Fuzzy Risk Assessment of Information Security Threat Scenario

doi:10.13190/j.jbupt.2013.06.019

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2013, Vol. 36 ›› Issue (6): 89-92,107.doi: 10.13190/j.jbupt.2013.06.019

• Reports • Previous Articles Next Articles

Fuzzy Risk Assessment of Information Security Threat Scenario

GE Hai-hui¹, ZHENG Shi-hui¹, CHEN Tian-ping², YANG Yi-xian¹

1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;
2. School of Information and Navigation, Air Force Engineering University, Xi'an 710077, China

Received:2012-10-26 Online:2013-12-31 Published:2013-10-08

Abstract

Abstract:

A risk assessment approach for threat scenario (TS) was proposed. Firstly, hierarchical index system of venture evaluation was constructed for TS, and a new index called uncontrollability was proposed to describe the uncontrollability of relationship between safety measures and risk formation, meanwhile, integrality of index system was enhanced. Secondly, membership function of indicators based on Gaussian function was defined, thereafter, an improved fuzzy comprehensive evaluation model based on membership matrix constructor method was given to reduce the influence of subjective factors. Finally, a combining method of fuzzy algorithm above and analytic hierarchy process were adopted to calculate the degree of risk quantitatively. The case study shows that this method is beneficial to risk size sort.

Key words: information security, threat scenario, risk assessment, analytic hierarchy process, membership matrix

CLC Number:

TP393.08

GE Hai-hui, ZHENG Shi-hui, CHEN Tian-ping, YANG Yi-xian. Fuzzy Risk Assessment of Information Security Threat Scenario[J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2013, 36(6): 89-92,107.

References

[1] Ge Haihui, Gu Lize, Yang Yixian, et al. An attack graph based network security evaluation model for hierarchical network[C]//Yixian Yang. Proceedings 2010 IEEE International Conference on Information Theory and Information Security. Beijing: IEEE Press, 2010: 208-211.

[2] Li Kai, Gu Naijie, Bi Kun, et al. Network security evaluation algorithm based on access level vector[C]//The 9^th International Conerence for Young Computer Scientists. Hunan:[s.n.], 2008: 1538-1544.

[3] 张利, 姚轶崭, 彭建芬, 等. 基于决策树的智能信息安全风险评估方法[J]. 清华大学学报: 自然科学版, 2011, 51(10): 1236-1239. Zhang Li, Yao Yizhan, Peng Jianfen, et al. Intelligent information security risk assessment based on a decision tree algorithm[J]. Journal of Tsing hua University: Science and Technology, 2011, 51(10): 1236-1239.

[4] Niu Honghui, Shang Yanling. Research on risk assessment model of information security based on Particle swarm algorithm-RBF neural network[C]//Circuits, Communications and System(PACCS). Beijing:[s.n.], 2010: 479-482.

[5] Qu Zhiming. Application of comprehensive fuzzy evaluation in enterprise network security[C]//Power Electronics and Intelligent Transportation System(PEITS). Shenzhen:[s.n.], 2009: 54-57.

[6] 吕镇邦, 周波. 基于Shapley熵和Choquet积分的层次化风险评估[J]. 北京邮电大学学报, 2009, 32(6): 83-87. Lü Zhenbang, Zhou Bo. Hierarchical risk assessment based on shapley entropies and choquet integrals[J]. Journal of Beijing University of Posts and Telecommunications, 2009, 32(6): 83-87.

[7] 赵冬梅, 马建峰, 王跃生. 信息系统的模糊风险评估模型[J]. 通信学报, 2007, 28(4): 51-64. Zhao Dongmei, Ma Jianfeng, Wang Yuesheng. Model of fuzzy risk assessment of the information system[J]. Journal on Communications, 2007, 28(4): 51-64.

[1]	YANG Hongyu, YUAN Haihang, ZHANG Liang. A Risk Assessment Method of Network Host Node with Host Importance [J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(2): 16-21.
[2]	YANG Hong-yu, ZHANG Le, ZHANG Liang. An Information System Risk Assessment Method Based on Risk Propagation [J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(4): 41-48.
[3]	LU Yi-qin, HUANG Jun-xian, CHENG Zhe, QIN Jian-cheng. A Multi-Index Mimic Voting Algorithm Based on Improved AHP-FCE Model [J]. Journal of Beijing University of Posts and Telecommunications, 2021, 44(2): 8-13.
[4]	TIAN Xing-peng, ZHU Xiao-rong, ZHU Hong-bo. Distributed Wireless Node Task Allocation Method Based on KM Algorithm [J]. Journal of Beijing University of Posts and Telecommunications, 2020, 43(6): 96-102.
[5]	ZHAO Jian, WANG Rui, LI Zheng-min, LEI Min, MA Min-yao. Security Threats and Risk Assessment of IoT System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2017, 40(s1): 135-139.
[6]	LEI Min, LIU Xiao-ming, ZHANG Hong, WANG Mian, YANG Yu. Research on Security Threats and Risk Assessment of Web Information System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(s1): 87-93.
[7]	LEI Wei-jia, SHENG Jie, XIE Xian-zhong. Encoding and Decoding Scheme of Security-Enhanced LT Codes [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(4): 108-113.
[8]	YANG Hong-yu, CHENG Xiang. Information System Risk Control Method Based on Work-Flow [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(3): 105-109.
[9]	AN Jian, GUI Xiao-lin, HE Chang-qi, WU Ruo-biao. Crowdsourcing Assignment Mechanism Based on AHP in Mobile Crowd Sensing [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(5): 37-41.
[10]	JIANG Hai-ou, SONG Mei-na, E Hai-hong, DENG Jiang-dong. A Generic Method of Migrating Operation Support System Partially to the Cloud [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(5): 1-5.
[11]	. Network Security Analysis Based on Host-Security-Group [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2012, 35(1): 19-23.
[12]	WU Huan, PAN Lin, WANG Xiao-zhen, XU Rong-sheng. A Risk Assessment Model Using Incomplete Attack Graphs Analysis [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2010, 33(3): 57-61.
[13]	QIN Hua-wang;DAI Yue-wei;WANG Zhi-quan. Threshold Signature Scheme Based on the General Access Structure [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 102-104.
[14]	LuZhenbang,ZHOU Bo. Hierarchical Risk Assessment Based on Shapley Entropies and Choquet Integrals [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(6): 83-87.
[15]	LEI Xin-Feng. Implement of Chinese-Wall Model Based on an Open Synthetical Security Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(3): 73-76.

Fuzzy Risk Assessment of Information Security Threat Scenario

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments