北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2008, Vol. 31 ›› Issue (2): 50-53.doi: 10.13190/jbupt.200802.50.094

• 论文 • 上一篇    下一篇

基于信息熵的信息安全风险分析模型

汤永利1,2, 徐国爱1, 钮心忻1, 杨义先1   

  1. 1. 北京邮电大学 网络与交换技术国家重点实验室信息安全中心,北京100876;
    2. 河南理工大学 计算机科学与技术学院,焦作 410003
  • 收稿日期:2007-11-21 修回日期:1900-01-01 出版日期:2008-04-28 发布日期:2008-04-28
  • 通讯作者: 汤永利

Research on Information Security Risk Analysis Model Using Information Entropy

TANG Yong-li1,2, XU Guo-ai1, NIU Xin-xin1, YANG Yi-xian1   

  1. 1. Information Security Center, State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. College of Computer Science and Technology,Henan Polytechnic University,Jiaozuo 410003,China
  • Received:2007-11-21 Revised:1900-01-01 Online:2008-04-28 Published:2008-04-28
  • Contact: TANG Yong-li

摘要:

为解决信息系统风险分析过程中不确定信息难以量化分析的问题,用信息熵度量信息系统风险。引入信息熵风险分析算法, 采用定性分析与定量计算相结合,构建一种信息系统风险分析模型,并以实例分析与验证基于此模型的风险分析方法。仿真结果表明,该方法是一种有效的风险分析算法,较准确地反映了信息系统的风险状况,为信息系统风险分析提供了一种新的思路。

关键词: 信息安全, 风险分析, 熵权系数, 故障树分析

Abstract:

According to the characteristic of uncertainty information in the information system risk analysis process, and information system risk measure using entropy theory, a risk analysis algorithm using entropy-weight coefficient is presented. When combining qualitative analysis and quantitative calculation, a model of information system risk analysis is constructed. Finally, an instance of the risk analysis approach based on the model is analyzed and validated, which demonstrates the rationality and feasibility of the model. So it provides a new method for information system risk analysis.

Key words: information security, risk analysis, entropy-weight coefficient, fault tree analysis

中图分类号: