基于区间值直觉模糊集相似性的信息安全风险评估方法研究

doi:10.3969/j.issn.1671-1122.2015.05.010

信息网络安全 ›› 2015, Vol. 15 ›› Issue (5): 62-68.doi: 10.3969/j.issn.1671-1122.2015.05.010

基于区间值直觉模糊集相似性的信息安全风险评估方法研究

滕希龙, 曲海鹏()

中国海洋大学信息科学与工程学院,山东青岛 266100

收稿日期:2015-04-01 出版日期:2015-05-10 发布日期:2018-07-16
作者简介:
作者简介：滕希龙（1990-）,男,山东,硕士研究生,主要研究方向：风险评估;曲海鹏（1972-）,男,山东,副教授,博士,主要研究方向：信息安全测评、网络攻防技术、无线传感器网络、工业控制安全。
基金资助:
国家自然科学基金[61379127]

Research on Information Security Risk Assessment Method Based on Similarity of Interval-valued Intuitionistic Fuzzy Sets

Xi-long TENG, Hai-peng QU()

College of Information Science and Engineering, Ocean University of China, Qingdao Shandong 266100, China

Received:2015-04-01 Online:2015-05-10 Published:2018-07-16

摘要/Abstract

摘要：

风险评估在信息系统等级保护中发挥重要作用,通过风险评估可明确系统威胁与脆弱性,得出风险等级、预计损失等评估结果,系统管理员可加固整改评估中发现的问题,从而提高系统的安全性。然而评估过程中,评估者主观因素对评估结果影响较大,当对资产进行安全性赋值时,较难给出精确的数值描述资产的安全性。评估者给出的安全性赋值大多为依据自身经验、知识背景等多种因素得出的估计值,该值有一定主观性,其不能完整描述评估者在赋值时的主观心理状态,因此其影响评估结果的客观性。文章研究了一种风险评估方法,该方法在描绘评估者主观因素时有较大优势,从而降低主观因素对评估结果产生的影响,提高评估结果的客观性。利用区间值直觉模糊集描述评估者在安全性赋值时确定、否定、犹豫等与决策相关的主观心理状态,提出一种区间值直觉模糊集相似性算法,参考国标《信息系统安全等级保护基本要求》中规定的防护要求,在此基础上得到风险评估方法。实验结果证明了该方法的有效性,具备一定的应用价值。

关键词: 信息安全, 风险评估, 信息系统, 模糊系统理论, 区间值直觉模糊集

Abstract:

Risk assessment plays an important role in classified protection of information system. Through the risk assessment, threats and vulnerabilities can be clearly, level of risk and expected loss can be evaluated. System administrators can consolidate the problems which are found during the assessment to improve the security of the system. However the assessment result is greatly influenced by evaluator’s subjective factors in risk assessment progress. When assigning the safety of assets, it is difficult to give a precise number to describe the safety of assets. And evaluators give the safety assignments number based on their experience, knowledge and other factors, this number has certain subjectivity, but it can’t completely describe the evaluator’s subjective state of mind, so it influences the objective of assessment result. A risk assessment method is researched; it has some advantages in describing the evaluator’s subjective factors and reducing the influence caused by subjective factors in order to improve the objective of assessment result. The evaluator’s subjective states, such as certain, deny and hesitate, are described by interval-valued intuitionistic fuzzy sets. An interval-valued intuitionistic fuzzy similarity algorithm is proposed, and considering the national standard information security technology — baseline for classified protection of information system, the risk assessment method is proposed based above knowledge. The experimental result proves the effectively of this method, and it has a certain application value.

Key words: information security, risk assessment, information system, fuzzy system theory, interval-valued intuitionistic fuzzy sets

中图分类号:

TP309

滕希龙, 曲海鹏. 基于区间值直觉模糊集相似性的信息安全风险评估方法研究[J]. 信息网络安全, 2015, 15(5): 62-68.

Xi-long TENG, Hai-peng QU. Research on Information Security Risk Assessment Method Based on Similarity of Interval-valued Intuitionistic Fuzzy Sets[J]. Netinfo Security, 2015, 15(5): 62-68.

图/表 1

参考文献 12

[1]	ZADEH L A.Fuzzy sets[J]. Information and Control, 1965, 8(3): 338-353.
[2]	ATANASSOV K.Intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 1986, 20(1): 87-96.
[3]	ATANASSOV K, GARGOV G.Interval-valued intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 1989, 31(3): 343-349.
[4]	GB/T 22239-2008. 信息安全技术信息系统安全等级保护基本要求[S]. 北京:标准出版社,2008.
[5]	Xu Z S.On similarity measures of interval-valued intuitionistic fuzzy sets and their application to pattern recognitions[J]. Journal of Southeast University (English Edition), 2007, 23(1): 139-143.
[6]	SINGH P.A New Method on Measure of Similarity between Interval-Valued Intuitionistic Fuzzy Sets for Pattern Recognition[J]. Applied & Computational Mathematics, 2012, OMICS Publishing Group.
[7]	LIANG X, WEI C P.An Atanassov's intuitionistic fuzzy multi-attribute group decision making method based on entropy and similarity measure[J]. International Journal of Machine Learning and Cybernetics, 2014, 5(3): 435-444.
[8]	SZMIDT E, KACPRZYK J.Distances between intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 2000, 114(3): 505-518.
[9]	SZMIDT E, KACPRZYK J.Entropy for intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 2001, 118(3): 467-477.
[10]	SZMIDT E, KACPRZYK J, BUJNOWSKI P.How to measure the amount of knowledge conveyed by Atanassov’s intuitionistic fuzzy sets[J]. Information Sciences, 2014, (257): 276-285.
[11]	GB/T 28448-2012. 信息安全技术信息系统安全等级保护测评要求[S]. 北京:标准出版社,2012.
[12]	GB/T 28449-2012.信息安全技术信息系统安全等级保护测评过程指南[S]:北京:标准出版社,2012.

[1]	刘永磊, 金志刚, 郝琨, 张伟龙. 基于STRIDE和模糊综合评价法的移动支付系统风险评估[J]. 信息网络安全, 2020, 20(2): 49-56.
[2]	郑国刚. 重要信息系统安全检查实施方法与技术措施[J]. 信息网络安全, 2019, 19(9): 16-20.
[3]	周艺华, 吕竹青, 杨宇光, 侍伟敏. 基于区块链技术的数据存证管理系统[J]. 信息网络安全, 2019, 19(8): 8-14.
[4]	黎琳, 张旭霞. zk-snark的双线性对的国密化方案[J]. 信息网络安全, 2019, 19(10): 10-15.
[5]	李月, 姜玮, 季佳华, 段德忠. 一种基于虚拟化平台的安全外包技术研究[J]. 信息网络安全, 2018, 18(5): 82-88.
[6]	李月, 姜玮, 季佳华, 段德忠. 一种基于虚拟化平台的安全外包技术研究[J]. 信息网络安全, 2018, 18(5): 82-88.
[7]	陈妍, 戈建勇, 赖静, 陆臻. 云上信息系统安全体系研究[J]. 信息网络安全, 2018, 18(4): 79-86.
[8]	吕从东, 韩臻. 基于IP模型的云计算安全模型[J]. 信息网络安全, 2018, 18(11): 27-32.
[9]	亢保元, 王佳强, 邵栋阳, 李春青. 一种适用于异构Ad Hoc无线传感器网络的身份认证与密钥共识协议[J]. 信息网络安全, 2018, 18(1): 23-30.
[10]	王庆, 屠晨阳, shenjiahui@iie.ac.cn. 侧信道攻击通用框架设计及应用[J]. 信息网络安全, 2017, 17(5): 57-62.
[11]	董晓宁, 赵华容, 李殿伟, 王甲生. 基于模糊证据理论的信息系统安全风险评估研究[J]. 信息网络安全, 2017, 17(5): 69-73.
[12]	顾春华, 高远, 田秀霞. 安全性优化的RBAC访问控制模型[J]. 信息网络安全, 2017, 17(5): 74-79.
[13]	黄强, 王高剑, 米文智, 汪伦伟. 集中统一的可信计算平台管理模型研究及其应用[J]. 信息网络安全, 2017, 17(4): 9-14.
[14]	梁中, 周嘉坤, 朱汉, 陈波. 基于安全本体的信息安全知识聚合技术研究[J]. 信息网络安全, 2017, 17(4): 78-85.
[15]	梁智强, 林丹生. 基于电力系统的信息安全风险评估机制研究[J]. 信息网络安全, 2017, 17(4): 86-90.

基于区间值直觉模糊集相似性的信息安全风险评估方法研究

Research on Information Security Risk Assessment Method Based on Similarity of Interval-valued Intuitionistic Fuzzy Sets

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 1

参考文献 12

相关文章 15

编辑推荐

Metrics

本文评价