Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2009, Vol. 32 ›› Issue (6): 83-87.doi: 10.13190/jbupt.200906.83.lüzhb

• Papers • Previous Articles     Next Articles

Hierarchical Risk Assessment Based on Shapley Entropies and Choquet Integrals

LuZhenbang,ZHOU Bo   

  1. (1 Aeronautics Computing Technique Research Institute, Xi'an 710068, China;
    2 School of Computer Science and Technology, Xidian University, Xi'an 710071,
  • Received:2008-12-15 Revised:2009-07-31 Online:2009-12-28 Published:2009-12-28
  • Contact: Zhen-Bang LV

Abstract:

The existing information security risk assessment approaches commonly ignore the relations among the assessment factors. To overcome the ambiguity and complexity of relations among the factors, and the difficulty of acquiring the correlative fusion weights of attributes in practice, a hierarchical risk assessment model based on Shapley entropies and Choquet integrals is proposed. By introducing the Shapley value concept of nperson cooperative game theory into the assessment model, this approach solves the information security risk assessment problem under poor information conditions by using the analytic hierarchy process with Choquet integrals from bottom to top, which is based on the maximum Shapley entropy principle. The effectiveness of the proposed approach is illustrated via an actual information security risk assessment for four subnets of the intranet in a community.

Key words: information security, risk assessment, Shapley entropy, Choquet integral, analytic hierarchy process