Research on Information Security Risk Assessment Method Based on Similarity of Interval-valued Intuitionistic Fuzzy Sets

doi:10.3969/j.issn.1671-1122.2015.05.010

Abstract

Abstract:

Risk assessment plays an important role in classified protection of information system. Through the risk assessment, threats and vulnerabilities can be clearly, level of risk and expected loss can be evaluated. System administrators can consolidate the problems which are found during the assessment to improve the security of the system. However the assessment result is greatly influenced by evaluator’s subjective factors in risk assessment progress. When assigning the safety of assets, it is difficult to give a precise number to describe the safety of assets. And evaluators give the safety assignments number based on their experience, knowledge and other factors, this number has certain subjectivity, but it can’t completely describe the evaluator’s subjective state of mind, so it influences the objective of assessment result. A risk assessment method is researched; it has some advantages in describing the evaluator’s subjective factors and reducing the influence caused by subjective factors in order to improve the objective of assessment result. The evaluator’s subjective states, such as certain, deny and hesitate, are described by interval-valued intuitionistic fuzzy sets. An interval-valued intuitionistic fuzzy similarity algorithm is proposed, and considering the national standard information security technology — baseline for classified protection of information system, the risk assessment method is proposed based above knowledge. The experimental result proves the effectively of this method, and it has a certain application value.

Key words: information security, risk assessment, information system, fuzzy system theory, interval-valued intuitionistic fuzzy sets

CLC Number:

TP309

TENG Xi-long, QU Hai-peng. Research on Information Security Risk Assessment Method Based on Similarity of Interval-valued Intuitionistic Fuzzy Sets[J]. Netinfo Security, 2015, 15(5): 62-68.

Figures/Tables 1

References 12

[1]	ZADEH L A.Fuzzy sets[J]. Information and Control, 1965, 8(3): 338-353.
[2]	ATANASSOV K.Intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 1986, 20(1): 87-96.
[3]	ATANASSOV K, GARGOV G.Interval-valued intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 1989, 31(3): 343-349.
[4]	GB/T 22239-2008. 信息安全技术信息系统安全等级保护基本要求[S]. 北京:标准出版社,2008.
[5]	Xu Z S.On similarity measures of interval-valued intuitionistic fuzzy sets and their application to pattern recognitions[J]. Journal of Southeast University (English Edition), 2007, 23(1): 139-143.
[6]	SINGH P.A New Method on Measure of Similarity between Interval-Valued Intuitionistic Fuzzy Sets for Pattern Recognition[J]. Applied & Computational Mathematics, 2012, OMICS Publishing Group.
[7]	LIANG X, WEI C P.An Atanassov's intuitionistic fuzzy multi-attribute group decision making method based on entropy and similarity measure[J]. International Journal of Machine Learning and Cybernetics, 2014, 5(3): 435-444.
[8]	SZMIDT E, KACPRZYK J.Distances between intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 2000, 114(3): 505-518.
[9]	SZMIDT E, KACPRZYK J.Entropy for intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 2001, 118(3): 467-477.
[10]	SZMIDT E, KACPRZYK J, BUJNOWSKI P.How to measure the amount of knowledge conveyed by Atanassov’s intuitionistic fuzzy sets[J]. Information Sciences, 2014, (257): 276-285.
[11]	GB/T 28448-2012. 信息安全技术信息系统安全等级保护测评要求[S]. 北京:标准出版社,2012.
[12]	GB/T 28449-2012.信息安全技术信息系统安全等级保护测评过程指南[S]:北京:标准出版社,2012.

[1]	WANG Wei, HU Yongtao, LIU Qingtao, WANG Kailun. Research on Softwaization Techniques for ERT Trusted Root Entity in Railway Operation Environment [J]. Netinfo Security, 2024, 24(5): 794-801.
[2]	YAN Hailong, WANG Shulan. Design and Implementation of Integrated Service Platform for Real Estate Registration Based on Domestic Cryptographic Technology [J]. Netinfo Security, 2024, 24(2): 303-308.
[3]	WANG Junyan, YI Peng, JIA Hongyong, ZHANG Jianhui. IoT Terminal Risk Assessment Model Based on Improved CAE [J]. Netinfo Security, 2024, 24(1): 150-159.
[4]	HU Yi, SHE Kun. Blockchain and Smart Contract Based Dual-Chain Internet of Vehicles System [J]. Netinfo Security, 2022, 22(8): 26-35.
[5]	YU Kechen, GUO Li, YIN Hongwei, YAN Xuesong. The High-Value Data Sharing Model Based on Blockchain and Game Theory for Data Centers [J]. Netinfo Security, 2022, 22(6): 73-85.
[6]	GU Zhaojun, YANG Rui, SUI He. System Attack Surface Modeling Method in Network [J]. Netinfo Security, 2022, 22(3): 29-38.
[7]	LI Li, LI Zequn, LI Xuemei, SHI Guozhen. FPGA Realization of Physical Unclonable Function Based on Cross-coupling Circuit [J]. Netinfo Security, 2022, 22(3): 53-61.
[8]	SONG Jing, DIAO Run, ZHOU Jie, QI Jianhuai. The Optimization Method of Industrial Control System Functional Safety and Information Security Policy [J]. Netinfo Security, 2022, 22(11): 68-76.
[9]	HUANG Bo, QIN Yuhai, LIU Yang, JI Duo. Research of Vulnerability Assessment and Risk Probability Base on General Attack Tree [J]. Netinfo Security, 2022, 22(10): 39-44.
[10]	MENG Xi. Study on Counter Intelligence Mechanism and Optimization Strategy for Network Information Security [J]. Netinfo Security, 2022, 22(10): 76-81.
[11]	HU Bowen, ZHOU Chunjie, LIU Lu. Coordination of Functional Safety and Information Security for Intelligent Instrument Based on Fuzzy Multi-objective Decision [J]. Netinfo Security, 2021, 21(7): 10-16.
[12]	ZHU Rongchen, LI Xin, LIN Xiaonuan. The Security Risk Analysis Method for Video Private Network Based on Bayesian Network [J]. Netinfo Security, 2021, 21(12): 91-101.
[13]	ZHAO Xiaolin, ZHAO Bin, ZHAO Jingjing, XUE Jingfeng. Research on Network Security Measurement Method Based on Attack Identification [J]. Netinfo Security, 2021, 21(11): 17-27.
[14]	YU Kechen, GUO Li, YAO Mengmeng. Design of Blockchain-based High-value Data Sharing System [J]. Netinfo Security, 2021, 21(11): 75-84.
[15]	ZHANG Minqing, ZHOU Neng, LIU Mengmeng, KE Yan. Research on Reversible Data Hiding Technology in Homomorphic Encrypted Domain [J]. Netinfo Security, 2020, 20(8): 25-36.