International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014) ASSESSMENT OF E-COMMERCE WEB SECURITY USING AHP - DEMSTER SHAFER THEORY Bambang Suhartono*, Joseph Teguh Santoso, Setiyo Prihatmoko STEKOM, Semarang *Email : [email protected] ABSTRACT As well as an increase in the volume, nature Ecommerce business to consumer (B2C) has grown since the beginning of the web. The earliest use commercial web sites as effectively as a "window shopping" electronic, with visitors able to see the products and services available, but can not buy directly. This site can now do, moving away. Than serves to improve the security requirements, because of personal and sensitive financial details are given on a regular basis when conducting a transaction. A number of security issues should be considered to improve the security of the entire E-Commerce, such as: security law (de Lamberterie, 2003), physical security (Furnell, 2004), security management (Tomlinson, 2000), and so on (Oosthuizen, 1999; Tsiakis & Stephanides , 2005). In addition, some security research website E Commerce focused on security solutions E-Commerce web site. Zuccato (2004, 2005) proposed an approach for obtaining security requirements and then develop a security management framework to improve the security of E-Commerce web site. Meanwhile, the adaptive security methodology has been proposed by Tak and Park, for support services without rejection in E-Commerce and E-Commerce transactions, with high quality security services (Tak and Park, 2004). Many factors determine the security of e-commerce web site that determine this problem is Multiple Criteria Decision-Making (MCDM) (Vincke, 1992). There are many approaches to classify MCDM methods. Belton and Stewart (2002) provides a classification: value measurement models such as Multi-Attribute Utility Theory (DEATH) and Analytical Hierarchy Process (AHP). Elimination and outranking models such as (Et) Choice Translating Reality (ELECTRE) and Preference Ranking Organization Method for Enrichment Evaluation (PROMETHEE). The basis of the theory above that the decision makers choose an alternative value is the maximum expected utility (Keeney & Raiffa, 1976). Fuzzy sets have the ability to present this problem and AHP is widely used to present the MCDM problems in real situations (Chan & Kumar, 2007). However, due to technological limitations of security and complexity of security issues, it is difficult to find security solutions Ecommerce website complete and absolute safety. Therefore, some qualitative and quantitative analysis and safety assessment of E-Commerce website is a must. Safety assessment of E-Commerce web site using AHP with the Dempster-Shafer theory is that the original title was taken from the literature and summarized in accordance with the fact that in the world of E-Commerce, we need a certain tool which is used in decision-making routine. Keywords: AHP, Dempster-Shafer, e-commerce, security and sensitive financial details are given on a regular basis INTRODUCTION when transaction. A number of security issues should be As well as an increase in volume, the nature of considered to improve the security of the entire E- e-commerce business to consumer (B2C) has grown Commerce, such as: security law (de Lamberterie, 2003), since the beginning of the web. The earliest use physical security (Furnell, 2004), security management commercial web sites as effectively as a "window (Tomlinson, 2000), and so forth (Oosthuizen, 1999; shopping" electronic, with visitors able to see the Tsiakis & Stephanides, 2005). In addition, some security products and services available, but can not buy directly. research website E-Commerce focused on security This site can now do, moving far beyond. Further work solutions E-Commerce web site. Zuccato (2004, 2005) to improve the security requirements, because of personal proposed an approach for obtaining security requirements M - 294 International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014) and then develop a security management framework to explaining complex aspects observed in the improve the security of e-commerce websites. implementation of services via the internet. Meanwhile, the adaptive security methodology has been Web Site E-Commerce in Indonesia has never done proposed by Tak and Park, for support services without research on security aspects. This study builds a penolakandalam E-Commerce and E-Commerce comprehensive model to solve problems in Ecommerce transactions, with high quality security services (Tak and security assessment using AHP with the Dempster-Shafer Park, 2004). theory. AHP with Dempster-Shafer theory, and fuzzy Many factors determine the safety of E- sets are combined for the safety assessment of E- Commerce web sites, this is a decisive problem of Commerce web sites, utilizing the Analytic Hierarchy Multiple Criteria Decision-Making (MCDM) (Vincke, Process (AHP) which is integrated with the Dempster- 1992). There are many approaches to classify MCDM Shafer theory of evidence (DS) used in the model to get a methods. Belton and Stewart (2002) provides a web site's security criteria weights E commerce to assist classification: value measurement models such as Multi- the safety assessment of E-Commerce web site, fuzzy Attribute Utility Theory (DEATH) and Analytical sets to describe the uncertainty with the values of HierarchyProcess (AHP). linguistic security E-commerce web site. Elimination and outranking models such as (Et) How to build a comprehensive model to solve problems Choice Translating Reality (ELECTRE) and Preference in the assessment of E-Commerce security using AHP Ranking Organization Method for Enrichment with the Dempster-Shafer theory. Evaluation (PROMETHEE) and finally, aspirations and Research on E-Commerce security, is not a new objectives level models such as Technique for Order thing anymore, some studies have mentioned the use of Preference by Similarity to Ideal Solutions (TOPSIS). AHP as a device that helps the analysis, including The basis of the theory above that the decision makers assessment of E-Commerce security using AHP and choose an alternative value is the maximum expected evidential reasoning (Zhang et al., 2012). About safety utility (Wang & Lee, 2009). TOPSIS often dikritikkarena assessment of E-Commerce web site using AHP and inability to deal with issues that are unclear and Dempster Shafer. Fuzzy set theory and the concept of uncertain. However, fuzzy sets have the ability to present entropy weights applied to the integration of evaluation this problem and AHP is widely used to present the into the decision-making process (Wang et al., 2009). MCDM problems in real situations (Chan & Kumar, About formulate evaluation software outsourcing 2007). company as a MCDM models, and then present an However, due to technological limitations of effective approach by modifying TOPSIS to solve the security and complexity of security issues, it is difficult problem. to find a website security solution E-Commerce Unlike the previous application, this study will yanglengkap and absolutely safe. Therefore, some conduct an assessment of input variables is a safety qualitative and quantitative analysis and safety factor of E-Commerce web site using AHP for weighting assessment of E-Commerce web site becomes expert assessment of the Dempster-Shafer theory and in imperative. Safety assessment of E-Commerce web site the assessment of each web site which carried a using AHP with the Dempster-Shafer theory is that the combination of variables AHP results, to obtain security original title was taken from the literature and information E-Commerce website. summarized in accordance with the fact that in the world The model provides a tool for practitioners and of E-Commerce, we need a certain tool which is used in E-Commerce has shown its potential in the security decision-making routine. assessment. Although the process of assessing and ranking variables may be influenced by contingent Research on E-Commerce security, is not a new thing variables in various situations, this model can be easily anymore, some studies have mentioned the use of AHP adapted to these variables for the purposes of assessment as a device that helps analysis (Zhang et al., 2012). of E-Commerce security. This model is very potential in About safety assessment of E-Commerce web site. addressing the problem of decision-making, such as the Completeness and fairness of the e-service quality assessment of E-Commerce security. measurement by applying AHP to obtain the weight of the criteria and the TOPSIS ranking (Buyukozkan et al., Analytical Hierarchy Process (AHP) 2012). On the application of e-services framework in Analytical Hierarchy Process developed by Saaty (1980) is a powerful tool to deal with quantitative M - 295 International Conference on Mathematics, Science, and Education 2014 (ICMSE 2014) and qualitative factors in a multi-criteria decision-making the evaluation of sensor reliability in classification problems. With this method, a complicated problem can problems (Guo et al., 2006). Meanwhile, Khokhar and be converted into a regular hierarchy structure. AHP his friends, has been applying the theory in the decision- method has been widely used for multi-criteria decision- making system for risk assessment project E-Commerce making situations, such as: the selection of web sites (Khokhar et al., 2006). Furthermore, a method based on (Ngai, 2003), an evaluation tool (Ngai & Chan, 2005), DS theory introduced by