信息网络安全 ›› 2019, Vol. 19 ›› Issue (9): 11-15.doi: 10.3969/j.issn.1671-1122.2019.09.003

• • 上一篇    下一篇

基于证据距离理论的信息系统安全风险分析

令狐金花, 潘平, 杜瑶瑶   

  1. 贵州大学计算机科学与技术学院,贵州贵阳 550025
  • 收稿日期:2019-07-15 出版日期:2019-09-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:令狐金花(1995—),女,贵州,硕士研究生,主要研究方向为信息安全;潘平(1962—),男,贵州,教授,本科,主要研究方向为信息安全与信号处理;杜瑶瑶(1994—),女,贵州,硕士研究生,主要研究方向为信息安全。

  • 基金资助:
    贵州省高等学校教学内容和课程体系改革(重点)项目[SJJG201404];安顺学院航空电子电气与信息网络贵州省高校工程技术研究中心开放项目[HKDZ201406]

Information System Security Risk Analysis Based on Evidence Distance Theory

Jinhua LINGHU, Ping PAN, Yaoyao DU   

  1. School of Computer Science and Technology, Guizhou University, Guiyang Guizhou 550025, China
  • Received:2019-07-15 Online:2019-09-10 Published:2020-05-11

摘要:

针对信息安全风险评估过程中专家评价意见多样以及不确定信息难以量化处理的问题,文章提出一种基于证据距离理论的风险评估方法。首先,根据等级保护要求和现场检测数据,采用矩阵范数求解系统资产面临的脆弱性证据距离;其次,应用D-S证据理论合成规则求解威胁可能作用于系统资产的证据距离;最后,将脆弱性证据距离与威胁可能作用于系统资产的证据距离融合后的结果作为系统的风险值。实践证明,该方法能有效降低多源风险评估的主观性和随机性,使评估结果更为科学、合理,为信息安全风险评估提供了一条科学的有效途径。

关键词: 矩阵范数, D-S证据理论, 证据距离, 风险

Abstract:

Aiming at the diversity of expert evaluation opinions in the process of information security risk assessment and the difficulty in quantifying uncertain information, this paper proposes a risk assessment method based on evidence distance theory. Firstly, according to the level protection requirements and on-site inspection data, the matrix norm is used to solve the vulnerability evidence distance of the system assets. Secondly, the D-S evidence theory synthesis rules are applied to solve the evidence distance that threat may act on system assets. Finally, The result of the fusion of the vulnerability evidence distance and the evidence distance that threat may act on system asset is taken as the risk value of the system. Practice has proved that this method can effectively reduce the subjectivity and randomness of multi-source risk assessment, make the assessment results more scientific and reasonable, and provide a scientific and effective way for information security risk assessment.

Key words: matrix norm, D-S evidence theory, evidence distance, risk

中图分类号: