Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2013, Vol. 36 ›› Issue (6): 89-92,107.doi: 10.13190/j.jbupt.2013.06.019

• Reports • Previous Articles     Next Articles

Fuzzy Risk Assessment of Information Security Threat Scenario

GE Hai-hui1, ZHENG Shi-hui1, CHEN Tian-ping2, YANG Yi-xian1   

  1. 1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. School of Information and Navigation, Air Force Engineering University, Xi'an 710077, China
  • Received:2012-10-26 Online:2013-12-31 Published:2013-10-08

Abstract:

A risk assessment approach for threat scenario (TS) was proposed. Firstly, hierarchical index system of venture evaluation was constructed for TS, and a new index called uncontrollability was proposed to describe the uncontrollability of relationship between safety measures and risk formation, meanwhile, integrality of index system was enhanced. Secondly, membership function of indicators based on Gaussian function was defined, thereafter, an improved fuzzy comprehensive evaluation model based on membership matrix constructor method was given to reduce the influence of subjective factors. Finally, a combining method of fuzzy algorithm above and analytic hierarchy process were adopted to calculate the degree of risk quantitatively. The case study shows that this method is beneficial to risk size sort.

Key words: information security, threat scenario, risk assessment, analytic hierarchy process, membership matrix

CLC Number: