Fuzzy risk assessment of information security threat scenario

被引：0

作者：

Ge, Hai-Hui ^{[1
]}

Zheng, Shi-Hui ^{[1
]}

Chen, Tian-Ping ^{[2
]}

Yang, Yi-Xian ^{[1
]}

机构：

[1] Information Security Center, Beijing University of Posts and Telecommunications

[2] School of Information and Navigation, Air Force Engineering University

来源：

Beijing Youdian Daxue Xuebao/Journal of Beijing University of Posts and Telecommunications | 2013年 / 36卷 / 06期

关键词：

Analytic hierarchy process; Information security; Membership matrix; Risk assessment; Threat scenario;

D O I：

10.13190/j.jbupt.2013.06.019

中图分类号：

学科分类号：

摘要：

A risk assessment approach for threat scenario (TS) was proposed. Firstly, hierarchical index system of venture evaluation was constructed for TS, and a new index called uncontrollability was proposed to describe the uncontrollability of relationship between safety measures and risk formation, meanwhile, integrality of index system was enhanced. Secondly, membership function of indicators based on Gaussian function was defined, thereafter, an improved fuzzy comprehensive evaluation model based on membership matrix constructor method was given to reduce the influence of subjective factors. Finally, a combining method of fuzzy algorithm above and analytic hierarchy process were adopted to calculate the degree of risk quantitatively. The case study shows that this method is beneficial to risk size sort.

引用

页码：89 / 92+107

共 7 条

[1]

Ge H., Gu L., Yang Y., Et al., An attack graph based network security evaluation model for hierarchical network, Yixian Yang. Proceedings 2010 IEEE International Conference on Information Theory and Information Security, pp. 208-211, (2010)

[2]

Li K., Gu N., Bi K., Et al., Network security evaluation algorithm based on access level vector, The 9th International Conerence for Young Computer Scientists, pp. 1538-1544, (2008)

[3]

Zhang L., Yao Y., Peng J., Et al., Intelligent information security risk assessment based on a decision tree algorithm, Journal of Tsing hua University: Science and Technology, 51, 10, pp. 1236-1239, (2011)

[4]

Niu H., Shang Y., Research on risk assessment model of information security based on Particle swarm algorithm-RBF neural network, Circuits, Communications and System (PACCS), pp. 479-482, (2010)

[5]

Qu Z., Application of comprehensive fuzzy evaluation in enterprise network security, Power Electronics and Intelligent Transportation System (PEITS), pp. 54-57, (2009)

[6]

Lu Z., Zhou B., Hierarchical risk assessment based on shapley entropies and choquet integrals, Journal of Beijing University of Posts and Telecommunications, 32, 6, pp. 83-87, (2009)

[7]

Zhao D., Ma J., Wang Y., Model of fuzzy risk assessment of the information system, Journal on Communications, 28, 4, pp. 51-64, (2007)

← 1 →