Evaluation of E-Commerce Security using Shannon Entropy & Dempster-Shafer (DS) theory

Document Type: Research Paper


1 MSc., In Business Administration International Marketing, Department of Economics and Business Administration, Ferdowsi University of Mashhad (FUM), Iran

2 Assistant Prof., Faculty of Management Department, Ferdowsi University of Mashhad, Iran.


The purpose of this study is to develop a method and a structure which enable us to evaluate security in e-commerce in different companies by various experts. In this study, Shannon entropy was placed along with Dempster- Shafer theory so that the ultimate level of security could be measured. Considering the fact that in the present study collecting data is based on the decision of a team of experts, data collection procedures were conducted in two phases; in the first phase, data related to determining the weight of measures were collected and in the second phase, the data about the security level of criteria were collected through interview and using a decision team in four commercial companies in Mashhad who were willing to cooperate. Then, the importance of security measures in relation to each other, security level of each measure and the overall level of security in this commercial company were determined. The final results showed that the overall level of security for the three companies is high and one is medium.


Main Subjects

Aljifri, H. A., Pons, A. & Collins, D. (2003). Global e-commerce: a framework for understanding and overcoming the trust barrier. Information Management & Computer Security, 11(3): 130-138.

Ghasemi Shabankar, K., Mokhtari, V. & Amini Lari, M. (2008). Security & E-Commerce. Paper Presented at The 4th National Scientific Exhibition of E-Commerce. (in Persian)

Goel, S. & Chengalur-Smith, I. N. (2010). Metrics for characterizing the form of security policies. The Journal of Strategic Information Systems, 19(4): 281-295.

Goseva-Popstojanova, K., Anastasovski, G., Dimitrijevikj, A., Pantev, R. & Miller, B. (2014). Characterization and classification of malicious Web traffic. Computers & Security, 42: 92-115.

Huynh, V. N. (2009). Discounting and combination scheme in evidence theory for dealing with conflict in information fusion. In Modeling Decisions for ArtificialIntelligence (pp. 217-230): Springer Berlin Heidelberg.

Jafari, M. (2007). Cyber Space Security Foundations (First Ed.). Tehran: Oloum Paye press. (in Persian)

Jarupunphol, P. & Buathong, W. The Future of E-Commerce Security.

Keersebilck, P. & Vanhoucke, W. (2006). Smart Card (In-) Security. 8th International Conference on Development and Application Systems.

Khodadad Hosseini, H. & Fathi, S. (2003). Providing a method for prioritizing Iranian industries based on international reconstruction capability & e-commerce. Journal of Business Research, 25: 147-168. (in Persian)

Knapp, K. J., Morris R. F., Marshall, T. E. & Byrd, T. A. (2009). Information security policy: An organizational-level process model. Computers & Security, 28(7): 493-508.

Kraft, T. A. & Kakar, R. (2009). E-commerce security. In Proceedings of the Conference on Information Systems Applied Research, Washington DC, USA.

Liu, D. (2011). E-commerce system security assessment based on grey relational analysis comprehensive evaluation. International Journal of Digital Content Technology and its Applications, 5(10): 279-284.

Mahboub Eshratabadi, H., Mirkamali, M., Esmail Manap, SH. & Mehri, D. (2014). Study of The Barriers of Development of Information And Communication Technologies (ICTs) In Comprehensive Universities and their Solutions: The Case of University of Tehran. Journal of Information Technology Management, 5(4): 139-160. (in Persian)

Merete Hagen, J., Albrechtsen, E. & Hovden, J. (2008). Implementation and effectiveness of organizational information security measures. Information Management & Computer Security, 16(4): 377-397.

Monavarian, A., Manian, A., Movahedi, M. & Akbari, M. (2014). Evaluation of influential factors on development of e-commerce: case of Tehran SMEs. Journal of Information technology management, 6(1): 145-160. (in Persian)

Mousavi, P., Yousefizenouz, R. & Hassanpoor, A. (2015). Identifying organizational information security risks using fuzzy Delphi. Journal of information technology management, 7(1): 163-184. (in Persian)

Rial, A. (2013). Privacy-preserving e-commerce protocols. Doctoral dissertation, Doctoral Dissertation, KU Leuven University, Belgium. Retrieved from: https://www.cosic. esat. kuleuven. be/publications/thesis-220. pdf.

Sabaghkermani, M. & Esfidani, M. (2006). A Survey on the Impact of Competitive Factors on the Globalization & E-Commerce.

Sanayei, A. (2005). The E-Commerce in Third Millennium (Second Ed.). Isfahan: Jahad Daneshgahi. (in Persian)

Sengupta, A., Mazumdar, C. & Barik, M.S. (2005). E-Commerce security-A life cycle approach. Sadhana, 30(2-3): 119-140.

Sentz, K. & Ferson, S. (2002). Combination of evidence in Dempster-Shafer theory (Vol. 4015). Albuquerque, NM: Sandia National Laboratories.

Shahibi, M. S. & Fakeh, S. K. W. (2011). Security Factor and Trust in E-Commerce Transactions. Australian Journal of Basic and Applied Sciences, 5(12): 2028-2033.

Tajfar, A.H., Mahmoudi Maymand, M., Rezasoltani, F. & Rezasoltani, P. (2015). Ranking the barriers of implementing information security management system and investigation of readiness rate of exploration management. Journal of information technology management, 6(4): 551-566. (in Persian)

Tyukala, M., Pottas, D., Van De Haar, H. & Von Solms, R. (2006). The Organizational Information Security Profile-A Tool to Assist the Board. Retrieved from: http://icsa.cs.up.ac.za/issa/2006/Proceedings/Full/79_Paper. pdf.

Zhang, Y., Deng, X., Wei, D. & Deng, Y. (2012). Assessment of E-Commerce security using AHP and evidential reasoning. Expert Systems with Applications, 39(3): 3611-3623.

Zuccato, A. (2004). Holistic Security Requirement Engineering for Electronic Commerce. Computers & Security, 23(1): 63-76.

Zuccato, A. (2007). Holistic security management framework applied in electronic commerce. Computers & Security, 26(3): 256-265.