Research on Information Systems Security Risk Assessment Based on Fuzzy Theory of Evidence

doi:10.3969/j.issn.1671-1122.2017.05.011

Abstract

Abstract:

Considering that there are many uncertainty factors in the process of information systems security risk assessment, such as lack of evaluation data, incomplete knowledge and system modeling, inadequate risk identification, method based on fuzzy theory of evidence was presented. Concepts of related risk assessment were introduced firstly, and calculation model for the information systems risk assessment was established after that. And then fuzzy sets were introduced into theory of evidence. The basic probability assignments which are core to theory of evidence were constructed using the membership function of fuzzy sets. When the fuzzy relations between risk indexes set and evaluation standard, the problem that the basic probability assignments were difficult to determine was solved. Moreover, the result is more reasonable. An illustration example dedicates that the method was feasible and effective, and provides reasonable data for constituting the risk control strategy of the information systems security.

Key words: DS theory of evidence, fuzzy sets, information systems, risk assessment

CLC Number:

TP393

Xiaoning DONG, Huarong ZHAO, Dianwei LI, Jiasheng WANG. Research on Information Systems Security Risk Assessment Based on Fuzzy Theory of Evidence[J]. Netinfo Security, 2017, 17(5): 69-73.

Figures/Tables 2

References 13

[1]	滕希龙,曲海鹏.基于区间值直觉模糊集相似性的信息安全风险评估方法研究 [J]. 信息网络安全,2015(5):62-68.
[2]	葛海慧, 郑世慧, 陈天平, 等. 信息安全威胁场景模糊风险评估方法[J]. 北京邮电大学学报,2013,36(6): 89-92.
[3]	吴叶科,宋如顺, 陈波. 基于梯形模糊AHP的信息安全风险综合评估[J]. 计算机工程与应用,2011,47(34):111-113.
[4]	SHAFER G.A Mathematical Theory of Evidence[M]. Princeton: Princeton University Press, 1976.
[5]	阮慧, 党德鹏. 基于RBF模糊神经网络的信息安全风险评估[J]. 计算机工程与设计,2011,32(6):2113-2115.
[6]	韩德强, 杨艺, 韩崇昭. DS证据理论研究进展及相关问题探讨[J]. 控制与决策, 2014,29(1):1-11.
[7]	高君丰,崔玉华,罗森林,等.信息系统可控性评价研究[J]. 信息网络安全,2015(8):67-75.
[8]	NABIPOUR M, RAZAZ M, SEIFOSSADAT S G, et al.A Novel Adaptive Fuzzy Membership Function Tuning Algorithm for Robust Control of A PV-based Dynamic Voltage Restorer (DVR)[J]. Engineering Applications of Artificial Intelligence, 2016, 53(C): 155-175.
[9]	束柬,梁昌勇. 基于DS理论的多源证据融合云安全信任模型[J]. 计算机科学,2016, 43(8):105-109.
[10]	LIN Guoping, LIANG Jiye, QIAN Yuhua.An Information Fusion Approach by Combining Multigranulation Rough Sets and Evidence Theory[J]. Information Sciences, 2015, 314(1): 184-199.
[11]	何明亮,陈泽茂,左进. 基于多窗口机制的聚类异常检测算法[J]. 信息网络安全,2016(11):33-39.
[12]	马刚, 杜宇鸽, 荣江, 等. 基于威胁传播的复杂信息系统安全风险评估[J]. 清华大学学报(自然科学版),2014,54(1):35-43.
[13]	文伟平,郭荣华,孟正,等. 信息安全风险评估关键技术研究与实现[J]. 信息网络安全,2015(2):7-14.