sign in sign up
<<
Home , Set theory

International Conference on , Science, and Education 2014 (ICMSE 2014)

ASSESSMENT OF E-COMMERCE WEB SECURITY USING AHP - DEMSTER SHAFER

Bambang Suhartono*, Joseph Teguh Santoso, Setiyo Prihatmoko

STEKOM, Semarang *Email : [email protected]

ABSTRACT

As well as an increase in the volume, nature Ecommerce business to consumer (B2C) has grown since the beginning of the web. The earliest use commercial web sites as effectively as a "window shopping" electronic, with visitors able to see the products and services available, but can not buy directly. This site can now do, moving away. Than serves to improve the security requirements, because of personal and sensitive financial details are given on a regular basis when conducting a transaction. A of security issues should be considered to improve the security of the entire E-Commerce, such as: security law (de Lamberterie, 2003), physical security (Furnell, 2004), security management (Tomlinson, 2000), and so on (Oosthuizen, 1999; Tsiakis & Stephanides , 2005). In , some security research website E Commerce focused on security solutions E-Commerce web site. Zuccato (2004, 2005) proposed an approach for obtaining security requirements and then develop a security management framework to improve the security of E-Commerce web site. Meanwhile, the adaptive security methodology has been proposed by Tak and Park, for support services without rejection in E-Commerce and E-Commerce transactions, with high quality security services (Tak and Park, 2004). Many factors determine the security of e-commerce web site that determine this problem is Multiple Criteria Decision-Making (MCDM) (Vincke, 1992). There are many approaches to classify MCDM methods. Belton and Stewart (2002) provides a classification: value measurement models such as Multi-Attribute Utility Theory (DEATH) and Analytical Process (AHP). Elimination and outranking models such as (Et) Choice Translating (ELECTRE) and Preference Ranking Organization Method for Enrichment Evaluation (PROMETHEE). The basis of the theory above that the decision makers choose an alternative value is the maximum expected utility (Keeney & Raiffa, 1976). Fuzzy sets have the ability to present this problem and AHP is widely used to present the MCDM problems in real situations (Chan & Kumar, 2007). However, due to technological limitations of security and complexity of security issues, it is difficult to find security solutions Ecommerce website complete and absolute safety. Therefore, some qualitative and quantitative analysis and safety assessment of E-Commerce website is a must. Safety assessment of E-Commerce web site using AHP with the Dempster-Shafer theory is that the original title was taken from the literature and summarized in accordance with the fact that in the world of E-Commerce, we need a certain tool which is used in decision-making routine.

Keywords: AHP, Dempster-Shafer, e-commerce, security

and sensitive financial details are given on a regular basis INTRODUCTION when transaction. A number of security issues should be As well as an increase in volume, the nature of considered to improve the security of the entire E- e-commerce business to consumer (B2C) has grown Commerce, such as: security law (de Lamberterie, 2003), since the beginning of the web. The earliest use physical security (Furnell, 2004), security management commercial web sites as effectively as a "window (Tomlinson, 2000), and so forth (Oosthuizen, 1999; shopping" electronic, with visitors able to see the Tsiakis & Stephanides, 2005). In addition, some security products and services available, but can not buy directly. research website E-Commerce focused on security This site can now do, moving far beyond. Further work solutions E-Commerce web site. Zuccato (2004, 2005) to improve the security requirements, because of personal proposed an approach for obtaining security requirements

M - 294

International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014) and then develop a security management framework to explaining complex aspects observed in the improve the security of e-commerce websites. implementation of services via the internet. Meanwhile, the adaptive security methodology has been Web Site E-Commerce in Indonesia has never done proposed by Tak and Park, for support services without research on security aspects. This study builds a penolakandalam E-Commerce and E-Commerce comprehensive model to solve problems in Ecommerce transactions, with high quality security services (Tak and security assessment using AHP with the Dempster-Shafer Park, 2004). theory. AHP with Dempster-Shafer theory, and fuzzy Many factors determine the safety of E- sets are combined for the safety assessment of E- Commerce web sites, this is a decisive problem of Commerce web sites, utilizing the Analytic Hierarchy Multiple Criteria Decision-Making (MCDM) (Vincke, Process (AHP) which is integrated with the Dempster- 1992). There are many approaches to classify MCDM Shafer theory of evidence (DS) used in the model to get a methods. Belton and Stewart (2002) provides a web site' security criteria weights E commerce to assist classification: value measurement models such as Multi- the safety assessment of E-Commerce web site, fuzzy Attribute Utility Theory (DEATH) and Analytical sets to describe the uncertainty with the values of HierarchyProcess (AHP). linguistic security E-commerce web site. Elimination and outranking models such as (Et) How to build a comprehensive model to solve problems Choice Translating Reality (ELECTRE) and Preference in the assessment of E-Commerce security using AHP Ranking Organization Method for Enrichment with the Dempster-Shafer theory. Evaluation (PROMETHEE) and finally, aspirations and Research on E-Commerce security, is not a new objectives level models such as Technique for Order thing anymore, some studies have mentioned the use of Preference by Similarity to Solutions (TOPSIS). AHP as a device that helps the analysis, including The basis of the theory above that the decision makers assessment of E-Commerce security using AHP and choose an alternative value is the maximum expected evidential reasoning (Zhang et al., 2012). About safety utility (Wang & Lee, 2009). TOPSIS often dikritikkarena assessment of E-Commerce web site using AHP and inability to deal with issues that are unclear and Dempster Shafer. Fuzzy theory and the concept of uncertain. However, fuzzy sets have the ability to present entropy weights applied to the integration of evaluation this problem and AHP is widely used to present the into the decision-making process (Wang et al., 2009). MCDM problems in real situations (Chan & Kumar, About formulate evaluation software outsourcing 2007). company as a MCDM models, and then present an However, due to technological limitations of effective approach by modifying TOPSIS to solve the security and complexity of security issues, it is difficult problem. to find a website security solution E-Commerce Unlike the previous application, this study will yanglengkap and absolutely safe. Therefore, some conduct an assessment of input variables is a safety qualitative and quantitative analysis and safety factor of E-Commerce web site using AHP for weighting assessment of E-Commerce web site becomes expert assessment of the Dempster-Shafer theory and in imperative. Safety assessment of E-Commerce web site the assessment of each web site which carried a using AHP with the Dempster-Shafer theory is that the combination of variables AHP results, to obtain security original title was taken from the literature and information E-Commerce website. summarized in accordance with the fact that in the world The model provides a tool for practitioners and of E-Commerce, we need a certain tool which is used in E-Commerce has shown its potential in the security decision-making routine. assessment. Although the process of assessing and ranking variables may be influenced by contingent Research on E-Commerce security, is not a new thing variables in various situations, this model can be easily anymore, some studies have mentioned the use of AHP adapted to these variables for the purposes of assessment as a device that helps analysis (Zhang et al., 2012). of E-Commerce security. This model is very potential in About safety assessment of E-Commerce web site. addressing the problem of decision-making, such as the Completeness and fairness of the e-service quality assessment of E-Commerce security. measurement by applying AHP to obtain the weight of the criteria and the TOPSIS ranking (Buyukozkan et al., Analytical Hierarchy Process (AHP) 2012). On the application of e-services framework in Analytical Hierarchy Process developed by Saaty (1980) is a powerful tool to deal with quantitative M - 295

International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014) and qualitative factors in a multi-criteria decision-making the evaluation of sensor reliability in classification problems. With this method, a complicated problem can problems (Guo et al., 2006). Meanwhile, Khokhar and be converted into a regular hierarchy structure. AHP his friends, has been applying the theory in the decision- method has been widely used for multi-criteria decision- making system for risk assessment project E-Commerce making situations, such as: the selection of web sites (Khokhar et al., 2006). Furthermore, a method based on (Ngai, 2003), an evaluation tool (Ngai & Chan, 2005), DS theory introduced by Deng, Jiang, and Sadiq (2011) the selection of weapons (Deng & Shen, 2006), the to estimate the "risk" of contamination in Network choice of drugs (Vidal et al. 2012) and so on. intrusion of water distribution. The first step of AHP is to form a hierarchical The introduction of DS theory briefly made structure of the problem. Then, at each level of the emblem Ф (tetha) represents nonempty set finite and hierarchy, using a nominal scale to build a matrix of complete hypothesis, which is called frame of pairwise comparisons. decernment. Then make a mapping of mass. The second step is to make assumptions (E1,.. Ei,..... En ) Mass function is also called basic assignment as a decision , typified pairwise comparison (BPA) for the entire set of parts Ф (tetha).There are two matrix Mnxn, Further define the decision elements, build operators that play an important role in the reasoning of the matrix, the third step is to calculate the eigenvector evidence, namely discounting and Dempster's rule of matrix, the maximum eigenvalue eigenvector of the combination. Discounting : If the source of matrix. Before changing eigenvector weights to the evidence has mass function m which has probability elements, the of the matrix should be mass function α of reliability.Semua discounted by the checked. Consistency Index (CI) (Saaty, 1990) was used coefficient α is called the discount. Dempster's rule of to measure inkonsistensis in each pairwise comparison combination: denoted by (m1⨁m2) disebut juga jumlah matrix. orthogonal m1 dan m2. where K=∑ = b∩c= ⱷ Thus, consistency ratio (CR). can be calculated CR= Bm1(B) m2 (C) Cl/RI. Where RI is the random consistency index. RI Note that the normalization constant K is called values associated with the matrix dimensions.If CR result from the number of orthogonal (m1⨁m2), which is less than 0,1 (10%), consistency of the pairwise measures the degree of difference between m1 and m2 . comparison matrix is acceptable. In addition, the After combining all the evidence, then go to the ranking eigenvector of the pairwise comparison matrix can be stage. normalized as the final weights of the decision elements. 3.2. If not, consistency is not passed and the elements in the The advantages of using fuzzy approach is to add an matrix should be revised. (Zhang et al., 2012) attribute relative use value rather than the value of fuzzy Table Dimention mathematics. of fuzzy sets are discussed and Dimen presented in the literature (X. Yu et al., 2011). 1 2 3 4 5 6 7 8 9 10 tion Fuzzy set À the C characterized by a RI 0, 0, 1, 1, 1, 1, 1, 1, membership function µã. Fuzzy sets associated with each 0 0 52 89 12 26 36 41 64 49 element x on X, natural in the interval (01). function value µã(X) called the degree of membership of 3.2. Dempster-Shafer (DS) x on À. This study focuses on the value of triangular fuzzy. A Dempster-Shafer evidence theory, first proposed by triangular fuzzy value À can be determined by the triplet Dempster (1967) and then developed by Shafer (1976), (ã1, ã2, ã3), where ã3 greater than ã2 and ã1 regarded as a generalization of Bayesian . With the ability to cope with uncertainty and imprecision inherent in the evidence, DS theory has been widely applied in recent years (Deng & Chan, 2011; Deng et al., 2011; Dymova et al., 2010; Hu et al., 2010; Huynh et al. 2010; Mas et al., 2010). Yang et al., Has developed a theory of the DS to handle multiple attribute decision analysis problems (Yang et al., 2006; Wang et al., 2006; Xu et al., 2006). and framework ,work based on DS theory of belief functions have been designed for M - 296

International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014)

Figure 1. Basic teori

METHODS

The purpose of this research is to develop a system for safety assessment of E-Commerce web site using AHP with the Dempster-Shafer theory. The benefits derived from this study are: 1. Evaluate the security of E-Commerce web site. 2. Assist practitioners in decision-making problems, such as security assessment e-Commerce website. 3. The existence of direct implementation of the AHP with the Dempster-Shafer theory is used for the safety assessment of E-Commerce web site to the E- Commerce website is safe

M - 297

International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014)

Research tool

Hardware: Dell Inspiron 1440 Laptop with these specs: Intel Core 2 Duo T6600 2.2 GHz, 2 GB of RAM memory, hard drive 320. Software: , using Windows Seven 32-bit SP1. Research process, using Matlab R2009a.

Research procedures The road safety assessment studies E-Commerce web site using AHP with the Dempster-Shafer theory and fuzzy TOPSIS begins with the study of literature through the study of journals, books, and scientific related to the security of E-Commerce web site. Processing the data with AHP Dempster-Shafer theory, as shown in Figure 5 below:

Tabel 2. Value Variable Important interests Value Equally important 1 Equally important to 2

quite important 3

Equally important to 4 Equally important 5 Very strong to very important 6 Very strong critical 7 Very strong to extremely important 8 It is important It is important 9

M - 298

International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014)

V5 0.5323 High V6 0.1117 High V7 0.0752 Very High V8 0.2795 High V9 0.1190 High V10 0.0752 Medium V11 0.2795 High V12 0.4770 Very High

Figure 6 Membership function security Table 3. Evaluation Security All variable Level Variabel Bobot Security Value V13 0.0492 Very low Level Variabel Bobot Security Value V14 0.5396 Low 2 A1 0.3420 - V15 0.2970 High A2 0.0811 - V16 0.1634 Low A3 0.5769 - V17 0.7500 Low 3 B1 0.1283 - V18 0.2500 Medium B2 0.2764 - V19 0.7418 High B3 0.5954 - V20 0.1830 Medium B4 0.3333 - V21 0.0752 High B5 0.6667 - V22 0.7500 Medium B6 0.6442 - V23 0.2500 Medium B7 0.0852 - V24 0.2598 High B8 0.2706 -

V25 0.5195 High Level Variabel Bobot Security Value 4 V1 0.0808 Very High V26 0.0808 High V27 0.1399 Medium V2 0.2880 Very High

V3 0.1539 Very High

V4 0.4773 Very High

Table 4. Output Combination Matriks With Dempster - Shafer

m(VL, m(L, Combination m(VL) m(L) m(M) m(H) m(VH) L) M) m(M, H) m(H, VH) B1=V1+V2+V3+V4 0 0 0 0 0.2500 0 0 0 0.7500 B2=V5+V6+V7+V8 0 0 0 0.1779 0.0721 0 0 0.2861 0.4639 B3=V9+V10+V11+V12+ 0.0098 0 0.0150 0.0797 0.0954 0.1902 0.0925 V13 0.2526 0.2647 0.23 B4=V14+V15+V16 0 0 0.0990 0 0.2162 0.2162 43 0.1172 0.1172 0.37 B5=V17+V18 0 0.1250 0 0 0.0625 0.2500 50 0.1875 0 B6=V19+V20+V21 0 0 0.0610 0.2723 0 0 0.1362 0.3333 0.1972 B7=V22+V23 0 0 0.5000 0 0 0 0.2500 0.2500 0 B8=V24+V25+V26+V27 0 0 0.0350 0.2150 0 0 0.1075 0.3750 0.2675 M - 299

International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014)

process of assessment and the security rank of E- Table 5. Security safety ratings Commerce web site. • There needs to be an agency that handles security issues Situs Web Security Level of E-Commerce in Indonesia towards the E-Commerce website safe. berniaga.com 2 blibli.com 3 gramedia.com 4 REFERENCES tokobagus.com 5 tokopedia.com 1 1 .Chu, T. C., dan Lin, Y. C., 2002, Improved extensions of the TOPSIS for group decisionmaking

under fuzzy environment, Journal of Tokopedia.com get first rank due tokopedia.com meet Information and Optimization Sciences 23, the completeness of the safety factors of E-Commerce. 273-286. Completeness of safety factors of E-Commerce consists 2 .Buyukozkan, G., dan Cifci, G., 2012, A combined of 27 factors that must be fulfilled by each E-Commerce fuzzy AHP and fuzzy TOPSIS based web site in order to get the best rating and ranking. E- strategic analysis of electronic service Commerce Security does not rely on a famous or not quality in healthcare industry, Expert Systems with Applications 39, 2341-2354. famous E Commerce website. While the general public is 3. Dempster, A. P., 1967, Upper and lower more familiar than tokopedia.com tokobagus.com. induced by a multi-valued mapping, Annals however tokopedia.com website ranking higher than of Mathematics and 38, 325-339. tokobagus.com. This is due to the fulfillment of 4. Deng, Y., dan Chan, F. T. S., 2011, A new fuzzy all aspects of the completeness of the safety factors of E- dempster MCDM method and itsapplication Commerce at tokopedia.com than tokobagus.com. It can in supplier selection, Expert Systems with Applications 38, 9854- 9861. be shown on the factual conditions that tokobagus.com is 5. Deng, Y., Chan, F. T. S., Wu, Y., dan Wang, D., 2011, a portal for promotional purposes, while aspects of the A new linguistic MCDM method based on transaction is done outside the system, in this case the multiple-criterion data fusion, Expert individual who offers goods and prospective buyers Systems with Applications 38,6985-6993. using the media and other outside websites 6. Deng, Y., Su, X. Y., Wang, D., dan Li, Q., 2010, tokobagus.com. Meanwhile, tokopedia.com offers Target recognition based on fuzzy dempster transaction online on the web site so that the security data fusion method, Defence Science Journal 60, 525-530. Khokhar, R. H., aspects of the transaction have a higher value which 7. Bell, D. A., Guan, J. W., dan Wu, Q. W., 2006, Risk results raise a number of criteria assessment. assessmentof ecommerce projects using evidential reasoning, Proceedings of Fuzzy CONCLUSION Systems and Knowledge Discovery, vol. 4223, 621-630. Based on the completeness of the safety factors 8. Shafer, G., 1976, A Mathematical Theory of Evidence, of the E-Commerce web sites, this study offers a model Princeton: PrincetonUniversity Press. 9. Tak, S. W., dan Park, E. K., 2004, A software and method of assessment of E-Commerce security. framework for non-repudiation service E-Commerce website is safe because it has a complete based on adaptive secure methodology in safety factors of E-Commerce is comprised of 27 criteria. electronic commerce,Information Systems Recommendations Frontiers 6, 47-66. Need further research on the safety of E- 10. Tsou, C. S., 2008, Multi-objective inventory planning Commerce web site based on the user satisfaction level using MOPSO and TOPSIS, Expert of the E-Commerce web site. Systems with Applications 35, 136-142. 11. Wang, J., Liu, S. Y. dan Zhang, J., 2005, An • With the AHP method with Dempster-Shafer theory can of TOPSIS for fuzzyMCDM be used to build systems to assist decision-making based on theory, Journal of process based on the assessment criteria. Systems Science and Systems Engineering • Need further research using web programming 14, 73-84 languages in order to better facilitate the use of the 12. Wang, T. C., dan Lee, H. D., 2009, Developing a fuzzy TOPSIS approach based on subjective weights and objective weights, M - 300

International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014)

Expert Systems with Applications36, 8980- 8985. 14. Wang, Y. M., dan Elhag, T. M. S., 2006, Fuzzy TOPSIS method based on alpha level sets with an application to bridge risk assessment, Expert Systems with Applications 31, 309-319. 15. Yu, X., Guo, S., Guo, J., dan Huang, X., 2011, Rank B2C e-commerce websites ine alliance based on AHP and fuzzy TOPSIS, Expert Systems with Applications 38, 3550-3557. 16. Zhang, Y., Deng, X., Wei, D., dan Deng, Y., 2012, Assessment of E-Commerce security using AHP and evidential reasoning, Expert Systems with Applications 39, 3611 3623.

M - 301