An improved FAHP-cloud-based security risk assessment model for airborne networks

Abstract

In connection with problems such as difficulty in the objective and accurate calculation of the index weight in the security risk assessment of an airborne network, as well as a unitary assessment result and poor descriptiveness, a risk assessment method for airborne network security based on an improved fuzzy analytic hierarchy process (FAHP)-cloud model has been proposed. First, the particularity of the airborne network is taken into account to establish an index system for the risk assessment of airborne network security. the traditional FAHP, information entropy is introduced to calculate the comprehensive weight, which is subsequently combined with the cloud model theory to construct an actual integrated cloud model. By calculating the degree of similarity between the actual integrated cloud model and the standard cloud model, the risk levels of airborne network security are determined. The simulation experiments show that this method can reflect the objectivity of the index weight, make the assessment results more visual and reliable, and fully reflect the fuzziness and randomness in the assessment.

Keywords

Fuzzy analytic hierarchy process information entropy cloud model risk assessment airborne network security

1. Introduction

With the rapid development of information technology and networks, airborne electronic equipment is widely used in the aviation field, and airborne networks will become an important factor affecting flight safety. In order to improve the efficiency of airline maintenance and the level of passenger information services, the avionics full-duplex switched Ethernet (AFDX) is used in the aviation network of the new generation aircraft such as B787, Airbus A380 and A350 [1]. AFDX has an advanced integrated modular system architecture. It has the characteristics of high information fusion, open system structure and high-speed data exchange. In addition, it also provides access to the airborne WiFi, and establishes the connection between the airborne passenger entertainment domain and the Internet, thus breaking the physical isolation among the flight control network domain, the airline information service domain, and the airborne entertainment domain in traditional aircraft models; this break greatly increases the possibility that the flight control network domain may be affected through external networks or equipment. The original relatively closed networks will inevitably face unintentional or malicious attacks in unknown areas.

In 2015, the U.S. Government Accountability Office pointed out in a report that the Internet connection in the cabin of passenger aircraft should be regarded as a direct link between the aircraft and the outside world, which also includes potential malicious attackers. Boeing 787 and Airbus A350 and A380 passenger aircrafts are all equipped with Wi-Fi networks, and the passenger network is interconnected with the aircraft’s airborne avionics network, which means that it is possible for hackers to seize the aircraft’s navigation system through the airborne network, and even control the entire aircraft.

At the CyberSat Summit held on November 8, 2017, an official from the U.S. Department of Homeland Security (DHS) indicated that a group of DHS scholars and industry experts had remotely attacked a Boeing 757 aircraft parked at the Atlantic City Airport in New Jersey.

Such incidents are still happening from time to time. Therefore, it is vital to study airborne network security for the new generation of civil aviation [1, 2]. Moreover, most security incidents have occurred due to neglect of risks or inaccurate assessments; therefore, assessing the risks of airborne network security to identify the risks is the primary task [3].

When the U.S. Federal Aviation Administration (FAA) and the European Joint Aviation Authorities (JAA) reviewed airborne information systems, they also put the network security of the airborne information system in a very important position. In 2014, the FAA established the Aircraft Systems Information Security/Protection (ASISP) Working Group to be responsible for the formulation of relevant regulations, policies, and guidelines to determine the vulnerabilities of airborne networks and to avoid the harmful effects caused by network security incidents to flight safety. Among them, in the RTCADO-356/356A (Airworthiness Security Methods and Considerations) standard, the assessment of security risks of the airborne network is the most important part of the specification [4, 5]. Europe has also considered the recommendations of the ASISP Working Group, and European nations have coordinated to formulate the ED-203 standard, which is consistent with RTCADO-356/356A.

However, the above standards mainly give a recommended risk assessment process and a general framework. A risk assessment model and method related to the particularity of the airborne network environment and the possible threats it may face are still lacking. Due to the closed nature of the airborne network environment, very few people have targeted it for research. The current research results mainly put forward the safety protection risk assessment process for the airborne system, but did not carry out specific calculations in connection with the risks to obtain quantitative assessment results.

Due to different actual application areas, the network security risk assessment methods proposed by scholars at home and abroad are not the same, but they are all in accordance with the established risk assessment process and adopt qualitative analysis and quantitative calculation methods. The risk assessment methods of qualitative analysis, such as the Delphi Method (DM), the logic analysis method, and the Common Criteria (CC) assessment method, mainly rely on subjective experience. The quantitative risk assessment methods mainly consist of the cluster analysis method and the analysis methods based on the Markov chain and the Markov process. In general, quantitative indicators are used to capture risk values and represent the size of a risk. In complex assessment scenarios, qualitative and quantitative analysis methods are usually used. Among them, the quantitative analysis method is used to solve the problem of strong system structure, and the qualitative method is used to solve the problem that is difficult to quantify. The combination of qualitative and quantitative analysis methods can more scientifically and accurately assess the network security risk status. Typical research methods and models include the Analytical Hierarchy Process (AHP) [7, 8], the cloud model theory [9, 10], the gray theory model [11], the fuzzy mathematical model [12], the neural network model [13], and Fault Tree Analysis (FTA) [14]. Among these methods, AHP is easy to operate but does not take into account the relationship between risks, and the assessment results are comparatively unitary and cannot show the qualitative factors in the assessment process. A method that combines AHP with gray clustering can only obtain the risk value, the result is unitary, and it cannot reflect the assessment process. The calculations for the index weight of fuzzy comprehensive evaluation methods based on the cloud model rely too much on the subjective experience of experts, and accurately calculating these weights is difficult.

These methods were all proposed in connection with different application areas. Their risks and scales are not completely applicable to the airborne network environment. For this reason, and in connection with the particularity of the airborne network and the threats it may face, a risk assessment method with an improved fuzzy analytic hierarchy process (FAHP)-cloud model is proposed. First, an index system is established according to the characteristics of the airborne network architecture. Then, FAHP and information entropy are combined to solve the problems of objectivity and accuracy in the comprehensive weight. Second, the cloud model theory is introduced to determine the risk levels and solve the problems of unitary assessment results and poor descriptiveness while showing the qualitative and quantitative assessment results and fully reflecting the randomness and fuzziness of the assessment at the same time.

The main contributions of this paper are the following:

(1)
The main threats that three important assets of software, data and services is facing in the airborne network are analyzed. Based on the three security attributes of onboard assets, a three-layer index system for airborne network security risk assessment was established. The new index system makes up for RTCA DO-356/356A (Airworthiness Security Methods and Considerations) standard and the lack of specific indicators for airborne network security risk assessment in the current related research.
(2)
Based on the traditional fuzzy analytic hierarchy process, the concept of information entropy is introduced to calculate the comprehensive weight, so as to make up for the difficulty of objective and accurate calculation of the relevant index weight caused by the complexity and closeness of the new generation airborne network, and eliminate the influence of randomness.
(3)
The cloud model theory is introduced to determine the security risk level of airborne network. While the results are expressed quantitatively, the fuzziness and randomness of the evaluation process are displayed qualitatively, avoiding the result representation of single threshold classification.

2. Related theoretical research

2.1 FAHP and information entropy

FAHP is a multicriteria decision-making analysis method that combines qualitative and quantitative analyses. Fuzzy weights are calculated using triangular fuzzy numbers or trapezoidal numbers to solve problems when there are more evaluation indicators at a certain level and using the traditional AHP to guarantee consistency in thinking is difficult [8]. The definition of the triangular fuzzy number is given below:

Definition 1. A fuzzy set on a given universe $U$ indicates that for any $x\in U$ , there is a number $\mu$ ( $x$ ) $\in$ [0,1] corresponding to it; $\mu$ ( $x$ ) is called the membership degree of $x$ to $U$ , and $\mu$ is called the membership function of $x$ . Let $s$ and $u$ be the lower limit and upper limit of the fuzzy number, respectively; $m$ is the most probable value [15, 16], and the membership function of $M$ is determined as

$\displaystyle\mu_{M}(x)=\left\{{\begin{array}[]{ll}(x-s)/(m-s),&x\in[s,m]\\ (x-u)/(m-u),&x\in[m,u]\\ 0,&\textit{other}\\ \end{array}}\right.$

For any $\lambda\in$ (0,1), $M_{\lambda}=\left\{{x|\mu_{M}\left(x\right)\geqslant\lambda}\right\}$ is a convex set, and $M$ is called a triangular fuzzy number, which can be noted as ( $s$ , $m$ , $u$ ).

When there are $k$ evaluation indicators, the constructed fuzzy judgment matrix is

$\displaystyle A_{k\ast k}=\left[\begin{array}[]{cccc}1&a_{12}&\ldots&{a_{1k}}% \\ {a_{21}}&1&\ldots&{a_{2k}}\\ \ldots&a_{ij}&&\ldots\\ {a_{k1}}&{a_{k2}}&\ldots&1\\ \end{array}\right]，$

$a_{ij}$ is a triangular fuzzy number $M(s_{ij},m_{ij},u_{ij})$ , which represents the ratio of the degree of importance of indicator $i$ to indicator $j$ .

Definition 2. Information entropy is a quantity used to measure the uncertainty of a source of information. A smaller amount of information indicates that the source of information has greater uncertainty and entropy. Conversely, a larger amount of information indicates that the source of information has smaller uncertainty and entropy [17, 18].

2.2 Cloud model theory

Definition 3. The cloud model is a model that achieves mutual conversion between qualitativeness and quantitativeness. The forward cloud generator converts the qualitative concept into quantitative data, the reverse cloud generator converts quantitative data into the qualitative concept, and the assessment results are displayed visually in the form of cloud drops [9, 10].

Definition 4. A fuzzy set $\tilde{A}$ in the universe $X$ indicates that, for any element $x$ , there is a random number $\mu_{\tilde{A}}(x)$ with a stable tendency called the membership degree of $x$ to $\tilde{A}$ . If the elements in the universe are not simple and orderly, according to a certain rule $f$ , $X$ can be mapped to another orderly universe $X^{\prime}$ ; if there is one and only one $x^{\prime}$ in $X^{\prime}$ that corresponds to $x$ , then $x^{\prime}$ is the basic variable, and the distribution of the membership degree on $X^{\prime}$ is called the membership cloud.

The cloud is mapped from the universe to the interval [0,1], and it is composed of many cloud drops. A single cloud drop has no realistic meaning. Only when the cloud drops from a cloud and the entire cloud manifests the numerical features (Ex, En, He) can the features of the qualitative concept be reflected. Here, Ex represents the expected value, En represents entropy, and He represents hyper entropy. The expected value Ex represents the distribution center of the cloud model and is the most probable value. The entropy En reflects the uncertainty of the distribution; the larger the entropy, the harder it is to fix and quantify the value; that is, the fuzziness and randomness are also greater. The hyper entropy He is the uncertainty measure of entropy; the greater the hyper entropy is, the greater the randomness of the membership degree.

3. Risk assessment model with improved FAHP cloud model

In this paper, the risk assessment model is divided into three main parts: the module that establishes the assessment index system, the module that calculates the comprehensive weight, and the module that constructs the actual integrated cloud model. The main task of the module that establishes the assessment index system is to use the traditional AHP to establish a three-tier index system suitable for use in the security risk assessment of airborne networks. The task of the module that calculates the comprehensive weight is to first use the traditional FAHP to calculate the relative weight $w\left({a\_b_{k}}\right)$ , and to then introduce the information entropy concept to calculate the relative weight $w\left({b_{k}\_c}\right)$ . From these two relative weights, the comprehensive weight $w_{i}$ is calculated, as shown in the contents in the dotted line portions in Fig. 1. The module that constructs the actual integrated cloud model collects expert assessment data to generate the numerical features of an attribute cloud (Ex ${}_{p}^{c}$ , En ${}_{p}^{c}$ , He ${}_{p}^{c}$ ), which performs weighted calculations for the numerical features of the actual integrated cloud (Ex ${}^{0}$ , En ${}^{0}$ , He ${}^{0}$ ), and uses the cloud generator to separately construct the actual integrated cloud model while using the numerical features of the standard attribute cloud (Ex ${}^{1}$ , En ${}^{1}$ , He ${}^{1}$ ) to generate the standard attribute cloud and obtain the standard cloud model at the same time. Finally, the security risk level of the airborne network is determined by calculating the degree of similarity between the actual integrated cloud model and the standard cloud model. The specific detailed process is shown in Fig. 1.

Figure 1.

Schematic diagram of risk assessment based on the improved FAHP-cloud model.

3.1 Establshing the assessment index system

In this paper, the traditional AHP is used to establish the assessment index system for an airborne network. Due to the particularity of the airborne network, consideration must be given to the network architecture of the integrated modular avionics system that is widely used by civil aircraft at present when establishing the index system. This architecture breaks the physical isolation between the flight control network domain, the airline information service domain, and the airborne entertainment domain and has even increased the related functions of Internet access to the airborne passenger entertainment domain. While it supports interactions between more network domains, it also poses great risks to network security.According to the general process of the Risk Assessment Specification for Information Security [19], it is necessary to identify assets, threats and vulnerabilities of airborne networks. For aircraft, the assets that need to be protected include hardware, software, data, services and personnel. This paper focuses on three possible threats to software, data and services, among which software refers to onboard system software, application software, data refers to all kinds of database data, documents, stored in onboard storage devices and other information media, service refers to information service and network connection service provided by onboard system. The main threats it may face are: illegally acquiring or tampering with the airborne network information, using the onboard information or network services to threaten the avionics core system, network bandwidth attack or continuous service attack leading to the denial of service of the core system, illegally upgrading the authority to operate the airborne network illegally, etc. In order to assess the risk of airborne network security, based on the possible threats to the assets on board,a three-tier index system of target-criteria-attribute is established (Fig. 2) in whichã€€the target level $a$ represents the risk level; the criteria level $b$ representsã€€the security asset attributes of confidentiality ( $b$ 1), availability ( $b_{2}$ ), and integrity ( $b_{3}$ ); and the attribute level c represents the threats faced by the assets, which include the acquisition of airborne network information ( $c_{1}$ ), tampering with airborne network information ( $c_{2}$ ), use of service ( $c_{3}$ ), denial of service ( $c_{4}$ ), and the upgrading of authority to carry out illegal operations on the airborne network ( $c_{5}$ ).

Figure 2.

Index system for the security risk assessment of airborne networks.

3.2 Calculating the comprehensive weight

The task of the module that calculates the comprehensive weight is divided into three parts. First, a fuzzy judgment matrix is constructed, and $w\left({a\_b_{k}}\right)$ is calculated. Then, the information entropy is introduced to calculate $w\left({b_{k}\_c}\right)$ , and finally, the comprehensive weight $w_{i}$ is obtained. The specific process is given below:

1)
Experts carry out fuzzy scoring of the indicators at level $b$ , a fuzzy judgment matrix is generated, and the matrix undergoes defuzzification to obtain judgment matrix $A$ of the indicators at level $b$ relative to the indicator at level $a$ . The fuzzy weight $w^{\prime}\left({a\_b_{k}}\right)$ of level $b$ relative to level $a$ is calculated according to Eq. (1):

$\displaystyle w^{\prime}\left({a\_b_{k}}\right)=\sum_{j=1}^{k}{a_{ij}}\div\sum% _{i=1}^{k}{\sum_{j=1}^{k}{a_{ij}}}$ (1)

Then, according to the operation rule for triangular fuzzy number comparison, $w^{\prime\prime}\left({a\_b_{k}}\right)$ is obtained by defuzzification, and the relative weight $w\left({a\_b_{k}}\right)$ is obtained by normalization through Eq. (2):

$\displaystyle w\left({a\_b_{k}}\right)={\sum_{i=1}^{k}{w^{\prime\prime}\left({% a\_b_{k}}\right)}}\mathord{\left/{\vphantom{{\sum\nolimits_{i=1}^{k}{w^{\prime% \prime}\left({a\_b_{k}}\right)}}k}}\right.\kern-1.2pt}k$ (2)
2)
The judgment matrix $A$ of the indicators at level $c$ relative to the indicators at level $b$ is constructed, and the entropy $H_{i}$ of the indicators at level $c$ relative to the indicators at level $b$ are calculated according to Eq. (3). Then, the relative weight $w\left({b_{k}\_c}\right)$ is obtained by normalization through Eq. (4):

$\displaystyle H_{i}=-\frac{1}{\ln k}\sum_{j=1}^{k}a_{ij}\ln a_{ij}$ (3) $\displaystyle w\left({b_{k}\_c}\right)=\left({1-H_{i}}\right)\left/\left(n-% \sum^{n}_{i=1}H_{i}\right)\right.$ (4)

where $n$ is the number of experts.
3)
The comprehensive weight $w_{i}$ of the level $c$ indicator $i$ relative to the indicator at level $a$ is calculated according to Eq. (5):

$\displaystyle w_{i}=\sum{w\left({a\_b_{k}}\right)\times w\left({b_{k}\_c}% \right)}$ (5)

3.3 Constructing cloud model to determine the level of risk

The module for constructing the actual integrated cloud model is divided into four main parts. First, the numerical features of an attribute cloud (Ex ${}_{p}^{c}$ , En ${}^{c}_{p}$ , He ${}_{p}^{c}$ ) are generated by collecting expert assessment data. Second, the numerical features of the actual integrated cloud (Ex ${}^{0}$ , En ${}^{0}$ , He ${}^{0}$ ) are generated through weighted calculations and by using the cloud generator to separately construct an actual integrated cloud model. Third, the numerical features of the standard attribute cloud (Ex ${}_{q}^{1}$ , En ${}_{q}^{1}$ , He ${}_{q}^{1}$ ) are used to generate the standard attribute cloud to obtain the standard cloud model. Finally, the security risk level of the airborne network is determined by calculating the degree of similarity between the actual integrated cloud model and the standard cloud model. The specific process is as follows:

1)
Assuming that the security risk level of the airborne network is divided into $l$ levels by collecting the assessment data of $n$ experts in the field of airborne networks on the risk level of the airborne network, an algorithm is generated according to the reverse cloud to calculate the numerical features of $p$ attribute clouds (Ex ${}_{p}^{c}$ , En ${}_{p}^{c}$ , He ${}_{p}^{c}$ ), where $p$ is the number of indicators at level $c$ .
2)
According to Eqs (6)–(8), the numerical features of the actual integrated cloud model (Ex ${}^{0}$ , En ${}^{0}$ , He ${}^{0})$ are calculated, and the actual integrated cloud model is constructed according to the forward cloud generation algorithm:

$\displaystyle\textit{Ex}^{0}=\sum\nolimits_{i=1}^{p}{\left({\textit{Ex}_{p}^{c% }\times w_{i}}\right)}$ (6) $\displaystyle\textit{En}^{0}=\sqrt{\sum\nolimits_{i=1}^{p}{\left({\left({% \textit{En}_{p}^{c}}\right)^{2}\times w_{i}}\right)}}$ (7) $\displaystyle\textit{He}^{0}=\sum\nolimits_{i=1}^{p}{\left({\textit{He}_{p}^{c% }\times w_{i}}\right)}$ (8)

where $w_{i}$ represents the comprehensive weight, which is calculated using Eq. (5).
3)
According to Eqs (9)–(11), the numerical features of $l$ standard attribute clouds (Ex ${}_{q}^{1}$ , En ${}_{q}^{1}$ , He ${}_{q}^{1}$ ) are calculated by the forward cloud generation algorithm to generate $l$ standard attribute clouds and to obtain the standard cloud model:

$\displaystyle\textit{Ex}_{q}^{1}=\begin{array}[]{ll}R_{q}^{\min},&q=1\\ {\left({R_{q}^{\min}+R_{q}^{\max}}\right)}\mathord{\left/{\vphantom{{\left({R_% {q}^{\min}+R_{q}^{\max}}\right)}2}}\right.\kern-1.2pt}2,&1<q<l\\ R_{q}^{\max},&q=l\end{array}$ (9) $\displaystyle\textit{En}_{q}^{1}={\left({R_{q}^{\max}-R_{q}^{\min}}\right)}% \mathord{\left/{\vphantom{{\left({R_{q}^{\max}-R_{q}^{\min}}\right)}3}}\right.% \kern-1.2pt}3$ (10) $\displaystyle\textit{He}_{q}^{1}=\eta$ (11)

where $q$ takes an integer between 1 and $l$ ; and $\eta$ is a constant that reflects the randomness of the attribute value and should not be too large.
4)
The degree of similarity between the actual integrated cloud model and the standard cloud model is calculated according to the algorithm for the degree of similarity for membership clouds, and then the security risk level of the airborne network is determined.

4. Simulation experiments

The experimental environment of this study included one PC computer with an Intel(R) Core(TM)2 Quad CPU, 4G RAM, and a 64-bit operating system, and R2016a version of MATLAB.

4.1 Experimental data

Five industry experts were invited to analyze and score the security risk status of a certain airborne network, and the improved FAHP-cloud model algorithm put forward in this paper was used to assess the risk level. The experimental data used in this paper include two main parts:

(1)
Module for calculating the comprehensive weight

Based on the Fuzzy Linguistic Scale in Table 1, the five experts were invited to score the importance of three indicators $b_{1}$ , $b_{2}$ , and $b_{3}$ at criteria level $b$ of the airborne network security risk assessment index system with respect to the target level $a$ by triangular fuzzy number, as shown in Table 2.

Table 1
Fuzzy linguistic scales

Linguistic scale Triangular fuzzy scale Reciprocal

Just equal 1, 1, 1 1, 1, 1

Equally important 6/7, 1, 5/4 4/5, 1, 7/6

Weakly more important 1,5/4, 3/2 2/3, 4/5, 1

Strongly more important 5/4, 3/2, 2 1/2, 2/3, 4/5

Very strongly more important 3/2, 5/3,5/2 2/5,3/5, 2/3

Absolutely more important 2, 5/2, 3 1/3, 2/5, 1/2

For example, for the degree of importance of indicators $b_{1}$ and $b_{2}$ relative to indicator $a$ , triangular fuzzy number scoring was carried out. The five experts gave a total of five scoring results, and the scoring result of one of the experts was (4/5, 1, 7/6).

Table 2
Fuzzy scoring of $B_{1}$ , $B_{2}$ , and $B_{3}$

$a$ $b_{1}$ $b_{2}$ $b_{3}$

$b_{1}$ (1,1,1) (4/5, 1, 7/6) (4/5, 1, 7/6)

(1,1,1) (2/3, 4/5, 1) (2/3, 4/5, 1)

(1,1,1) (2/3, 4/5, 1) (2/3, 4/5, 1)

(1,1,1) (1/2, 2/3, 4/5) (4/5, 1, 7/6)

(1,1,1) (1/2, 2/3, 4/5) (1/2, 2/3, 4/5)

$b_{2}$ (6/7, 1, 5/4) (1,1,1) (3/2, 5/3,5/2)

(1,5/4, 3/2) (1,1,1) (5/4, 3/2, 2)

(1,5/4, 3/2) (1,1,1) (6/7, 1, 5/4)

(5/4, 3/2, 2) (1,1,1) (5/4, 3/2, 2)

(5/4, 3/2, 2) (1,1,1) (1, 5/4,3/2)

$b_{3}$ (6/7,1,5/4) (2/5,3/5, 2/3) (1,1,1

(1, 5/4,3/2) (1/2, 2/3, 4/5) (1,1,1)

(1, 5/4,3/2) (4/5, 1, 7/6) (1,1,1)

(6/7,1,5/4) (1/2, 2/3, 4/5) (1,1,1)

(5/4, 3/2, 2) (2/3, 4/5, 1) (1,1,1)

Using the same method, triangular fuzzy number scoring was carried out for the degree of pairwise importance for $c_{1}$ , $c_{2}$ , and $c_{5}$ in attribute layer $c$ relative to criterion level $b_{1}$ ; for $c_{2}$ , $c_{3}$ , and $c_{4}$ relative to criterion level $b_{2}$ ; and for $c_{2}$ , $c_{3}$ , and $c_{5}$ relative to criterion level $b_{3}$ .
(2)
Module for Constructing the Actual Integrated Cloud Model

When dividing the risk level of the airborne network security, the 10-point system was used. The scores ranged from high to low, representing the risks from large to small. In this paper, according to the Baseline for Classified Protection of Information System Security [20] and Classification Guide [21] and expert opinions, the risk level $l$ of the airborne network security was divided into five levels, with $l_{1}$ representing “low risk,” $l_{2}$ representing “comparatively low risk,” $l_{3}$ representing “moderate risk,” $l_{4}$ representing “comparatively high risk,” and $l_{5}$ representing “high risk.” The intervals and scores for each level were as follows: low risk [0, 2); comparatively low risk [2, 4); moderate risk [4, 6); comparatively high risk [6, 8); and high risk [8, 10). Using such a level division, the five experts assessed indicators $c_{1}$ to $c_{5}$ at attribute level $c$ of the index system for the security risk assessment of the airborne network. The data are shown in Table 2.

Table 3
Expert assessment data

Expert $c_{1}$ $c_{2}$ $c_{3}$ $c_{4}$ $c_{5}$

1 4.35 6.27 1.52 3.68 2.58

2 5.43 3.45 4.68 5.57 3.27

3 3.77 4.82 3.49 2.56 1.44

4 4.33 2.67 1.91 0.97 4.32

5 3.03 4.65 2.28 2.42 3.66

4.2 Experimental process

Linguistic scale	Triangular fuzzy scale	Reciprocal
Just equal	1, 1, 1	1, 1, 1
Equally important	6/7, 1, 5/4	4/5, 1, 7/6
Weakly more important	1,5/4, 3/2	2/3, 4/5, 1
Strongly more important	5/4, 3/2, 2	1/2, 2/3, 4/5
Very strongly more important	3/2, 5/3,5/2	2/5,3/5, 2/3
Absolutely more important	2, 5/2, 3	1/3, 2/5, 1/2

$a$	$b_{1}$	$b_{2}$	$b_{3}$
$b_{1}$	(1,1,1)	(4/5, 1, 7/6)	(4/5, 1, 7/6)
	(1,1,1)	(2/3, 4/5, 1)	(2/3, 4/5, 1)
	(1,1,1)	(2/3, 4/5, 1)	(2/3, 4/5, 1)
	(1,1,1)	(1/2, 2/3, 4/5)	(4/5, 1, 7/6)
	(1,1,1)	(1/2, 2/3, 4/5)	(1/2, 2/3, 4/5)
$b_{2}$	(6/7, 1, 5/4)	(1,1,1)	(3/2, 5/3,5/2)
	(1,5/4, 3/2)	(1,1,1)	(5/4, 3/2, 2)
	(1,5/4, 3/2)	(1,1,1)	(6/7, 1, 5/4)
	(5/4, 3/2, 2)	(1,1,1)	(5/4, 3/2, 2)
	(5/4, 3/2, 2)	(1,1,1)	(1, 5/4,3/2)
$b_{3}$	(6/7,1,5/4)	(2/5,3/5, 2/3)	(1,1,1
	(1, 5/4,3/2)	(1/2, 2/3, 4/5)	(1,1,1)
	(1, 5/4,3/2)	(4/5, 1, 7/6)	(1,1,1)
	(6/7,1,5/4)	(1/2, 2/3, 4/5)	(1,1,1)
	(5/4, 3/2, 2)	(2/3, 4/5, 1)	(1,1,1)

Expert	$c_{1}$	$c_{2}$	$c_{3}$	$c_{4}$	$c_{5}$
1	4.35	6.27	1.52	3.68	2.58
2	5.43	3.45	4.68	5.57	3.27
3	3.77	4.82	3.49	2.56	1.44
4	4.33	2.67	1.91	0.97	4.32
5	3.03	4.65	2.28	2.42	3.66

The specific process for using the experimental data in Section 4. A to carry out simulation experiments was divided into two main parts: calculating the comprehensive weight and constructing the actual integrated cloud model.

(1)
Calculating the comprehensive weight

According to the data in Table 2, the mean scores of the five experts were calculated to construct the fuzzy judgment matrix (Table 4):

Table 4
Fuzzy judgment matrix

$a$ $b_{1}$ $b_{2}$ $b_{3}$

$b_{1}$ (1,1,1) (0.63,0.79,0.95) (0.69,0.85,1.03)

$b_{2}$ (1.07,1.30,1.65) (1,1,1) (1.17,1.38,1.85)

$b_{3}$ (0.99,1.20,1.50) (0.57,0.75,0.89) (1,1,1)

According to process 1) in Section 3.2, the initial fuzzy weight of level $b$ index relative to level $a$ index is calculated. The results are: $w^{\prime}(a$ _ $b_{1})=$ (0.21, 0.28, 0.37), $w^{\prime}(a$ _ $b_{2})=$ (0.30, 0.40, 0.55), $w^{\prime}(a{\_}b_{3})=$ (0.24, 0.32, 0.42).

Then, according to the comparison principle of triangular fuzzy number, the initial fuzzy weight is de fuzzified, and the result is (0.37,1,0.6). The weight value is standardized, and the final weight of each index of level $b$ relative to that of level $a$ is obtained. The results are: $w(a{\_}b_{1})=$ 0.19, $w(a{\_}b_{2})=$ 0.51, $w(a{\_}b_{3})=$ 0.30.

Second, judgment matrix $A^{1}$ of indicators $c_{1}$ , $c_{2}$ , and $c_{5}$ at level $c$ relative to indicator $b_{1}$ of level $b$ ; judgment matrix $A^{2}$ of indicators $c_{2}$ , $c_{3}$ , and $c_{4}$ relative to $b_{2}$ ; and judgment matrix $A^{3}$ of indicators $c_{2}$ , $c_{3}$ , and $c_{5}$ relative to $b_{3}$ were constructed:

$\displaystyle A^{1}=\left[{{\begin{array}[]{ccc}{0.54}&{0.18}&{0.28}\\ {0.56}&{0.19}&{0.25}\\ {0.54}&{0.20}&{0.26}\\ \end{array}}}\right],\quad A^{2}=\left[{{\begin{array}[]{ccc}{0.26}&{0.35}&{0.% 39}\\ {0.24}&{0.33}&{0.43}\\ {0.27}&{0.32}&{0.41}\\ \end{array}}}\right],\ \text{and}\ A^{3}=\left[{{\begin{array}[]{ccc}{0.31}&{0% .27}&{0.42}\\ {0.42}&{0.36}&{0.22}\\ {0.23}&{0.47}&{0.30}\\ \end{array}}}\right].$

From Process 2) in Section 3.2, the relative weights $w\left({b_{k}\_c}\right)$ of the attribute level $c$ indicators relative to criteria level indicators $b_{1}$ , $b_{2}$ , and $b_{3}$ were obtained as $\omega(b_{1}{\_}c)=$ (0.3320, 0.3646, 0.3034), $\omega(b_{2}{\_}c)=$ (0.2451, 0.4882, 0.2667), and $\omega(b_{3}{\_}c)=$ (0.1851, 0.3494, 0.4655), respectively.

According to Process 3) in Section 3.2, the comprehensive weight vector of the five indicators at level $c$ relative to the indicator at level $a$ could be obtained as ( $w_{1}$ , $w_{2}$ , $w_{3}$ , $w_{4}$ , $w_{5})=$ (0.063, 0.250, 0.354, 0.136, 0.197).
(2)
Constructing the actual integrated cloud model

There were three main steps in the construction of the actual integrated cloud model: generating the actual integrated cloud model, generating the standard cloud model, and calculating the degree of similarity.

Step 1 Generating the Actual Integrated Cloud Model

According to the expert assessment data in Table 3, the reverse cloud generation algorithm was used on the assessment data of each expert to calculate and obtain the numerical features of an attribute cloud. Here, there were numerical features for a total of five attribute clouds (Ex ${}_{p}^{c}$ , En ${}_{p}^{c}$ , He ${}_{p}^{c})$ (Table 5).

Table 5
Numerical features of the attribute cloud

$c_{1}$ $c_{2}$ $c_{3}$ $c_{4}$ $c_{5}$

Ex ${}_{p}^{c}$ 4.18 4.37 2.77 3.04 3.01

En ${}_{p}^{c}$ 0.88 1.38 1.29 1.71 1.10

He ${}_{p}^{c}$ 0.53 0.73 0.52 0.95 0.57

From Process 2) in Section 3.3, the numerical features of the actual integrated cloud (Ex ${}^{0}$ , En ${}^{0}$ , He ${}^{0}$ ) were calculated as (3.343, 1.32, 0.641).

Step 2 Generating the Standard Cloud Model

The five risk levels, divided according to Section 4.1, and the numerical features of the five standard cloud models calculated by Process 3) in 2.3 (Ex ${}_{q}^{1}$ , En ${}_{q}^{1}$ , He ${}_{q}^{1}$ ) were as follows: low risk cloud (0, 0.67, 0.05); comparatively low risk cloud (3, 0.67, 0.05); moderate risk cloud (5, 0.67, 0.05); comparatively high risk cloud (7, 0.67, 0.05); and high risk cloud (10, 0.67, 0.05). To better display the experimental results, the value taken by He in this paper should not be too large, and the value taken was 0.05.

The actual integrated cloud model and the standard cloud model that were generated are shown in Fig. 3. The continuous cloud drop pattern composed of “ $\cdot$ ” is the standard cloud model, and the cloud drops composed of “ $+$ ” are the actual integrated cloud model. It can be seen by making comparisons in the figure that the actual integrated cloud model is closest to the “comparatively low risk cloud” in the standard cloud model, thereby determining that the security risk of this airborne network is at the “comparatively low” level of $l_{2}$ .

Figure 3.
Comparison between the actual comprehensive cloud model based on the algorithm in this paper and the standard cloud model.

Step 3 Calculating the degree of similarity

According to Process 4) in Section 3.3, the degree of similarity between the actual integrated cloud model and the standard cloud model in Fig. 3 was calculated, and the results are shown in Fig. 4.

Figure 4.
The similarity between the actual comprehensive cloud model based on the algorithm in this paper and the standard cloud model.

It can be seen from the figure that the “comparatively low risk cloud” is the greatest degree of similarity between the actual integrated cloud model and the standard cloud model, thereby determining that the security risk of this airborne network is at the “comparatively low” level of $l_{2}$ , and the comparison results are consistent with the two models in Fig. 3.
4.3 Experimental results and comparative analysis

$a$	$b_{1}$	$b_{2}$	$b_{3}$
$b_{1}$	(1,1,1)	(0.63,0.79,0.95)	(0.69,0.85,1.03)
$b_{2}$	(1.07,1.30,1.65)	(1,1,1)	(1.17,1.38,1.85)
$b_{3}$	(0.99,1.20,1.50)	(0.57,0.75,0.89)	(1,1,1)

	$c_{1}$	$c_{2}$	$c_{3}$	$c_{4}$	$c_{5}$
Ex ${}_{p}^{c}$	4.18	4.37	2.77	3.04	3.01
En ${}_{p}^{c}$	0.88	1.38	1.29	1.71	1.10
He ${}_{p}^{c}$	0.53	0.73	0.52	0.95	0.57

To verify that the algorithm of the improved FAHP-cloud model proposed inthis paper is able to effectively solve problems such as difficulty in the objective and accurate calculation of the index weight, a unitary assessment result, and poor descriptiveness, the model was compared with existing risk assessment methods for network security, such as the AHP-gray clustering algorithm and the AHP-cloud model algorithm.

Using the experimental data of this paper, the risk value calculated using the AHP-gray clustering algorithm is $F=$ 4.2, and the risk level is “comparatively low” at $l_{2}$ , consistent with the results obtained by the algorithm of this paper and illustrating that the algorithm of this paper is reasonable and effective. However, only the risk level can be obtained by the assessment result of the AHP-gray clustering algorithm. By introducing the cloud model, the improved FAHP-cloud model algorithm of this paper can judge the security risk level of the airborne network while clearly considering the qualitative and quantitative results of the cloud model comparison map and the numerical values of the degree of similarity at the same time. In addition, by comparing the integrated actual cloud model with the standard cloud model, the improved FAHP-cloud model algorithm displays the uncertainty and randomness in the assessment process, providing a reference for launching the next step of the protection work.

Figure 5.

Comparison map of the actual integrated cloud models generated from the AHP-cloud model algorithm and the algorithm of this paper.

Using the experimental data of this paper, the numerical features of the actual integrated cloud model obtained using the AHP-cloud model algorithm for calculation are (3.74, 1.86, 1.05), and the numerical features of the actual integrated cloud model obtained by the improved FAHP-cloud model algorithm proposed in this paper are (3.34, 1.32, 0.64). The expected value Ex represents the distribution center of the cloud model, and it can be seenthat the distribution centers of the two actual integrated cloud models are closer to the “comparatively low risk cloud.” The entropy En reflects the fuzziness of the assessment index, and the hyper entropy He represents the uncertainty of the assessment index. The En and He values calculated by the algorithm of this paper are smaller, so the fuzziness and uncertainty of the index are also lower.

The corresponding actual integrated cloud models generated from these two numerical features are shown in Fig. 5. The pattern composed of the blue“ $\cdot$ ” symbols is the actual integrated cloud model obtained by using the AHP-cloud model algorithm. It can be seen from Fig. 5 that the fuzziness and uncertainty of the improved FAHP-cloud model algorithm results of this paper are smaller than those of the AHP-cloud model algorithm results, reflecting the same results as those of the numerical features and thereby improving the accuracy and reliability of the assessment. Moreover, it is impossible to accurately judge from the figure whether the actual integrated cloud model is closer to the “comparatively low risk cloud” or the “moderate risk cloud” in the standard cloud model.

A comparison of the degree of similarity between the actual integrated cloud model results of the algorithm of this paper, the AHP-cloud model algorithm, and the standard attribute cloud is shown in Fig. 6.

Figure 6.

Degree of similarity between the actual integrated cloud model of the AHP-cloud model algorithm and the standard cloud model.

It can be seen from the figure that the degree of similarity results are close to the “comparatively low risk cloud” and “moderate risk cloud” levels, and it may be impossible to accurately judge the risk level.

The comprehensive weight vector calculated by using the improved FAHP-cloud model algorithm of this paper is ( $w_{1}$ , $w_{2}$ , $w_{3}$ , $w_{4}$ , $w_{5}$ ) $=$ (0.063, 0.250, 0.354, 0.136, 0.197). The comprehensive weight of each indicator is clearly distinguished; however, when using the AHP-cloud model algorithm, the comprehensive weight vector is ( $w_{1}$ , $w_{2}$ , $w_{3}$ , $w_{4}$ , $w_{5}$ ) $=$ (0.1928, 0.2273, 0.2168, 0.1807, 0.2024). It can be seen that the difference in the comprehensive weight is smaller, and it is impossible to distinguish the relative degree of importance of the attribute-level indicators in the security risk assessment system for the airborne network.

5. Conclusion

In this paper, in connection with the particularity of airborne network security, an index system applicable to the security risk assessment of airborne networks was established, and a risk assessment method with an improved FAHP-cloud model was proposed. On the basis of the traditional FAHP, this method introduces the concept of information entropy to calculate the comprehensive weight of the indicators, giving full consideration to the proportion of each indicator in the assessment, eliminating the effect of randomness, and improving the reliability and scientific nature of the assessment. Furthermore, the cloud model was introduced to the risk assessment of airborne network security, which shows the fuzziness and uncertainty in the assessment while obtaining quantitative results at the same time; avoids the representation of the results by a single threshold classification or overreliance on a certain mathematical model that requires accurate calculation; makes the assessment results more visual and reliable; and improves the usability of the model. However, the analysis of the indicators is still mainly established on the subjective experience of experts, and when the indicators increase or change, it is necessary to reconstruct the assessment index system for calculations. In subsequent work, different airborne networks will be analyzed, and the assessment model will be optimized.

Footnotes

Acknowledgments

This work is supported by the Fundamental Research Funds for the Central Universities (3122019124).

References

Carrico

M.J.

, Mobile device integration in the cockpit: benefits, challenges, and recommendations, Digital Avionics Systems Conference. IEEE, 2015, pp. 1–10.

Wolf

Minzlaff

and Moser

, Information technology security threats to modern e-enabled aircraft: a cautionary note, Journal of Aerospace Information Systems 11(7) (2014), 447–457.

Kwak

K.J.

Sagduyu

Deng

et al., Airborne network evaluation: challenges and high fidelity emulation solution, Communications Magazine IEEE 52(10) (2014), 30–36.

RTCA, DO-356A, Airworthiness Security Methods and Considerations, DC: RTCA Inc, 2018.

RTCA, DO-356, Airworthiness Security Methods and Considerations, DC: RTCA Inc, 2014.

Zhang

Kong

D.Q.

and Li

X.D.

, Security risk assessment methodology for airborne system, Computer Engineering and Applications 49(16) (2013), 232–235.

Wang

, Analytic Hierarchy Process Based Risk Assessment Method for Internet of Things, 2nd International Conference on Energy, Power and Electrical Engineering, EPEE, 2017.

and Liao

, Intuitionistic fuzzy analytic hierarchy process, IEEE Transactions on Fuzzy Systems 22(4) (2014), 749–761.

D.Y.

Meng

H.J.

and Shi

X.M.

, Membership clouds and membership cloud generators, Journal of Computer Research and Development (6) (1995), 15–20.

10.

Zhang

S.B.

and Xu

C.X.

, Study on the trust evaluation approach based on cloud model, Chinese Journal of Computers 36(2) (2013), 422–431.

11.

Baynal

Sari

and Akpinar

, Risk management in automotive manufacturing processes based on FMEA and a gray relational analysis: A case study, Advances in Production Engineering & Management 13(1) (2018), 69–80.

12.

Zadeh

L.A.

, Fuzzy sets, Information and Control 8(3) (1965), 338â€“-353.

13.

Tryfonas

Russell

et al., Risk assessment for mobile systems through a multilayered hierarchical bayesian network, IEEE Transactions on Cybernetics 46(8) (2016), 1749–1759.

14.

Liu

, Research on an information security risk assessment model based on dynamic threat and fault tree, Dissertation, Lanzhou University, 2014.

15.

Mao

and Qi

D.Y.

, An integrated methodology for performance assessment of campus network, Journal of Computational Methods in Sciences and Engineering 15(2) (2015), 129–141.

16.

Forson

E.D.

et al., Mesothermal gold prospectivity mapping of the southern Kibi-Winneba belt of Ghana based on Fuzzy analytical hierarchy process, concentration-area (C-A) fractal model and prediction-area (P-A) plot, Journal of Applied Geophysics 174 (2020), 103971.

17.

Liu

G.C.

and Zhao

H.Y.

, Research on cloud computing load balancing based on information entropy, Journal of Computational Methods in Sciences and Engineering 16(1) (2016), 135–143.

18.

Wang

C.Y.

Tian

Y.X.

and Jia

H.B.

, Driving fatigue detection based on feature fusion of information entropy, Journal of Computational Methods in Sciences and Engineering 18(4) (2018), 977–988.

19.

Standardization Administration of China, GB/T 20984-2007, Information Security Technology Risk Assessment Specification for Information Security, National Standards of the People’s Republic of China, 2007.

20.

Standardization Administration of China, GB/T 22239-2008, Information security technology: Baseline for classified protection of information system security, National Standards of the People’s Republic of China, 2008.

21.

Standardization Administration of China, GB/T 22240-2008, Information security technology: Classification guide for the classified protection of information systems, National Standards of the People’s Republic of China, 2008.