[1]高阳,罗军舟.基于灰色关联决策算法的信息安全风险评估方法[J].东南大学学报(自然科学版),2009,39(2):225-229.[doi:10.3969/j.issn.1001-0505.2009.02.008]
 Gao Yang,Luo Junzhou.Information security risk assessment based on grey relational decision-making algorithm[J].Journal of Southeast University (Natural Science Edition),2009,39(2):225-229.[doi:10.3969/j.issn.1001-0505.2009.02.008]
点击复制

基于灰色关联决策算法的信息安全风险评估方法()
分享到:

《东南大学学报(自然科学版)》[ISSN:1001-0505/CN:32-1178/N]

卷:
39
期数:
2009年第2期
页码:
225-229
栏目:
计算机科学与工程
出版日期:
2009-03-20

文章信息/Info

Title:
Information security risk assessment based on grey relational decision-making algorithm
作者:
高阳 罗军舟
东南大学计算机科学与工程学院,南京 210096
Author(s):
Gao Yang Luo Junzhou
School of Computer Science and Engineering,Southeast University,Nanjing 210096,China
关键词:
信息安全风险评估 灰色关联决策算法 不确定性
Keywords:
information security risk assessment grey relational decision-making algorithm uncertainty
分类号:
TP309
DOI:
10.3969/j.issn.1001-0505.2009.02.008
摘要:
针对信息安全风险评估中参数评估值的不确定性问题,提出了一种基于灰色关联决策算法的信息安全风险评估方法.该方法首先分析了参数评估值的不确定性,将其分为灰色参数值和缺失参数值两类.其中,根据实际情况和历史统计数据,缺失参数评估值可能满足3种分布: 均匀分布、指数分布和正态分布.然后根据相应的先验估计对缺失参数评估值进行填充.填充后使用灰色关联决策算法对信息系统进行安全风险评估.最后通过算例证明了该方法的有效性.结果表明:该方法不仅可以较好地处理评估过程中参数值的不确定性问题,减少评估过程中的主观性,还可以方便地对不同信息系统的安全性进行比较,为信息安全风险评估给出了一种新的思路.
Abstract:
An approach based on grey system theory is put forward to evaluate information system security for solving uncertainty in parameter values.Firstly,uncertainty in parameter values is analyzed and classified to grey parameter values and vacant parameter ones.According to the actual condition and history statistical data,the vacant parameter values may meet three kinds of distributions: uniform distribution,exponential distribution,and normal distribution.The corresponding prior estimates are given to fill them up.Then,the algorithm of grey relational decision-making is applied to estimate information security risk.The study of an example proves the validity of this method.And the results show that the approach can properly deal with uncertainty in parameter values,decrease the subjectivity in evaluation process,and easily rank each information system by security level.It brings a new thought to information security risk assessment approaches.

参考文献/References:

[1] 冯登国,张阳,张玉清.信息安全风险评估综述 [J].通信学报,2004,25(7):10-18.
  Feng Dengguo,Zhang Yang,Zhang Yuqing.Survey of information security risk assessment [J].Journal of China Institute of Communications,2004,25(7):10-18.(in Chinese)
[2] Satty T L.The analytic hierarchy process [M].New York:Mc Graw-Hill,1980.
[3] Son H,Seong P.A software safety evaluation method based on fuzzy colored petri nets [C] //Proc of International Conference on Fuzzy Systems.Seoul,Korea,1999,2:830-834.
[4] Tah J H M,Carr V.A proposal for construction project risk assessment using fuzzy logic [J]. Construction Management and Economics,2000,18(44):491-500.
[5] Chen S J,Chen S M.Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers [J].IEEE Transactions on Fuzzy Systems,2003,11(5):45-55.
[6] Zhao D M,Wang J H,Wu J,et al.Using fuzzy logic and entropy theory to risk assessment of the information security [C] //Proc of the Fourth International Conference on Machine Learning and Cybernetics.Guangzhou,China,2005:2448-2453.
[7] Zhao D M,Wang J H,Ma J F.Fuzzy risk assessment of the network security [C] //Proc of the Fifth International Conference on Machine Learning and Cybernetics.Dalian,China,2006:4400-4405.
[8] Wang P,Chao K M,Huang C L,et al.A fuzzy decision model of risk assessment through fuzzy preference relations with users’ confidence-interval [C] //Proc of the 20th International Conference on Advanced Information Networking and Applications.Vienna,Austria,2006,2:889-893.
[9] 邓聚龙.灰色系统基本方法[M].2版.武汉:华中科技大学出版社,2005:4-13.
[10] Zhang L,Xiang D Q.Grey evaluation model and algorithm of security effectiveness of military information system [J].Journal of Air Force Engineering University:Natural Science Edition,2007,8(1):77-80.
[11] Duan J L,Zhang Q S,Liu W J.The model of information system’s risk assessment based on analytic hierarchy process and grey theory [J]. Journal of Guangdong University of Technology,2006,23(4):12-16.
[12] 何大义,邱菀华.运用熵极大化准则求解连续型不确定性决策问题 [J].系统工程理论与实践,2002,22(9):97-100.
  He Dayi,Qiu Wanhua.Solving continuous stochastic decision-making problem under uncertainty by the maximum entropy formulism [J].Systems Engineering-Theory & Practice,2002,22(9):97-100.(in Chinese)
[13] 罗党.灰色决策问题分析方法 [M].河南:黄河水利出版社,2005:21,57-89.

备注/Memo

备注/Memo:
作者简介: 高阳(1981—),男,博士生; 罗军舟(联系人),男,博士,教授,博士生导师,jluo@seu.edu.cn.
基金项目: 江苏省自然科学基金资助项目(BK2007708)、江苏省网络与信息安全重点实验室资助项目(BM2003201)、计算机网络和信息集成教育部重点实验室资助项目(93K-9)、科技部国际科技合作资助项目.
引文格式: 高阳,罗军舟.基于灰色关联决策算法的信息安全风险评估方法[J].东南大学学报:自然科学版,2009,39(2):225-229.
更新日期/Last Update: 2009-03-20