach to transforming ontologies into ES knowledge base rules. The third chapter presents a method for automatically transferring information from website (WEB) sources to the ES knowledge base. The fourth chapter presents an approach to transforming attack trees into ES knowledge base rules, which allows the ES knowledge base to be expanded with the risks of cyber-attacks. The proposed methods are implemented and tested by importing the developed rules into Java Expert System Shell (JESS)-based ES. The fifth chapter describes the developed ES prototype for small and medium-sized enterprises (SMEs), whose knowledge base is created by applying the proposed automation methods. The performed experiments and analysis have demonstrated that the proposed methods allow the automated formation of the ES knowledge base and its use in information security risk assessment.