北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2013, Vol. 36 ›› Issue (6): 89-92,107.doi: 10.13190/j.jbupt.2013.06.019

• 研究报告 • 上一篇    下一篇

信息安全威胁场景模糊风险评估方法

葛海慧1, 郑世慧1, 陈天平2, 杨义先1   

  1. 1. 北京邮电大学 信息安全中心, 北京 100876;
    2. 空军工程大学 信息与导航学院, 西安 710077
  • 收稿日期:2012-10-26 出版日期:2013-12-31 发布日期:2013-10-08
  • 作者简介:葛海慧(1979—),女,博士生,E-mail:haiyiyanglan@126.com;杨义先(1961—),男,教授,博士生导师.
  • 基金资助:

    北京邮电大学青年科研创新计划专项人才培育项目(BUPT2012RC0219)

Fuzzy Risk Assessment of Information Security Threat Scenario

GE Hai-hui1, ZHENG Shi-hui1, CHEN Tian-ping2, YANG Yi-xian1   

  1. 1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. School of Information and Navigation, Air Force Engineering University, Xi'an 710077, China
  • Received:2012-10-26 Online:2013-12-31 Published:2013-10-08

摘要:

提出了一种针对威胁场景的风险评估方法. 首先构建了威胁场景的递阶层次化风险评价指标体系结构,定义了描述安全措施与风险形成关系的"不可控性"指标,增强了指标体系的完备性;其次定义了指标的高斯型隶属函数,在此基础上提出一种基于隶属度矩阵构造法的模糊综合评判模型,降低了评估过程中人为主观因素的影响;最后将上述模糊综合评判模型与层次分析法相结合对TS的风险度进行了量化计算. 通过实例分析表明该方法是科学的、有效的,为实现风险度大小排序提供了重要依据.

关键词: 信息安全, 威胁场景, 风险评估, 层次分析法, 隶属度矩阵

Abstract:

A risk assessment approach for threat scenario (TS) was proposed. Firstly, hierarchical index system of venture evaluation was constructed for TS, and a new index called uncontrollability was proposed to describe the uncontrollability of relationship between safety measures and risk formation, meanwhile, integrality of index system was enhanced. Secondly, membership function of indicators based on Gaussian function was defined, thereafter, an improved fuzzy comprehensive evaluation model based on membership matrix constructor method was given to reduce the influence of subjective factors. Finally, a combining method of fuzzy algorithm above and analytic hierarchy process were adopted to calculate the degree of risk quantitatively. The case study shows that this method is beneficial to risk size sort.

Key words: information security, threat scenario, risk assessment, analytic hierarchy process, membership matrix

中图分类号: