基于信息熵与三参数区间的信息安全风险评估
|
摘要
信息安全风险评估是一个需要处理众多模糊信息的过程,为提高信息处理的准确性,提出一种信息熵与三参数区间数相结合的信息安全风险评估方法。通过对信息系统进行分析,建立三参数区间形式的风险指标评价矩阵,采用信息熵理论确定指标权重。根据三参数区间的区间距离和区间排序理论求得评价专家权重,分析汇总三者得到最终的评估结果,并通过实例进行评估得到三参数区间数形式的风险值。实验结果表明,与采用二区间形式的方法相比,该方法能够较准确地预测风险等级。
Information security risk assessment is a process that needs to deal with a lot of fuzzy information. In order to increase the accuracy of information processing,an information security risk assessment method based on three-parameter interval and information entropy is proposed. After the analysis of the information system,the evaluation matrix of the threeparameter interval of risk factors is established,and the weight of risk factors is determined according to the information entropy theory. Expert weights are obtained using the theory of interval distance and interval order. The final assessment result is obtained by aggregating three factors. An example is presented to assess risk using the proposed method.Expenmental results show that compared with the two interval,the proposed method can predict risk levels more accurately.
Information security risk assessment is a process that needs to deal with a lot of fuzzy information. In order to increase the accuracy of information processing,an information security risk assessment method based on three-parameter interval and information entropy is proposed. After the analysis of the information system,the evaluation matrix of the threeparameter interval of risk factors is established,and the weight of risk factors is determined according to the information entropy theory. Expert weights are obtained using the theory of interval distance and interval order. The final assessment result is obtained by aggregating three factors. An example is presented to assess risk using the proposed method.Expenmental results show that compared with the two interval,the proposed method can predict risk levels more accurately.
引文
[1]黄慧萍,肖世德,孟祥印.基于攻防博弈的SCADA系统信息安全评估方法[J].计算机工程与科学,2017,39(5):877-884.
[2]陈宇,王亚弟,王晋寿,等.模糊认知图在信息安全风险评估中的应用研究[J].计算机工程,2016,42(7):109-116.
[3]WU K H,YE S C,NIU Y G.An evaluation method for information security level based on OWA operator and bayesian network[J].Applied Mechanics and Materials,2013,411-414:72-75.
[4]FU Y,ZHU J,GAO S.CPS information security risk evaluation system based on petri net[C]//Proceedings of the 2nd International Conference on Data Science in Cyberspace.Washington D.C.,USA:IEEE Press,2017:541-548.
[5]柴继文,王胜,梁晖辉,等.基于层次分析法的信息安全风险评估要素量化方法[J].重庆大学学报(自然科学版),2017,40(4):44-53.
[6]翁迟迟,齐法制,陈刚.基于层次分析法与云模型的主机安全风险评估[J].计算机工程,2016,42(2):1-6.
[7]赵刚,吴天水.结合灰色网络威胁分析的信息安全风险评估[J].清华大学学报(自然科学版),2013,53(12):1761-1767.
[8]GUO X,HU R.The effectiveness evaluation for security system based on risk entropy model and Bayesian network theory[C]//Proceedings of IEEE International Carnahan Conference on Security Technology.Washington D.C.,USA:IEEE Press,2010.
[9]杨姗媛.信息安全风险分析方法与风险感知实证研究[D].北京:中央财经大学,2015.
[10]李磊,谢小璐.区间数信息下的多属性群决策研究[J].计算机工程,2014,40(10):210-213.
[11]林健,姜永.基于三参数区间数型偏好序的群决策方法[J].山东大学学报(理学版),2011,46(7):65-69.
[12]闫书丽,刘思峰,朱建军,等.基于熵测度的三参数区间数信息下的TOPSIS决策方法[J].中国管理科学,2013,21(6):145-151.
[13]中国国家标准化管理委员会.信息安全风险评估规范:GB/T 20984-2007[S].北京:中国标准出版社,2007.
[14]宋杰鲲,张丽波.基于三角模糊熵的信息安全风险评估研究[J].情报理论与实践,2013,36(8):99-104.
[15]FU Y,WU X P,YE Q,et al.An approach for information systems security risk assessment on fuzzy set and entropy weight[J].Acta Electronica Sinica,2010,38(7):1489-1494.
[16]赵萌,邱菀华.基于相对熵的三参数区间值模糊集多属性决策方法[J].统计与决策,2012(6):58-61.
[17]孙庆波,姚国祥.基于风险因子的信息安全风险评估方法研究[J].计算机工程与设计,2012,33(1):83-87.
[18]汤永利,徐国爱,钮心忻,等.基于信息熵的信息安全风险分析模型[J].北京邮电大学学报,2008,31(2):50-53.
[2]陈宇,王亚弟,王晋寿,等.模糊认知图在信息安全风险评估中的应用研究[J].计算机工程,2016,42(7):109-116.
[3]WU K H,YE S C,NIU Y G.An evaluation method for information security level based on OWA operator and bayesian network[J].Applied Mechanics and Materials,2013,411-414:72-75.
[4]FU Y,ZHU J,GAO S.CPS information security risk evaluation system based on petri net[C]//Proceedings of the 2nd International Conference on Data Science in Cyberspace.Washington D.C.,USA:IEEE Press,2017:541-548.
[5]柴继文,王胜,梁晖辉,等.基于层次分析法的信息安全风险评估要素量化方法[J].重庆大学学报(自然科学版),2017,40(4):44-53.
[6]翁迟迟,齐法制,陈刚.基于层次分析法与云模型的主机安全风险评估[J].计算机工程,2016,42(2):1-6.
[7]赵刚,吴天水.结合灰色网络威胁分析的信息安全风险评估[J].清华大学学报(自然科学版),2013,53(12):1761-1767.
[8]GUO X,HU R.The effectiveness evaluation for security system based on risk entropy model and Bayesian network theory[C]//Proceedings of IEEE International Carnahan Conference on Security Technology.Washington D.C.,USA:IEEE Press,2010.
[9]杨姗媛.信息安全风险分析方法与风险感知实证研究[D].北京:中央财经大学,2015.
[10]李磊,谢小璐.区间数信息下的多属性群决策研究[J].计算机工程,2014,40(10):210-213.
[11]林健,姜永.基于三参数区间数型偏好序的群决策方法[J].山东大学学报(理学版),2011,46(7):65-69.
[12]闫书丽,刘思峰,朱建军,等.基于熵测度的三参数区间数信息下的TOPSIS决策方法[J].中国管理科学,2013,21(6):145-151.
[13]中国国家标准化管理委员会.信息安全风险评估规范:GB/T 20984-2007[S].北京:中国标准出版社,2007.
[14]宋杰鲲,张丽波.基于三角模糊熵的信息安全风险评估研究[J].情报理论与实践,2013,36(8):99-104.
[15]FU Y,WU X P,YE Q,et al.An approach for information systems security risk assessment on fuzzy set and entropy weight[J].Acta Electronica Sinica,2010,38(7):1489-1494.
[16]赵萌,邱菀华.基于相对熵的三参数区间值模糊集多属性决策方法[J].统计与决策,2012(6):58-61.
[17]孙庆波,姚国祥.基于风险因子的信息安全风险评估方法研究[J].计算机工程与设计,2012,33(1):83-87.
[18]汤永利,徐国爱,钮心忻,等.基于信息熵的信息安全风险分析模型[J].北京邮电大学学报,2008,31(2):50-53.