A Security Situation Assessment Model of Information System for Smart Mobile Devices

The accuracy of the existing security situation assessment model of information system for smart mobile devices is affected by expert evaluation preferences. This paper proposes an information system security situation assessment model for smart mobile devices, which is based on the modified interval matrix-entropy weight-based cloud (MIMEC). According to the security situation assessment index system, the interval judgment matrix reflecting the relative importance of different indexes is modified to improve the objectivity of the index layer weight vector. Then, the entropy weight-based cloud is used to quantify the criterion layer and the target layer security situation index, and the security level of the system is graded. The evaluation experiment on the departure control system for smart mobile devices not only verify the validity of this model but also demonstrate that this model has higher stability and reliability than other models.


Introduction
Security situation assessment refers to the process of predicting the security situation of the system based on the perception and acquisition of security elements in a certain time and space, and the integrated analysis of the acquired data information [1]. The security situation assessment model is necessary for information system administrators of smart mobile devices to obtain the dynamic security situation of the system, determine system abnormal events, and make reasonable decisions.
Fu et al. [2] proposed a comprehensive evaluation model for information system security risk based on the entropy weight coefficient method. The entropy weight coefficient method was used to determine the index weight vector and reduce the subjective influence of experts. Luo et al. [3] proposed a risk assessment model based on the gray comprehensive measure, but the evaluation model lacks management dimension indexes. Xi et al. [4] proposed an improved quantitative evaluation model of the network security situation and optimized the network security situation quantitative value by game method, but the information source is single. Shu et al. [5] proposed a network security risk assess-ment model based on network security vulnerabilities to assess network security risks. However, the model requires a large amount of data, the risk baseline determination is influenced by experts, and the algorithm complexity is high. Hemanidhi et al. [6] calculated the total network risk value by weighting the quantified results of network risk under different vulnerability detection tools, but the distribution of risk value weight for different detection tools is not reasonable. Eom et al. [7] proposed a risk quantification formula based on threat frequency, asset exposure, and asset protection level, but the determination of threat frequency is influenced by subjective factors. Rimsha et al. [8] proposed an information security risk assessment method based on the adjacency matrix. However, a higher-order adjacency matrix will increase the deviation between the risk value and the actual security situation. Cheng [9] proposed a streaming algorithm to identify user click requests and reconstructed user-browser interactions by leveraging the Spark Streaming framework. Rui [10] proposed a two-stage approach by combining multiobjective optimization (MOO) with integrated decision-making (IDM) to address the problem of combined heat and power economic emission dispatch (CHPEED).
Those indicate that the existing information system security situation assessment indexes only focus on the technical level without considering the human factors. Moreover, the security situation evaluation is greatly influenced by the subjectivity of experts, and the quantified results cannot accurately reflect the information system security situation.
Motivated by those above, in this paper, we propose an information system security situation assessment model (ISSSAM) for smart mobile devices, which is based on the modified interval matrix-entropy weight-based cloud (MIMEC).
1.1. Contribution. The main contributions of this paper are listed as follows: (1) A practical ISSSAM model. To accurately assess the information system security situation for smart mobile devices, an ISSSAM model is built with consideration of the modified interval matrix module and entropy weight-based cloud (2) A novel modified algorithm. A modified interval matrix module is proposed to improve the objectivity of the weight vector. Firstly, the interval judgment matrix given by experts is modified to improve its consistency degree. Secondly, the deterministic matrix with the best consistency degree is searched in the modified interval judgment matrix. Finally, the best weight vector is obtained based on the best deterministic matrix (3) The experimental results of the departure control system (DCS) case, prove the effectiveness of our model. Furthermore, compared with other methods, the results demonstrate that our model is closer to the practical security situation and improves the reliability and stability of information system security situation assessment 1.2. Organization. The rest of this paper is organized as follows. Section 2 presents the security situation assessment model. Section 3 recommends multisource data normalization. In Section 4, the modified interval matrix module is proposed. Section 5 reviews the entropy weight-based cloud module. In Section 6, the experimental comparisons are carried out, and the results are analyzed. Finally, Section 7 gives the conclusions. In addition, the list of notations is shown in Table 1.

Security Situation Assessment Model
In this paper, a MIMEC based security situation assessment model of information system for smart mobile devices is established (see Figure 1). The assessment process is designed as follows: firstly, based on the analytic hierarchy process (AHP), a threelayer index system for security situation assessment of an information system for smart mobile devices is established. Define that there are 5 evaluation dimensions (see Figure 2), where they are physical dimension (I 1 ), host sys-tem dimension (I 2 ), network dimension (I 3 ), data dimension (I 4 ), and manager dimension (I 5 ).
Secondly, there are various ways for us to obtain data as the basis for experts' scoring and determine qualitative indexes and quantitative indexes, such as questionnaire survey, physical environment assessment, viewing host configuration, and obtaining system vulnerabilities through intrusion detection system.
Thirdly, the security situation is quantified by the modified interval matrix module and the entropy weight-based cloud module. The interval judgment matrix is given by experts, and the modified interval matrix module is used to obtain the best deterministic judgment matrix. Then, the index layer is constructed according to the experts' evaluation results. Combined with the index layer weight vector, the criterion layer based cloud model is constructed, and the entropy weight coefficient of the criterion layer cloud model is calculated. At last, the situation value of an information system for smart mobile devices is obtained by the situation value operator.
Finally, according to the "Information security technology-classification guide for classified protection of information systems security" [11] and the comprehensive security situation value of an information system for smart mobile devices, the security situation level is determined.

Multisource Data Normalization
Since the heterogeneity of multisource data makes it difficult for experts to evaluate, this paper proposes a normalized method for qualitative and quantitative indexes as follows.   Wireless Communications and Mobile Computing 3.1. Normalization of Qualitative Indexes. Define that there are m qualitative index comment classifications, which are β 1 , β 2 , ⋯, β m . β i~βj ði, j ∈ 1, 2, ⋯, mÞ represents that the comment β i is better than comment β j , then β 1~β2~⋯β m ði, j ∈ 1, 2, ⋯, mÞ. Meanwhile, define that θ is the index which reflects the score of comment and θ~N (0, 1). Suppose that the t i is corresponding to comment β i which reflects the expert score and t i is the quantile of N ð0, 1Þ, then Define that the expert score is V e and V e = μt i , where μ is the modified factor (this paper takes μ = 100).

Normalization of Quantitative Indexes.
Define that the quantitative interval of the index X is [X a , X b ], the normalization process for the quantitative indexes of different dimensions is as follows: (1) Positive index (2) Reverse index

Modified Interval Matrix Module
The assessment of the security situation needs to determine the relative importance of each index, and its mathematical representation is the weight vector. In this paper, the interval judgment matrix given by experts is modified to improve the degree of consistency, and the deterministic matrix with the best consistency is searched in the modified interval judgment matrix to determine the best weight vector. This method not only preserves the subjectivity of expert evaluation but also improves the objective degree of the weight vector.

Related Definitions.
Interval judgment matrix: define that the subscript set of n elements is J = f1, 2, ⋯, ng,and the relative importance between element i and element j is a ij . Then, the interval judgment matrix can be represent as −A = ð−a ij Þ n×n , i, j ∈ 1, 2, ⋯, n, and the interval number −a ij is This paper takes 1-9 scale judgment matrix [12].
Random matrix: define that matrix A = ða ij Þ n×n , i, j ∈ 1, 2, ⋯, n, where a ij ∈ ½a L ij , a U ij . Random number a ij is generated from ½a L ij , a U ij according to the probability of uniform distribution.
Satisfactory consistency: define that the consistency ratio of judgment matrix A is CRðAÞ = ðλ max ðAÞ − nÞ/½ðn − 1Þ RI. When CR ≤ 0:1, we consider the matrix A has satisfactory consistency, where λ max ðAÞ is the maximum eigenvalue of matrix A, RI is the average random consistency index (see Table 2).
Interval matrix consistency degree: define that γ is the interval matrix consistency degree. If Q random matrixes are generated from interval matrix −A and there are p matrixes has satisfactory consistency, then γ = p/Q. Figure 3.

Modified Interval Matrix Design. The modified interval matrix module is shown in
The modified interval matrix module is divided into three submodules. They are interval matrix consistency degree judgment submodule (Interval_matrix_identify), interval matrix element adjustment submodule (Interval_matrix_ adopt), and best deterministic matrix acquisition submodule (Best_interval_matrix).
The workflow design of the modified interval matrix module is as follows.
Step 1. Calculate the consistency degree value (consis_value) of a given interval matrix.
Step 2. If consis_value > threshold, then turn to Step 3; else adjust the interval number elements, and turn to Step 1.
Step 3. Calculate the Best_interval_matrix based on the modified matrix.
Step 4. Calculate the weight vector based on Best_interval_ matrix.
The processing method and process of each sub-module are explained in detail below.

Interval Matrix Consistency Degree Judgment
Submodule. The interval judgment matrix given by the expert generates Q random matrices according to the uniform distribution probability and sequentially calculates the consistency ratio CR k ðk = 1, 2, ⋯, QÞ of the generated random matrix. Let the number of random matrices with a satisfactory degree of consistency be p, then the degree of consistency of the interval matrices is γ = p/Q. The larger γ, the better the consistency of the interval matrix; the smaller γ, the worse the consistency of the interval matrix. This paper takes Q = 100.

Interval Matrix Element Adjustment Submodule.
When the consistency degree γ is less than a certain threshold, some elements in the interval matrix need to be adjusted. The specific process is designed as follows. Step 3. Turn to the Interval_matrix_identify submodule, and calculate γ of the adjusted interval judgment matrix.
After deleting the elements of the hth row and hth column in the interval matrix, the deleted elements are isolated to remain elements. If the consistency degree of this interval matrix improved greatly, it is indicated that the deleted elements have a negative impact to the original matrix. So, we need to invite experts to adjust corresponding elements to improve the consistency degree [13].

The Best Deterministic Matrix Acquisition Submodule.
This submodule consists of two processes: interval matrix convergence and best deterministic matrix calculation. The specific process is designed as follows: (1) Interval matrix convergence Step 1. Generate R deterministic matrices according to the uniform distribution probability based on the adjusted interval judgment matrix.
Step 3. Get the tth matrix cluster (Cluster_matrix_t) by obtaining first ω consistency ratios of R deterministic matrices.
Step 4. Integrate the new interval matrix by using the same position elements of different matrices in matrix clusters.
Step 5. Obtain the upper and lower limits of each interval elements in the new interval judgment matrix. When i = j, a ij Step 6. Repeat Step 1~5 until the sum of |a ij U − a ij L | ði, j ∈ 1, 2, ⋯, nÞ (the lengths of the interval matrix) is not more than 10% of the sum of the lengths of the original interval matrix.
In Step 1, the proportion of each determined number of the randomly generated deterministic matrix in the left half interval of each interval element of the original interval matrix is α, and 0:5 − η < α < 0:5 + η (This paper takes η = 0:05).
where v is the speed of optimization, w is used to adjust the speed of optimization, c is the cognitive factor and usually c = 2, rand is the random number between (0, 1), pbest is the current the element in the deterministic matrix with the smallest consistency ratio, and present represents the element in the current deterministic matrix.
Step 2. Initialize a deterministic matrix M 0 , the elements of the deterministic matrix are: a ij , i, j ∈ 1, 2, ⋯, n. When i = j, a ij = 1; Step 3. Calculate CR 0 as the initial consistency ratio.
Step 5. Calculate its consistency ratio CR i , and compare it with CR 0 .

Wireless Communications and Mobile Computing
Step 7. Adjust each element in each deterministic matrix according to equations (4) and (5): are the upper and lower limits of each element of the converged interval matrix.
The initial value of v is taken as 0, pbest 0 corresponds to each element in the initial deterministic matrix M 0 in Step 2, and present 0 corresponds to each element in the deterministic matrix randomly generated in Step 2 for the first time.
On this basis, the eigenvector method can be used to calculate the best weight vector.

Related Definitions.
Membership cloud [14]: define that U is a certain universe, where U = fxg and S is language value corresponding to accuracy number x. x is a random number with a stable tendency for membership degree C S ðXÞ, and the distribution of membership degree on the universe is called membership cloud.
The digital characteristics of the cloud: the description of cloud rely on 3 parameters. They are expectation value E x , entropy E n , hyper entropy H e , where E x reflects a concept corresponds to the central value of a universe, E n reflects the fuzziness of the concept and E n reflects the degree of cloud droplet dispersion.
Entropy [2]: entropy measures the uncertainty of the system. Define that the system may stay in n different states and the probability of each state occurs is p i ði = 1, 2, ⋯, nÞ, then the entropy of the system is where 0 ≤ p i ≤ 1 and p 1 + ⋯+p n = 1. When p i = 1/n, E max = ln n. Then, when the system has only one state n = 1 and E min = 0, the system is determined. With the increase of n, the number of possible states gets higher, then the entropy gets bigger. And the dispersion of the system becomes bigger, and it can provide less information. Thus, the less important this system is relative to other systems.

Expert Evaluation of Membership Cloud.
For the evaluation of a certain index, n experts are invited to conduct the evaluation of a certain index, and the evaluation results are converted into a percentage form according to Section 3. The membership clouds represent the evaluation results of the n experts. First, the three digital features (E x , E n , H e ) of the cloud model are calculated by the reverse cloud generator. Then, the expert evaluation results are restored by the forward cloud generator. Finally, if the cloud drops are too discrete, it indicates that the expert evaluation opinions differ greatly, then we can apply for reevaluation.
(1) Reverse cloud generator where E xi indicates the percentage result of the ith expert evaluation and n indicates the number of experts. The digital features of the membership cloud (E x , E n , H e ) are calculated by the above equations.
(2) Forward cloud generator Step 1. E nn = Randn ðE n , H e Þ, which takes E n as the expectation and produces a normally distributed random number E nn with H e as the standard deviation.
Step 2. x i = Randn ðE x , E nn Þ, which takes E x as the expectation and generates a normally distributed random number x i with E nn as a standard deviation.
Step 3. ξ i = exp ½−ðx i − E x Þ 2 /ð2E nn 2 Þ, the degree of membership is calculated according to the equation, and the pair (x i , ξ i ) represents a cloud drop distributed over the universe U.
Step 1 through Step 3 is performed cyclically until enough cloud drops are generated to restore the expert evaluation results in the form of a cloud model.

Membership Cloud Gravity
Center. The result of the expert evaluation of f indexes subordinate to the criterion layer can be represented by f -dimensional membership clouds. The f -dimensional comprehensive membership cloud of the dimension can be formed by a membership cloud gravity center. This paper uses the vector g to represent the gravity center vector of this cloud which is where g i = E xi · w i ði = 1, 2, ⋯, f Þ, E xi represents the expected value of the ith membership cloud, and w i represents the weight corresponding to the index which is calculated by the modified interval matrix module.

Wireless Communications and Mobile Computing
Assuming that the initial state of the system is ideal, the initial cloud center of gravity vector of the f -dimensional integrated membership cloud is The cloud gravity center vector representing the current expert evaluation result is Then, normalize the changes in the gravity center vector of the f -dimensional integrated cloud is where i = 1, 2, ⋯, f . Calculate the weighted deviation δ from the weight vector W = ðw 1 , w 2 , ⋯, w f Þ: Enter δ into the evaluation cloud model to get the support level of this dimension index for different comments in the criterion layer [15]. The evaluation cloud model is shown in Figure 4.
In the process of quantifying the situation from the index layer to the criterion layer, the cloud gravity center evaluation method can be used to calculate the weighted deviation and obtain the safety situation value of the different dimension indexes in the criterion layer, and the process of quantifying the situation from the criterion layer to the target layer. In the traditional method [16], the dimension indexes of the default criterion layer are usually the same relative importance, but the relative importance of different indexes in the criterion layer is not distinguished. This has certain limitations on the quantitative value of the comprehensive security situation of the information system.
First, at a certain moment, the relative importance of the physical dimension, host dimension, network dimension, data dimension, and manager dimension of different information systems is different. The reason is that some information systems and external network channels are less or even isolation, the main factor affecting the security of the system type is behavior adjustment management [17], and some information systems often face threats such as vulnerabilities and malicious attacks, so it is necessary to focus on the protection of their host and network dimension indexes. Second, for the same information system, the main influencing factors affecting its security situation will change with time. This is due to the update of information system software and hardware. The change of managers will cause the weight vector of the criterion layer to change, which will affect the system the total security assessment value.
Given the above problems, based on the cloud gravity center-weighted deviation of each index in the known criterion layer, by reviewing the comments of the activated comments in the cloud model and the support of each comment, the dimension indexes of the criterion layer are determined relative to each comment. The support matrix P is as shown in Table 3.
X 1 , X 2 , X 3 , X 4 , and X 5 in Table 3 correspond to the 5 dimensions of the criterion layer, respectively, and p ij indicates the degree of support of the ith index to the jth comment (i, j ∈ 1, 2, 3, 4, 5).
Calculate the absolute entropy of each dimension index by using equation (13): when p i1 = p i2 = ⋯ = p in , there is H max = ln n. Calculate the relative entropy value of each dimension index by using equation (13) The weight of the corresponding index is expressed by (1-μ i ), which is normalized: where τ i ∈ ½0, 1 and τ 1 + ⋯+τ n = 1, τ i is the entropy weight coefficient of the subordinate cloud corresponding to X i . The weight vector corresponding to each comment in the given evaluation cloud model is set as U = ðu worse , u bad , u average , u good , u excellent Þ = ð1/15, 2/15, 1/5, 4/15, 1/3Þ [2,18].
The information system comprehensive security situation value operator is equation (16):

Wireless Communications and Mobile Computing
This paper determines the security situation level according to [2,14], as shown in Table 4. The system security situation level can be determined by combining the V value.

Analysis of Algorithm
Complexity. In the proposed model, there are two modules. First, we modified the interval matrix to get the best deterministic matrix and obtained the best weight vector. This process traverses all interval matrix elements at least twice. The complexity of this process is Oðn 2 Þ. After we get the best weight vector, we need to evaluate each index according to the entropy weight-based cloud. The complexity of the whole process is OðnÞ. Finally, we calculate the situation security value through equation (16). Therefore, we can obtain the complexity of the whole model as follows.

Results and Discussion
The model proposed in this paper is applied to the departure control system for smart mobile devices. The system security situation assessment is conducted every Tuesday, from October 1 to December 23, 2018, for a total of 12 times.
The following experiment uses the evaluation of the network dimension of the system criterion layer on October 9, 2018, as an example to illustrate the application process of the evaluation model.

Normalization of Multisource Data.
For the four subindexes of the network dimension ðI 3 Þ ðI 31 , I 32 , I 33 , I 34 Þ = ðnetwork topology, network access control, security audit, network trafficÞ, 10 experts are invited to evaluate each subindex. Take "identification" (in Figure 2) for example, when password guessing [19] or two-factor authentication schemes [20,21] are implemented, the security situation will reach a serious state which needs the information system manager give emergency reaction to keep the system stay a good state. And experts will give a score between 80 and 100, which represents the situation is bad. Then according to Section 3, the evaluation of qualitative and quantitative indexes was unified into the score under the percentage system, and the scores of the subindexes are shown in Table 5.
6.2. Determine Index Weights. The interval judgment matrix is given by experts on the relative importance of the four subindexes: According to the method in Section 4, firstly judge the consistency degree of the interval matrix, and take the consistency degree threshold value to be 0.6 to obtain γ = 0:76 > 0:6 [13], which shows that the consistency degree of the interval matrix meets the requirements, and no further interaction with the experts is needed. This matrix is used as the best interval matrix in Section 4.2.3. Then, the interval matrix is converged, and R = 100, ω = 10. After 7 iterations, the convergence interval matrix is Based on this matrix, the optimization process based on the adjusted deterministic matrix is obtained under the condition of the number of optimization times k = 1 000, and the best deterministic matrix is     6.3. Situation Quantification and Grading. The experts' evaluation results are restored by the cloud, as shown in Figure 5. Since the cloud droplets of each cloud model are more concentrated, it indicates that the experts' evaluation comments are more consistent, so there is no need to request experts' reevaluation.
The expected value vectors of the four subindexes of network dimension based on the graph and the weight corresponding to each expected value obtained based on Section 6.2 are shown in Table 6.
According to equations (11) and (12), the weighted deviation degree is δ = −0:079 134, and the security situation value of the network dimension is 0.920 866. Inputting δ into the evaluation cloud model indicates that the network dimension is in "excellent" state, as shown in Figure 6.
For the normal curve fitting of the evaluation cloud model, the support degree of the comment "good" is 0.122 04, the support degree of the comment "excellent" is 0. The evaluation support vector for the other fourdimensional indexes of the criterion layer is the same as the calculation process of the network dimension and will not be described here.
The obtained security level value vector of each dimension of the criterion layer is (0.677 2,0.731 4,0.920 9,0.522 5,0.643 4), and the comment support matrix P is shown in Table 7.
According to equations (13)-(15), the criterion layer index entropy weight coefficient vector can be calculated as: τ = ð0:143, 0:380, 0:121, 0:307, 0:049Þ. The comprehensive security situation value of this system is 0.752. Combined with Table 4, the security situation of the information system is in an "excellent" state, which is consistent with the actual situation.
The security situation assessment method in this paper, the entropy weight coefficient method [2], the improved Hidden Markov Model [4], and the AHP method [12] are applied to the evaluation of this system. The criterion layer security situation and total security situation are evaluated, as shown in Figures 7 and 8.
As can be seen from Figures 7 and 8, the fluctuation of the situation assessment value of the model in this paper   Figure 6: Evaluation cloud activation. 9 Wireless Communications and Mobile Computing is obviously smaller than that obtained by the entropy weight coefficient method [2], the improved Hidden Markov Model [4], and the AHP method [12]. There are two reasons: first, the model in this paper improves the objective degree of the weight vector by modifying the interval matrix and overcomes the shortcoming of the strong subjectivity of the traditional AHP method. At the same time, by judging the dispersion degree of the subordinate cloud droplets of the experts' evaluation results, abnormal index values can be found and reevaluation. Compared with the entropy weight coefficient method, unreasonable index weighting can be avoided. Therefore, the quantitative result of the model in this paper is more appropriate to the actual system security situation, which improves the reliability of this information system security situation assessment model.
Second, due to the difference of experts' ability, it is difficult to judge the relative importance of each dimension index in the criterion layer uniformly. Based on multisource data normalization, the entropy weight coefficient of each cloud model corresponding to the criterion layer index is used to avoid weighting directly for the criterion layer index. Therefore, the total situation value of the actual system can avoid large fluctuation and improve the stability of information system security situation assessment.

Conclusions
This paper proposes a MIMEC-based security situation assessment model of information system for smart mobile devices. This model modifies the interval judgment matrix, finds the best deterministic matrix to determine the index layer weight vector, and combines the entropy weight membership cloud to quantify and grading the security situation. Through the experiment on the departure control system for smart mobile devices, we found that the existing information system is always in a serious situation, which means the information system manager is supposed to take some measures to protect the system. We believe that our findings and our model can extend the models used in previous work and correct shortcomings of previous models. And compared the evaluation results with other methods, it shows that our model has good reliability and stability.
Our future work will focus on this study to assess extensive information system situation security for smart mobile devices. In addition, more realistic assessment methods such as Pythagorean Fuzzy Subsets [22], and Intuitionistic Fuzzy Petri Nets [23] will be used to improve the accuracy of the proposed model.