Research on Information Security Risk Assessment Method Based on Fuzzy Rule Set

. With the increasing complexity of the network structure and the increasing size of the network, various network security incidents pose an increasing threat to the security of computer systems and the network. Especially, in the network environment, the diversi ﬁ ed intrusion methods and application environment make the security of the network more fragile. In order to improve information security, based on fuzzy rule sets, this paper proposes a fuzzy association rule mining algorithm based on fuzzy matrix and applies it to security event correlation. In addition, this paper combines the embedded system to construct an information security risk assessment system and sets the system performance based on the actual situation. Finally, this paper carries out experimental design to verify the performance of the system and analyzes the experimental results by mathematical statistics. From the experimental research, it can be seen that the system constructed in this paper has a certain e ﬀ ect.


Introduction
Information security risk assessment has become an important means to ensure the security of information systems in enterprises and institutions. Moreover, the effectiveness of the evaluation method used is the prerequisite and basis for ensuring the reliability of the evaluation results. Therefore, the in-depth study of information system security risk assessment methods has extremely important practical significance. The existing information system security risk assessment methods can be roughly divided into two categories [1]. One is the system security analysis method based on multivariate statistics. This type of method usually realizes the safety assessment of the object to be assessed through quantitative indicators, and the results obtained through the assessment have the characteristics of intuitive data and strong objectivity. The main evaluation methods include event tree analysis method, fault tree analysis method, cluster analysis method, and factor analysis method. The other is the system security analysis method based on knowledge and decision technol-ogy. This kind of method is usually based on the relevant knowledge and practical experience of the evaluator to perform corresponding reasoning on the existing nonquantitative data and information to realize the security risk assessment of the information system, so as to grasp the security status and potential risks of the entire information system. Such methods mainly rely on the professional knowledge and rich experience of experts to avoid the shortcomings of quantitative calculation methods in the process of information system risk assessment. The main methods include principal component analysis, Delphi method, group decision method, and logical analysis method. However, both types of risk assessment methods have obvious inherent flaws and deficiencies. The system safety analysis method based on multivariate statistics is an objective quantitative calculation method. On the one hand, the data of the object to be evaluated needs to be quantified in the data preprocessing stage. The quantification process will cause some relatively complex object attributes to be blurred and simplified, and the risk factors obtained after quantification will inevitably have some deviations in understanding. On the other hand, because the existing information system has certain dynamic characteristics, the static description method based on the system architecture and business functions is difficult to characterize the actual security status of the entire system. The system security analysis method based on knowledge and decision-making technology is a subjective qualitative analysis method, and the professionalism of the evaluator has a great influence on the reliability of the evaluation results. Therefore, there are relatively high requirements on the professional competence and professional quality of the evaluator. Therefore, in order to ensure the accuracy and reliability of information security risk assessment results, new risk assessment models and methods are urgently needed to better ensure the safe operation of information systems [2].
Based on the above analysis, this paper studies the information security risk assessment method based on the fuzzy rule set, constructs the corresponding model structure, and verifies the system performance through experimental research.

Related Work
In the field of ICPS information security risk assessment, a lot of research work has been carried out at home and abroad. In terms of risk analysis, the literature [3] gave the original definition of risk and pointed out the three elements of risk, namely, possible events, probability of occurrence, and potential losses. The literature [4] combined the definition of risk with system scenarios and analyzed the inherent relationship between system risk and elasticity. In terms of evaluation thinking and framework research, the literature [5] took the lead in putting forward the connotation of control system information security, reviewed some existing risk assessment frameworks, compared and analyzed the qualitative and quantitative assessment modes, and discussed the application of related technologies. The literature [5] systematically studied systematic risk management and gave a risk assessment framework under a data-driven model, including the design of conceptual models and index evaluation systems. The literature [6] reviewed a large number of system risk assessment methods and gave a roadmap of risk assessment research recommendations from qualitative analysis to quantitative analysis and from deterministic assessment to probabilistic assessment.
In terms of risk modeling and analysis, models such as attack trees, Markov chains, Bayesian networks, and Petri nets have been introduced one after another. The literature [7] shows that evidence theory and analytic hierarchy process are helpful to solve the uncertainty problem in ICPS risk assessment. The literature [8] proposed the idea of combining attack tree and fault tree for risk analysis. The literature [9] designed a multimodel risk assessment method based on a multilayer Bayesian network, which has achieved good results in improving the dynamics of the assessment. The literature [10] designed a state-based semi-Markov chain to model the impact of attacks. The method can effectively describe the impact of the physical process. In terms of risk quantification, the literature [11] compared the difference between ICPS security quantification and IT systems based on the analysis of ICPS availability, integrity, confidentiality, and other security attributes and gave overall recommendations for index system research. The literature [12] has long been committed to the research of risk assessment based on the mechanism of the controlled process and proposed system availability metrics based on downtime and some other risk quantitative auxiliary indicators. The literature [13] designed quantitative strategies for security attributes such as reliability, availability, and controllability from a statistical perspective.
In recent years, fruitful research results have been achieved in the research on the evaluation method based on the comprehensive risk of the system. The literature [14] used analytic hierarchy process as the basic structure to combine with information entropy, Bayesian network, and fuzzy theory and applied them comprehensively, thereby reducing the subjectivity of the evaluation results and improving the early warning ability of information system risks. Under the principle of the maximum deviation of squares, the literature [15] proposed a risk assessment method based on triangular fuzzy entropy, which reduces the influence of subjective factors on the assessment results and makes the assessment results more objective. The literature [16] combined factor analysis and SVM to improve the speed of system risk analysis modeling and the accuracy of risk analysis, which makes the evaluation results more reliable. The literature [17] combined rough set theory with unascertained measure theory, DS evidence theory, and neural network, respectively, so as to realize quantitative evaluation of information system security assurance capabilities and security level protection evaluation and improve the reliability of risk assessment. The literature [18] combined gray theory and fuzzy theory, comprehensively applied the degree of membership and gray to the evaluation, and built a gray fuzzy comprehensive evaluation model to achieve the classification of information system risk levels. The literature [19] proposed a risk assessment method based on fuzzy cognitive maps, which uses fuzzy cognitive maps to obtain the relationship between assets and obtains the system's risk value through the inference process. Because traditional neural networks have the disadvantages of slow training speed and low convergence accuracy, the literature [20] used AHP, PCA, fuzzy theory, and wavelet transform to construct risk assessment models and optimize neural networks, so that the assessment results of information systems are more accurate and effective.

Fuzzy Association Rules
T = ft 1 , t 2 ,⋯,t n g represents the transaction database, t i represents the i-th record in T, I = fi 1 , i 2 ,⋯,i m g represents all attributes appearing in T, the attribute in I is a quantitative attribute, and i j represents the j-th attribute in I. These quantitative attributes are divided into several fuzzy set levels, and the different fuzzy set levels of these quantitative attributes are regarded as new attributes. Since the attributes are fuzzy sets, these attributes are called fuzzy attributes. Each i k is divided into l k fuzzy sets, and the resulting fuzzy 2 Wireless Communications and Mobile Computing attribute set is set to i k ð1Þ, i k ð2Þ, ⋯, i k ðkÞ. For any record t j and fuzzy attribute i 1 ð1Þ, the value of t j on i 1 ð1Þ is recorded as t j ði 1 ð1ÞÞ, which is the membership degree of the value of this record on attribute i 1 on fuzzy set i 1 ð1Þ, t j ði 1 ð1ÞÞ ∈ ½0, 1.
The set of all fuzzy attributes generated is I f , and X = fy 1 , y 2 ,⋯,y p g, Y = fy p+1 , y p+2 ,⋯,y p+q g is a subset of I f , X ∩ Y = ∅. Since the attributes in X and Y are fuzzy attributes, we call the association rule X ⇒ Y as a fuzzy association rule. Among them, the fuzzy attributes in X and Y should not contain the same mark i k at the same time.
Similar to Boolean association rules, in association rules X ⇒ Y, the fuzzy attribute set X is called the antecedent of the fuzzy association rule, and the fuzzy attribute set Y is called the subsequent part of the fuzzy association rule. Similarly, the number of fuzzy attributes in the fuzzy attribute set X is called the length of the fuzzy attribute set X, and the fuzzy attribute set with length k is called the k-fuzzy attribute set. To mine fuzzy association rules, it is also necessary to define fuzzy support and fuzzy trust [21].
3.1. Fuzzy Support of Fuzzy Attribute Set X. For any fuzzy attribute set X = fy 1 , y 2 ,⋯,y p g, the fuzzy support degree of fuzzy attribute set X is FSupðXÞ: n is the number of records of T and ∑ n j=1 ∧ p m=1 t j ðy m Þ is the fuzzy support number of fuzzy attribute set X, denoted as FSupportðXÞ, where ∧ is the "and operation," and for any a, b ≥ 0, a ∧ b = min fa, bg. If FSupðXÞ is not less than the minimum support min sup given by the user, then, X is called the fuzzy frequent attribute set.

Fuzzy Support Degree of Fuzzy Association
The fuzzy support degree of fuzzy association rule X ⇒ Y is defined as FSup:

Fuzzy Trust Degree of Fuzzy Association
The fuzzy trust degree of fuzzy association rule X ⇒ Y is defined as FConf : Similarly, fuzzy association rules also have the following properties: (1) If the fuzzy attribute set X is a fuzzy frequent attribute set, then, all its nonempty subsets are fuzzy frequent attribute sets Proof. We set fuzzy frequent attribute set as X = fy 1 , y 2 ,⋯, y p g and a nonempty subset of fuzzy frequent attribute set X as Y = fy 1 ,⋯,y 1 g, 1 < P. Since the fuzzy attribute set X is a fuzzy frequent attribute set, from the definition of FSup ðXÞ, we know [22] FSup Since Y = fy 1 ,⋯,y 1 g is a nonempty subset of the fuzzy frequent attribute set X and 1 < P, the following formula is obtained: Therefore, Y = fy 1 ,⋯,y 1 g, 1 < P is also a fuzzy frequent attribute set.
(2) If the fuzzy association rule i 1 ∧ i 2 ∧ i 3 ⇒ i 4 does not satisfy the minimum trust degree given by the user, then, the fuzzy association rule i 1 ∧ i 2 ⇒ i 3 ∧ i 4 does not satisfy the minimum trust degree given by the user either Proof. The following is the method of proof by contradiction.
If the fuzzy association rule i 1 ∧ i 2 ⇒ i 3 ∧ i 4 satisfies the minimum trust degree given by the user, it is known from the definition of fuzzy trust degree [23]: because We can get 3 Wireless Communications and Mobile Computing Therefore, the fuzzy association rule i 1 ∧ i 2 ∧ i 3 ⇒ i 4 also satisfies the minimum degree of trust given by the user, which contradicts the propositional conditions. Similar to Boolean association rules, the mining of fuzzy association rules is to generate all association rules that meet the minimum support (min sup) and minimum confidence (min conf) given by the user. That is, the support and trust of these association rules are not less than the minimum support and the minimum trust, respectively. The mining algorithm can also be divided into two steps: (1) The algorithm finds all fuzzy frequent attribute sets, that is, all fuzzy attribute sets that are not less than the minimum support given by the user (2) The algorithm generates fuzzy association rules not less than the minimum trust degree given by the user from all the fuzzy frequent attribute sets. The method of generation is as follows: for any fuzzy frequent attribute set X and any fuzzy attribute set Y ⊂ X, if FSupportðXÞ/FSupportðYÞ ≥ min conf , then, the fuzzy association rule Y ⇒ X − Y is a meaningful rule Like the classic Apriori algorithm, the fuzzy association rule mining algorithm described in the previous section will also encounter time complexity and space complexity bottlenecks: On the one hand, the database must be scanned once for judging the fuzzy candidate attribute set C k in each cycle. After the fuzzy set level is divided, the records in the database will become more verbose and huge, and the load I/O and time consumption brought by multiple scans of the database will be more obvious [24].
On the other hand, after the fuzzy set level is divided, the original quantitative attributes are converted into fuzzy attributes, and the number of fuzzy attributes will generally be 3-10 times of the original quantitative attributes. This results in the generation of fuzzy frequent attribute sets that are several times larger than the original, which will generate a huge number of fuzzy candidate attribute sets and consume a lot of storage space in the subsequent loop.
In the traditional association rule mining algorithm, we have mentioned that the 0-1 matrix algorithm is used to mine frequent item sets. In this way, in the entire mining process, only one scan of the database is required, which reduces a large amount of I/O consumption and improves the mining efficiency. We can also extend the idea of the matrix to the mining of fuzzy association rules and obtain the set of fuzzy frequent attributes by constructing the matrix.
If X and Y are two universes, then, the fuzzy relation R from X to Y (or between X and Y) is a fuzzy set on the direct product X × Y = fðx, yÞjx ∈ X, y ∈ Yg, namely, R ∈ FðX × YÞ.

Wireless Communications and Mobile Computing
Rðx, yÞ represents the degree to which x and y have an R relationship. In particular, when X = Y, R is called the fuzzy relationship on X.
For x ∈ X, y ∈ Y, Rðx, yÞ characterizes the degree of correlation between x and y. If R is restricted to the classic set on X × Y, then, R becomes an ordinary relationship at this time, so the fuzzy relationship is a generalization of the classic relationship. Fuzzy relations are fuzzy sets, so the signs of fuzzy sets are also applicable to fuzzy relations.
For example, X = fx 1 , x 2 , x 3 g represents the set of three people x 1 , x 2 , x 3 in the parent's generation, and Y = fy 1 , y 2 , y 3 , y 4 g is the children set x 1 , x 2 , x 3 ; the "similar relationship" R ∈ FðX × YÞ is a fuzzy relationship, and R ij = Rðx i , y j Þ, ði = 1, 2, 3 ; j = 1, 2, 3, 4Þ represents the "similar degree" of x i to y j , and the items that are not written indicate that the degree of similarity is 0; that is, it is basically not similar.
As a generalization of the fuzzy relationship, the n-ary Among them, R : X 1 × X 2 × ⋯ × X n ⟶ ½0, 1. When n = 1, R is a unary fuzzy relation, that is, the fuzzy set on X 1 . When n = 2, R is a binary fuzzy set, that is, the fuzzy set on X 1 × X 2 , which is the most discussed fuzzy relationship.
The following are some of the main basic fuzzy relations, for arbitrary x, y ∈ X.
The identity relationship I is  Figure 2: Schematic diagram of the information security system framework.

Wireless Communications and Mobile Computing
The full relationship E is If it is assumed that X = fx 1 , x 2 ,⋯,x m g and Y = fy 1 , y 2 , ⋯,y n g are finite sets, the fuzzy relationship R on X × Y can be represented by a matrix of m * n order: : ð15Þ This kind of matrix that represents the fuzzy relationship is called the fuzzy matrix, which is abbreviated as Among them, Because R takes a value on ½0, 1, the elements of the fuzzy matrix are r ij ∈ ½0, 1. If r ij ∈ f0, 1g, then, R is a Boolean matrix.
However, for "nonstandard" situations, the degree to which they are close to the standard should be described. In this way, the fuzzy relationship represented by the fuzzy matrix below clearly gives a more comprehensive standard relationship.

Information Security Risk Assessment System Based on Fuzzy Rule Set
The information system security system is jointly constructed by the three systems of security technology, security management, and security organization, as shown in Figure 1. The information security system framework is shown in Figure 2.
Once the safety technology system determines the safety requirements, appropriate control measures should be selected and implemented to ensure that the risk is reduced to an acceptable level. An important aspect of control measures is technical control measures. In addition, a technical measure often does not play its role in information security in isolation. It needs to work with other technical measures and nontechnical measures. In this way, a technical architecture is needed to integrate and integrate these security control measures.
(1) Hardware security technology: buildings, computer rooms, and hardware meet mechanical protection requirements.
(2) System security technology: through a series of measures, the safety level was met.
The security organization system ensures that information security in an organization is implemented through the definition of various security responsibilities and provides support for the organization's security management, safe operation and maintenance, and security technology. There are three levels: decision-making level, management level, and executive level. The safety management system and process are placed in the safety management framework. The safety management framework provides the basis for the management of risks of the system, establishes trust, and defines all safety management elements, methods, objects, rules, processes, etc., as shown in Figure 3. The information system security management system consists of three parts: law, system, and training.
The design method of the information security grade protection system is shown in Figure 4.
Network information security technology is a comprehensive discipline involving multiple technologies such as computers, networks, communications, cryptography, and  information theory. With the continuous development of informatization applications, the connotation of security continues to extend, in terms of confidentiality, integrity, and availability. The characteristics of identity authenticity, system controllability, behavior reviewability, etc. are derived. At present, with the continuous emergence of new technologies and diversified applications such as cloud computing, mobile Internet, and big data, network information security technologies are developing in the direction of inte-gration, intelligence, unity, precision, and initiative. Equipment functions such as firewalls and intrusion protection, as well as network equipment and security functions continue to integrate, penetrate into the virtualized environment; unified authentication, unified risk management control, and unified terminal security management have become a trend, and security protection trends such as access control, malicious code, and abnormal traffic have become trends. The development of multilevel protection   Wireless Communications and Mobile Computing and seven-level full protection, identity authentication technology based on situational awareness, and active security audit technology for APT has received full attention from the industry. With the continuous improvement of the performance of network equipment and application systems and the increasing importance of security, the application of high-performance security infrastructure, such as DNSsec and RPKI, is on the agenda. In addition, the protection of sensitive information and personal privacy has been heatedly discussed, and related technologies have developed rapidly.
The data collection subdomain can be divided into telecommunications internal data collection and external data collection; the data ETL subdomain is the area where data caching, data cleaning, data desensitization, data distribution, and other equipment are located; the data computing storage subdomain is data distributed storage and classification storage, distributed computing, capability component packaging, and other equipment areas; data outreach subdomains are areas where Web servers and other equipment are located, responsible for unified access to external network systems; management subdomains are business management platforms, security audits, network monitoring, etc. That is the area where the device such as event log is located. At the boundary of each area, different strengths of logical isolation protection are implemented through measures such as dividing VLANs, setting routing policies and switch access control lists, and deploying firewalls.
The target architecture of the network security domain of the big data platform is shown in Figure 5.
In order to finely manage the user's personal information, according to the sensitivity of the user's information, it is divided into three levels: low, medium, and high. The specific definition is as follows: 4slow-level user information is mainly information about the user's consumption, busi-ness, and cooperation; intermediate user information mainly refers to information related to the user's specific identity, such as user name, phone number, home address, ID number, and bank card number information; advanced user information mainly refers to the information of the user's specific communication content, such as the user's detailed call bill (real-time), geographic location information, and user account password. For the data in the database, it is necessary to identify which information is sensitive. For the identified sensitive data, it is necessary not only to classify and encrypt the storage but also to track the whereabouts of sensitive information, such as which users downloaded the sensitive data and control the download cycle of sensitive data. In particular, high-level and intermediate-level user information must be desensitized. The protection of sensitive data is realized by recording the method of assigning data tags and transparent access to the table (based on the built-in algorithm). Figure 6 shows the discovery and classification of sensitive data.
The platform monitors the network data stream in real time by using the network intrusion detection system, identifies and records abnormal and destructive code streams,   analyzes and audits the information, and discovers abnormal events in time. For abnormal network data, suspicious network connections, dangerous events that should not occur, network worms, or viruses, the platform needs to respond, alarm, and record in a timely manner and can issue security warning notifications in the system across the entire network and accurately locate the source of the event, so as to solve the problem at the source of the event in time. In the deployment plan, this plan deploys a set of network intrusion detection system IDS deployed on the core switch, adopts dual-port monitoring mode, bridges two core switches, and performs real-time detection of data passing through the core switch. At the same time, a security comprehensive audit device is added to the security management domain to perform unified log audit management on IDS. It is necessary to ensure the normal communication between the management server and IDS.

System Performance Verification
After constructing the system structure model, verify the performance of the model structure. This paper uses fuzzy rule set combined with an embedded system to verify system performance. This paper collects various information threatrelated information through the network and, on this basis, obtains a data set, which has 80 groups. We use the system constructed in this paper to identify the risks of these 80 sets of data and score the risks. The results are shown in Table 1 and Figure 7.
From the analysis results of the above figure and table, we can see that the risk identification system constructed in this paper has a certain good performance in risk identification. On this basis, the system's risk response effect is evaluated, and the results are shown in Table 2 and Figure 8.  From the above figure and table analysis, we can see that the information security risk assessment method based on fuzzy rules constructed in this paper has certain effects.

Conclusion
With the continuous deepening of informatization construction, the information system, as an important carrier of social informatization, has changed our lifestyle and promoted the development of social productivity. However, an endless stream of security incidents restricts the further development of information systems. Therefore, how to ensure the safe operation of information systems and avoid potential security risks has become the focus and hotspot of current research. As an important part of information system security engineering, information security risk assessment is the prerequisite and foundation for building an information system security system. However, the existing evaluation methods have many limitations, such as high complexity, excessive subjectivity, and lack of operability. This article combines fuzzy rule set to carry out information security risk assessment, combined with the actual situation to construct an information security risk assessment system, and verify the system performance through experiments. The research results show that the system constructed in this paper has a certain effect in information security assessment.

Data Availability
Data sharing is not applicable to this article as no datasets were generated or analyzed during the current study.

Conflicts of Interest
We declare that there is no conflict of interest.