Information Security Risk Assessment Mechanism Research Based on Power System

doi:10.3969/j.issn.1671-1122.2017.04.012

Abstract

Abstract:

This paper is dedicated to design a brand new information security risk assessment model, aka AF-RA model, based on AHP analysis algorithm utilized in risk assessment system and methods from fussy mathematics under the specific application condition of electricity power system, to address the problems of relatively low accuracy, low efficiency and inadequate optimization of information risk assessment mechanism in classical electricity power system. This model will be explained and analyzed in depth in this paper. In this model, the probability of the system vulnerabilities being exploited is estimated through a hierarchical structure of vulnerabilities assessment subsystem, and then a threatening level mark is given from the expertise. The security value of primal points is calculated according to risk level of the asset, threatening and vulnerability and the overall risk of the subject under assessment can be concluded based on this calculation result and synthesized risk parameters. At the output side of this model, security measures to eliminate the vulnerability of correlated systems can be arranged according to the security risk level concluded and the measures is prioritized by the significance of the total data information and core asset security, in accordance of the specific characteristics of electricity power system security.

Key words: risk assessment, power system, AHP, fuzzy math, AF-RA

CLC Number:

TP391

Zhiqiang LIANG, Dansheng LIN. Information Security Risk Assessment Mechanism Research Based on Power System[J]. Netinfo Security, 2017, 17(4): 86-90.

Figures/Tables 5

References 10

[1]	滕希龙,曲海鹏. 基于区间值直觉模糊集相似性的信息安全风险评估方法研究[J].信息网络安全,2015(5):62-68.
[2]	许诚,张玉清,雷震甲. 企业信息安全风险的自评估及其流程设计[J]. 计算机应用研究,2005,22(7):108-110,118.
[3]	刘福生. 基于AHP的信息安全风险评估系统研究与设计[D]. 天津:南开大学,2006.
[4]	申时凯,佘玉梅. 模糊神经网络在信息安全风险评估中的应用[J]. 计算机仿真,2011,28(10):91-94.
[5]	李涛,张驰. 基于信息安全等保标准的网络安全风险模型研究[J].信息网络安全,2016(9):177-183.
[6]	罗佳,杨世平. 基于熵权系数法的信息安全模糊风险评估[J]. 计算机技术与发展,2009,19(6):599-602.
[7]	KIM J, HSU W C, YEW P C.COBRA: An Adaptive Runtime Binary Optimization Framework for Multithreaded Applications[J]. IEEE Computer Society. 2007, 40(9): 25-25.
[8]	陈亮. 信息系统安全风险评估模型研究[J].中国人民公安大学学报:自然科学版,2007(4):51-52.
[9]	赵冬梅,刘海峰,刘晨光. 基于BP神经网络的信息安全风险评估[J]. 计算机工程与应用,2007,43(1):139-141.
[10]	赵呈亮,李爱平,江荣. 基于TOPSIS-GRA集成评估法的DDoS攻击效果评估技术研究[J].信息网络安全,2016(10):40-46.

[1]	Yonglei LIU, Zhigang JIN, KUN HAO, Weilong ZHANG. Risk Assessment of Mobile Payment System Based on STRIDE and Fuzzy Comprehensive Evaluation [J]. Netinfo Security, 2020, 20(2): 49-56.
[2]	WANG Qing, TU Chenyang, SHEN Jiahui. Design and Application of General Framework for Side Channel Attack [J]. 信息网络安全, 2017, 17(5): 57-62.
[3]	DONG Xiaoning, ZHAO Huarong, LI Dianwei, WANG Jiasheng. Research on Information Systems Security Risk Assessment Based on Fuzzy Theory of Evidence [J]. 信息网络安全, 2017, 17(5): 69-73.
[4]	Qi SU, Wei WANG, Yin LIU, Zhanpeng YU. Research on the Scheme of Information Security Protection in Electric Power Industry [J]. Netinfo Security, 2017, 17(11): 84-88.
[5]	LI Tao, ZHANG Chi. Research on Network Security Risk Model Based on the Information Security Level Protection Standards [J]. 信息网络安全, 2016, 16(9): 177-183.
[6]	TENG Xi-long, QU Hai-peng. Research on Information Security Risk Assessment Method Based on Similarity of Interval-valued Intuitionistic Fuzzy Sets [J]. 信息网络安全, 2015, 15(5): 62-68.
[7]	ZHANG Hai-chuan, ZHAO Ze-mao, TIAN Yu-jie. An Optimization Selection Research Based on Personalized Space Anonymous Algorithm [J]. 信息网络安全, 2015, 15(3): 23-27.
[8]	WEN Wei-ping, GUO Rong-hua, MENG Zheng, BAI Xiao. Research and Implementation on Information Security Risk Assessment Key Technology [J]. 信息网络安全, 2015, 15(2): 7-8.
[9]	HE Peng-cheng, FANG Yong. A Risk Assessment Model of Intrusion Detection for Web Applications Based on Web Server Logs and Website Parameters [J]. 信息网络安全, 2015, 15(1): 61-65.
[10]	WANG Xing-he, YU Yang, XIA Chun-he. Network Collaborative Defense Oriented Dynamic Risk Assessment System [J]. 信息网络安全, 2014, 14(9): 39-43.
[11]	ZHANG Heng, LU Kai. Building Security Check and Risk Assessment Index System on Cloud Computing Environment [J]. 信息网络安全, 2014, 14(9): 115-119.
[12]	. Approach of Information Security Assessment for Railway Internet Ticketing System based on BP Model of Artificial Neural Network [J]. , 2014, 14(7): 81-.
[13]	. Classified Information System Security Risk Assessment based on Hierarchical Analysis [J]. , 2014, 14(3): 80-.
[14]	. AHP Based Information System Security Evaluation Method [J]. , 2011, 11(9): 0-0.