Building a Knowledge Base for Expert System in Computer and Information Security
Keywords:expert systems, information security, Computer Security, knowledge base
In the days of technological advancement, a role of computer and its information security (IS) is very important. There is an urgent need in implementing and assessing information security at a good level. However, it is accompanied with very high costs: experts in IS are quite expensive specialists. An automation of some security implementation and evaluation tasks can reduce these costs and potentially increase the quality of IS strategies being developed and IS audit quality. We believe that expert systems approach can be beneficial in achieving this automation. Though information security is a very broad field, encompassing many complex concepts, we are trying to develop a methodology of formalizing of IS knowledge to build a knowledge base for expert system that can serve as IS audit expert. In this paper we discuss methods for knowledge base building.
Val Thiagarajan, B.E. 2002. BS 7799 Audit Checklist. Available: www.sans.org/score/checklists/ISO_17799_checklist.pdf
ISOIEC 27002 2005 Information Security Audit Tool. Available: http://www.praxiom.com/iso-17799-audit.htm
Stepanova, D., Parkin, S. and Moorsel, A. 2009. A knowledge Base For Justified Informa- tion Security Decision-Making. In 4th International Conference on Software and Data Technologies (ICSOFT 2009), 326–311.
Atymtayeva L., Kanat Kozhakhmet, Gerda Bortsova, Atsushi Inoue. Methodology and On- tology of Expert System for Information Security Audit //Proceedings of the 6th Interna- tional Conference on Soft Computing and Intelligent Systems and the 13th International Symposium on Advanced Intelligent Systems, 20-24 November 2012, Kobe, Japan , pp. 238-243
Atymtayeva L., K. Kozhakhmet, G. Bortsova. Some Issues of Development of Intelligent System for Information Security Auditing // Proceedings of the International conference of Computational Intelligence and Intelligent Systems 2012, June 1-2, 2012, London, UK, Vol. 2, pp. 725-731.
Atymtayeva L., K. Kozhakhmet, G. Bortsova, A. Inoue. Expert System for Security Audit Using Fuzzy Logic. // Proceedings of The 23rd midwestartificial intelligence and cogni- tive science conference, MAICS , April 21-22, 2012, Cincinnati, USA, рр. 146-151. http://ceur-ws.org/Vol-841/
Atymtayeva L.,A. Akzhalova, K.Kozhakhmet, L. Naizabayeva. Development of Intelligent Systems for Information Security Auditing and Management:Review and Assumptions Analysis // Proceedings of the 5th International Conference on Application of Information and Communication Technologies, 12-14 October, 2011, Baku, Azerbaijan, pp.87-91
Tsudik, G. and Summers, R. 1990. AudES - an Expert System for Security Auditing. IBM Los Angeles Scientific Center. ⦁ S. Fenz and A. Ekelhart, “Formalizing information security knowledge,” ASIACCS ’09: Proceedings of the 2009 ACM symposium on Information, computer and communications security, ACM, 2009.
Threats catalogue on Information Systems Information technology —Security techniques — Code of practice for information security management, 2005.
ISO/IEC. ISO/IEC 27002:2005, Information technology — Security techniques — Code of practice for information security management, 2005.
Maljuk AA Information Security: Contemporary Issues / / Security Information tehnolo- giy. 2010. - No 1. - P.5-9.
Domarev VV Safety of information technology. The System approach. - Kiev, Publishing house "Diasoft", 2004, 992s.