Research on Information Security Risk Assessment Method Based on Similarity of Interval-valued Intuitionistic Fuzzy Sets

doi:10.3969/j.issn.1671-1122.2015.05.010

Abstract

Abstract:

Risk assessment plays an important role in classified protection of information system. Through the risk assessment, threats and vulnerabilities can be clearly, level of risk and expected loss can be evaluated. System administrators can consolidate the problems which are found during the assessment to improve the security of the system. However the assessment result is greatly influenced by evaluator’s subjective factors in risk assessment progress. When assigning the safety of assets, it is difficult to give a precise number to describe the safety of assets. And evaluators give the safety assignments number based on their experience, knowledge and other factors, this number has certain subjectivity, but it can’t completely describe the evaluator’s subjective state of mind, so it influences the objective of assessment result. A risk assessment method is researched; it has some advantages in describing the evaluator’s subjective factors and reducing the influence caused by subjective factors in order to improve the objective of assessment result. The evaluator’s subjective states, such as certain, deny and hesitate, are described by interval-valued intuitionistic fuzzy sets. An interval-valued intuitionistic fuzzy similarity algorithm is proposed, and considering the national standard information security technology — baseline for classified protection of information system, the risk assessment method is proposed based above knowledge. The experimental result proves the effectively of this method, and it has a certain application value.

Key words: information security, risk assessment, information system, fuzzy system theory, interval-valued intuitionistic fuzzy sets

CLC Number:

TP309

Xi-long TENG, Hai-peng QU. Research on Information Security Risk Assessment Method Based on Similarity of Interval-valued Intuitionistic Fuzzy Sets[J]. Netinfo Security, 2015, 15(5): 62-68.

Figures/Tables 1

References 12

[1]	ZADEH L A.Fuzzy sets[J]. Information and Control, 1965, 8(3): 338-353.
[2]	ATANASSOV K.Intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 1986, 20(1): 87-96.
[3]	ATANASSOV K, GARGOV G.Interval-valued intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 1989, 31(3): 343-349.
[4]	GB/T 22239-2008. 信息安全技术信息系统安全等级保护基本要求[S]. 北京:标准出版社,2008.
[5]	Xu Z S.On similarity measures of interval-valued intuitionistic fuzzy sets and their application to pattern recognitions[J]. Journal of Southeast University (English Edition), 2007, 23(1): 139-143.
[6]	SINGH P.A New Method on Measure of Similarity between Interval-Valued Intuitionistic Fuzzy Sets for Pattern Recognition[J]. Applied & Computational Mathematics, 2012, OMICS Publishing Group.
[7]	LIANG X, WEI C P.An Atanassov's intuitionistic fuzzy multi-attribute group decision making method based on entropy and similarity measure[J]. International Journal of Machine Learning and Cybernetics, 2014, 5(3): 435-444.
[8]	SZMIDT E, KACPRZYK J.Distances between intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 2000, 114(3): 505-518.
[9]	SZMIDT E, KACPRZYK J.Entropy for intuitionistic fuzzy sets[J]. Fuzzy Sets and Systems, 2001, 118(3): 467-477.
[10]	SZMIDT E, KACPRZYK J, BUJNOWSKI P.How to measure the amount of knowledge conveyed by Atanassov’s intuitionistic fuzzy sets[J]. Information Sciences, 2014, (257): 276-285.
[11]	GB/T 28448-2012. 信息安全技术信息系统安全等级保护测评要求[S]. 北京:标准出版社,2012.
[12]	GB/T 28449-2012.信息安全技术信息系统安全等级保护测评过程指南[S]:北京:标准出版社,2012.

[1]	Yonglei LIU, Zhigang JIN, KUN HAO, Weilong ZHANG. Risk Assessment of Mobile Payment System Based on STRIDE and Fuzzy Comprehensive Evaluation [J]. Netinfo Security, 2020, 20(2): 49-56.
[2]	Guogang ZHENG. Implementation Methods and Technical Measures for Security Inspection of Important Information Systems [J]. Netinfo Security, 2019, 19(9): 16-20.
[3]	Yihua ZHOU, Zhuqing LV, Yuguang YANG, Weimin SHI. Data Deposit Management System Based on Blockchain Technology [J]. Netinfo Security, 2019, 19(8): 8-14.
[4]	Lin LI, Xuxia ZHANG. National Secret Substitution of zk-snark Bilinear Pair [J]. Netinfo Security, 2019, 19(10): 10-15.
[5]	Yan CHEN, Jianyong GE, Jing LAI, Zhen LU. Security System of the Information System in the Cloud [J]. Netinfo Security, 2018, 18(4): 79-86.
[6]	Congdong LV, Zhen HAN. A Security Model of Cloud Computing Based on IP Model [J]. Netinfo Security, 2018, 18(11): 27-32.
[7]	Baoyuan KANG, Jiaqiang WANG, Dongyang SHAO, Chunqing LI. A Secure Authentication and Key Agreement Protocol for Heterogeneous Ad Hoc Wireless Sensor Networks [J]. Netinfo Security, 2018, 18(1): 23-30.
[8]	Qing WANG, Chenyang TU, shenjiahui@iie.ac.cn. Design and Application of General Framework for Side Channel Attack [J]. Netinfo Security, 2017, 17(5): 57-62.
[9]	Xiaoning DONG, Huarong ZHAO, Dianwei LI, Jiasheng WANG. Research on Information Systems Security Risk Assessment Based on Fuzzy Theory of Evidence [J]. Netinfo Security, 2017, 17(5): 69-73.
[10]	Chunhua GU, Yuan GAO, Xiuxia TIAN. Security Optimized RBAC Access Control Model [J]. Netinfo Security, 2017, 17(5): 74-79.
[11]	Zhong LIANG, Jiakun ZHOU, Han ZHU, Bo CHEN. Research on Aggregation Technology for Information Security Knowledge Based on Security Ontology [J]. Netinfo Security, 2017, 17(4): 78-85.
[12]	Zhiqiang LIANG, Dansheng LIN. Information Security Risk Assessment Mechanism Research Based on Power System [J]. Netinfo Security, 2017, 17(4): 86-90.
[13]	Dianwei LI, Mingliang HE, Fang YUAN. Research on Insider Threat Detection Based on Role Behavior Pattern Mining [J]. Netinfo Security, 2017, 17(3): 27-32.
[14]	Jingzhe ZHOU, Changsong CHEN. Analysis of Network Information Security in the Cloud Computing Architecture [J]. Netinfo Security, 2017, 17(11): 74-79.
[15]	Qi SU, Wei WANG, Yin LIU, Zhanpeng YU. Research on the Scheme of Information Security Protection in Electric Power Industry [J]. Netinfo Security, 2017, 17(11): 84-88.