# [1]高阳,罗军舟.基于灰色关联决策算法的信息安全风险评估方法[J].东南大学学报(自然科学版),2009,39(2):225-229.[doi:10.3969/j.issn.1001-0505.2009.02.008] 　Gao Yang,Luo Junzhou.Information security risk assessment based on grey relational decision-making algorithm[J].Journal of Southeast University (Natural Science Edition),2009,39(2):225-229.[doi:10.3969/j.issn.1001-0505.2009.02.008] 点击复制 基于灰色关联决策算法的信息安全风险评估方法() 分享到： var jiathis_config = { data_track_clickback: true };

39

2009年第2期

225-229

2009-03-20

## 文章信息/Info

Title:
Information security risk assessment based on grey relational decision-making algorithm

Author(s):
School of Computer Science and Engineering,Southeast University,Nanjing 210096,China

Keywords:

TP309
DOI:
10.3969/j.issn.1001-0505.2009.02.008

Abstract:
An approach based on grey system theory is put forward to evaluate information system security for solving uncertainty in parameter values.Firstly,uncertainty in parameter values is analyzed and classified to grey parameter values and vacant parameter ones.According to the actual condition and history statistical data,the vacant parameter values may meet three kinds of distributions: uniform distribution,exponential distribution,and normal distribution.The corresponding prior estimates are given to fill them up.Then,the algorithm of grey relational decision-making is applied to estimate information security risk.The study of an example proves the validity of this method.And the results show that the approach can properly deal with uncertainty in parameter values,decrease the subjectivity in evaluation process,and easily rank each information system by security level.It brings a new thought to information security risk assessment approaches.

## 参考文献/References:

[1] 冯登国,张阳,张玉清.信息安全风险评估综述 [J].通信学报,2004,25(7):10-18.
Feng Dengguo,Zhang Yang,Zhang Yuqing.Survey of information security risk assessment [J].Journal of China Institute of Communications,2004,25(7):10-18.(in Chinese)
[2] Satty T L.The analytic hierarchy process [M].New York:Mc Graw-Hill,1980.
[3] Son H,Seong P.A software safety evaluation method based on fuzzy colored petri nets [C] //Proc of International Conference on Fuzzy Systems.Seoul,Korea,1999,2:830-834.
[4] Tah J H M,Carr V.A proposal for construction project risk assessment using fuzzy logic [J]. Construction Management and Economics,2000,18(44):491-500.
[5] Chen S J,Chen S M.Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers [J].IEEE Transactions on Fuzzy Systems,2003,11(5):45-55.
[6] Zhao D M,Wang J H,Wu J,et al.Using fuzzy logic and entropy theory to risk assessment of the information security [C] //Proc of the Fourth International Conference on Machine Learning and Cybernetics.Guangzhou,China,2005:2448-2453.
[7] Zhao D M,Wang J H,Ma J F.Fuzzy risk assessment of the network security [C] //Proc of the Fifth International Conference on Machine Learning and Cybernetics.Dalian,China,2006:4400-4405.
[8] Wang P,Chao K M,Huang C L,et al.A fuzzy decision model of risk assessment through fuzzy preference relations with users’ confidence-interval [C] //Proc of the 20th International Conference on Advanced Information Networking and Applications.Vienna,Austria,2006,2:889-893.
[9] 邓聚龙.灰色系统基本方法[M].2版.武汉:华中科技大学出版社,2005:4-13.
[10] Zhang L,Xiang D Q.Grey evaluation model and algorithm of security effectiveness of military information system [J].Journal of Air Force Engineering University:Natural Science Edition,2007,8(1):77-80.
[11] Duan J L,Zhang Q S,Liu W J.The model of information system’s risk assessment based on analytic hierarchy process and grey theory [J]. Journal of Guangdong University of Technology,2006,23(4):12-16.
[12] 何大义,邱菀华.运用熵极大化准则求解连续型不确定性决策问题 [J].系统工程理论与实践,2002,22(9):97-100.
He Dayi,Qiu Wanhua.Solving continuous stochastic decision-making problem under uncertainty by the maximum entropy formulism [J].Systems Engineering-Theory & Practice,2002,22(9):97-100.(in Chinese)
[13] 罗党.灰色决策问题分析方法 [M].河南:黄河水利出版社,2005:21,57-89.