北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2009, Vol. 32 ›› Issue (6): 83-87.doi: 10.13190/jbupt.200906.83.lüzhb

• 论文 • 上一篇    下一篇

基于Shapley熵和Choquet积分的层次化风险评估

吕镇邦;周 波   

  1. (1.中国航空计算技术研究所, 西安 710068; 2.西安电子科技大学 计算机学院, 西安 710071)
  • 收稿日期:2008-12-15 修回日期:2009-07-31 出版日期:2009-12-28 发布日期:2009-12-28
  • 通讯作者: 吕镇邦

Hierarchical Risk Assessment Based on Shapley Entropies and Choquet Integrals

LuZhenbang,ZHOU Bo   

  1. (1 Aeronautics Computing Technique Research Institute, Xi'an 710068, China;
    2 School of Computer Science and Technology, Xidian University, Xi'an 710071,
  • Received:2008-12-15 Revised:2009-07-31 Online:2009-12-28 Published:2009-12-28
  • Contact: Zhen-Bang LV

摘要:

针对评估要素关联关系的模糊性和复杂性以及属性关联性合成权重在实际评估中难以获得的特点,提出了基于Shapley熵和Choquet积分的层次化评估模型. 该模型通过引入多人合作对策中的Shapley值概念,基于最大Shapley熵原理,运用逐级Choquet积分融合的层次分析法解决了贫信息条件下网络系统风险综合评估问题. 某园区子网信息安全风险评估实例验证了该模型的有效性.

关键词: 信息安全, 风险评估, Shapley熵, Choquet积分, 层次分析法

Abstract:

The existing information security risk assessment approaches commonly ignore the relations among the assessment factors. To overcome the ambiguity and complexity of relations among the factors, and the difficulty of acquiring the correlative fusion weights of attributes in practice, a hierarchical risk assessment model based on Shapley entropies and Choquet integrals is proposed. By introducing the Shapley value concept of nperson cooperative game theory into the assessment model, this approach solves the information security risk assessment problem under poor information conditions by using the analytic hierarchy process with Choquet integrals from bottom to top, which is based on the maximum Shapley entropy principle. The effectiveness of the proposed approach is illustrated via an actual information security risk assessment for four subnets of the intranet in a community.

Key words: information security, risk assessment, Shapley entropy, Choquet integral, analytic hierarchy process