信息系统信息安全风险管理方法研究
|
摘要
随着Internet的普及和全球信息化的不断推进,与组织业务相关的信息系统已经成为组织赖以生存的重要战略资源,保障其信息安全的重要性受到广泛关注。组织信息系统的信息安全一旦遭到破坏,不仅会使组织信息的安全属性遭受损害,而且会对组织业务运行造成巨大影响,其损失不仅包括经济方面,还可能对组织形象、声誉甚至是战略性竞争优势造成致命损伤。因此,对信息系统开展信息安全风险管理显得十分必要。
已有的信息系统信息安全风险管理方法将信息系统风险分析与评估同具体的组织环境和业务背景相割裂,缺乏对风险形成过程的分析与描述,进行安全决策时单纯考虑“技术”因素、缺乏对组织决策层期望实现的多个决策目标的全面表达。为弥补上述不足,本文提出了一套信息系统信息安全风险管理的新方法ISISRM,并对该方法所涉及的关键问题进行了深入研究,为组织进行信息系统信息安全风险管理提供了一条新途径。论文的研究内容和主要贡献如下:
第一,通过对基本思想、管理周期、过程与方法以及组织管理四个方面的描述,建立了信息系统信息安全风险管理方法ISISRM的整体框架。ISISRM方法利用由13个具体过程构成的流程框架为组织实施信息系统风险管理提供一套规范的程序。该方法充分体现了现代信息安全风险管理思想,具有面向组织具体的业务背景进行风险因素识别与分析,基于风险事件形成的动态过程计算风险事件频率,基于适度量化原则对信息安全风险进行度量,综合权衡多个决策目标求解理想安全方案等特点。
第二,给出了通过利用图(Exploit Graph, EG)对风险事件过程进行建模的方法。建立了信息系统安全性分析模型,提出了基于该模型生成利用图的算法,并分析了该算法的计算效率。给出了基于利用图的风险事件过程建模体系框架。运用利用图对风险事件过程进行形式化描述,可模拟威胁发起者的思维过程,全面而细致刻画出威胁发起者制造风险事件的各种可能的行动方案,以及各个方案中脆弱性利用行为间的时序关系,为理解风险事件形成的动态过程提供清晰的视图。
第三,提出了基于利用图计算信息系统信息安全风险事件频率的方法。其中主要包括:威胁发起者攻击尝试频率的预测方法;基于利用图计算风险事件最大成功概率的算法;根据贝叶斯网络理论计算利用图中原子利用节点的成功概率的方法。
第四,提出并探讨了基于模糊NCIC(Nontraditional Capital Investment Criteria)方法的信息安全风险事件损失值计算方法。其中包括:信息安全风险事件的损失层次全息模型;用于模糊多准则评估的模糊NCIC方法;运用语言变量表示两两比较矩阵中决策者的模糊偏好信息的方法;运用模糊NCIC方法评估风险事件损失的计算流程。运用模糊NCIC方法评估风险事件损失可将风险事件损失以货币为单位地定量化,不仅能直观地反映风险事件给组织带来的危害性后果,而且便于安全决策人员对安全方案进行费效比分析,使得安全决策人员能将安全决策纳入到经济分析框架下来,从而可以使用经济学理论为信息安全管理决策提供有力的理论与方法指导。
第五,建立了一个完整的信息系统安全决策框架。该框架包括安全决策启动判断、安全投资预算调控和风险控制决策三个阶段。对于安全决策启动判断阶段,在给出安全决策启动条件的基础上确定了安全决策启动判断的流程。对于安全投资预算调控阶段,设计了动态调整组织当前的信息安全投资预算的流程,建立了信息系统最小安全投资额模型,提出了求解该模型的基于模糊算子的自适应遗传算法AGABOFA;该算法采用了自适应的遗传算子,基于模糊算子进行约束处理,并且在求解的解码过程中运用总全局风险值更新算法实现对安全方案对应的信息系统残余风险的计算。对于风险控制决策阶段,建立了信息安全风险控制的模糊多目标优化模型及该模型的求解框架,提出了求解该模型的基于模糊算子的扩展Pareto进化算法SPEABOFA;该算法基于模糊算子进行约束处理,通过Pareto解集过滤器、小生境技术和优秀解培育过程的操作保证了解的多样性,加速了解的收敛过程。最后给出了在模型Pareto解集合中求解最满意安全方案的模糊多属性决策方法。基于信息系统安全决策整体框架,可以最终求解出一个整合所有安全决策人员意见、充分考虑多个决策目标且能将信息安全风险控制在可接受范围之内的理想安全方案。
最后,在信息系统ISISRM理论方法研究的基础上,给出了一个信息系统信息安全风险管理的应用实例。
With the development of global informatization and the popularization of Internet, information system that correlate with organization business has became the important strategic resource which organization must depend upon in order to survive. So the importance of assuring the information security of information system has drawn broad attention. Once the information security of organization information system has been destroyed, it would not only cause the security attributes of organization information to be compromised but also make organization business; the loss of it is not only involve economic loss, but also can make deathful damnification to organization’s image, reputation, or even strategic competitive predominance. Therefore, it is very essential to perform information security risk management upon information system.
However, there are some common problems in existing information system information security risk management method. For example, these methods often separate the risk analysis and assessment of information system from the concrete organization environment and business background; or lack the formalization of the process which get the risk into shape; or take into account technical factor merely when they make security decision, so the decision process can’t embody multiple decision objective which organization supervisors expect to achieve. To solve these problems, this thesis presents a information system information security risk management method named ISISRM which provides a new way for information security risk management of information system , and then lucubrates the pivotal question of this new method. The main contents and fruits of this thesis are outlined as follows:
Firstly, ISISRM framework is constructed from four aspects such as the essence of idea, management circle, processes and methods, management organization. ISISRM provides a suit of normative practical procedure of implementing risk management on information system through an process framework composed by 13 processes. ISISRM method adequately materialize the modern information security risk management theory. ISISRM has four characteristic: it identifies and analyses risk factors orienting to the concrete business process in organization; it calculates risk event frequency based upon the process which get the risk event into shape; it measures information security risk based on proper quantity level; it balances several decision-making objective against each other to seek satisfied security plan.
Secondly, a method of modeling risk event through Exploit Graph(EG) is presented. A information system security analysis model is constructed. A algorithm of construct exploit graph is presented based on this model, and the efficiency of the algorithm is analysised. A system framework of risk event process modeling based on EG is proposed. Using EG to describe the process which the risk event is get into shape can simulate the thoughtway of the attack initiator, portray comprehensively and subtly all of the possible action scenarios that attack initiator can induce the risk event and the temporal order relations between vulnerability exploiting actions in each process. Then EG can provide a clear view for understanding the dynamic process of risk event.
Thirdly, a method of calculating information system information security risk events frequency based on EG is presented. The main content of this method includes the method of forecasting the attack frequency, the algorithm of calculating the maximal victory frequency of risk event based on EG, and the method of calculating the victory frequency of atomic exploit node in EG based on Bayesian Network theory.
Fourthly, a method of calculating the loss of information security risk event based on fuzzy NCIC(Nontraditional Capital Investment Criteria) method is put forward. The main study of this method include: a hierarchical holographic model of loss(HHML) of information security risk event is presented; the fuzzy NCIC method for fuzzy multi-criteria decision making is studied; the method using language variable to express the fuzzy preference information of decision-maker in the pairwise comparison matrix is proposed; the flow of using fuzzy NCIC method to assess the loss of information security risk event is presented is designed. Using fuzzy NCIC method to assess the loss of risk event can quantify the loss in currency format, then can not only intuitionisticly reflect the harmful result to information system and organization induced by risk events, but also be convenient for security decision maker to perform cost-effect-ratio analysis on security plans, which enable decision-maker to put information security risk management in the frame of economics analysis and to use economics theory to provide guidance and method for information security management decision.
Fifthly, an integrated framework of information security decision is built. The framework includes three phases: startup of security decision judging phase, budget on the investment of security adjusting and controlling phase, and risk control decision making phase. In the first phase, based on the condition of security decision start-up, the flow of judging the start-up of security decision is proposed. In the second phase, the flow of dynamicly adjusting the current security investment budget is designed, a model for minimal information security investment is presented, and an adaptive genetic algorithm based on fuzzy arithmetic named AGABOFA is proposed for the model. AGABOFA adopts adaptive genetic arithmetic, dispose restriction based on fuzzy arithmetic and uses overall global risk value update algorithm to calculate information system residual risk corresponding to given security plan during the decoding phase of solving course of itself. In the third phase, the model of fuzzy multi-objective optimization for information security risk control is built and the solving frame of the model is proposed. And the strength Pareto evolutionary algorithm based on fuzzy arithmetic named SPEABOFA for the model is presented, SPEABOFA dispose restriction based on fuzzy arithmetic, adopts several operations such as filtering, niches and breeding process which guarantee the diversity of the population and the divergent speed. Then a fuzzy multiple attributes group decision making method is presented for selecting the most satisfactory security plan in Pareto set of the model. Based on holistic frame of the information system security decision, a satisfactory security plan which synthesizes the opinion of all decision-maker, takes into account multiple security decision objective, and can control the information security risk of information system in the acceptable scope can be worked out.
Last, a real information system is used to illustrate key methodologies presented in this thesis.
已有的信息系统信息安全风险管理方法将信息系统风险分析与评估同具体的组织环境和业务背景相割裂,缺乏对风险形成过程的分析与描述,进行安全决策时单纯考虑“技术”因素、缺乏对组织决策层期望实现的多个决策目标的全面表达。为弥补上述不足,本文提出了一套信息系统信息安全风险管理的新方法ISISRM,并对该方法所涉及的关键问题进行了深入研究,为组织进行信息系统信息安全风险管理提供了一条新途径。论文的研究内容和主要贡献如下:
第一,通过对基本思想、管理周期、过程与方法以及组织管理四个方面的描述,建立了信息系统信息安全风险管理方法ISISRM的整体框架。ISISRM方法利用由13个具体过程构成的流程框架为组织实施信息系统风险管理提供一套规范的程序。该方法充分体现了现代信息安全风险管理思想,具有面向组织具体的业务背景进行风险因素识别与分析,基于风险事件形成的动态过程计算风险事件频率,基于适度量化原则对信息安全风险进行度量,综合权衡多个决策目标求解理想安全方案等特点。
第二,给出了通过利用图(Exploit Graph, EG)对风险事件过程进行建模的方法。建立了信息系统安全性分析模型,提出了基于该模型生成利用图的算法,并分析了该算法的计算效率。给出了基于利用图的风险事件过程建模体系框架。运用利用图对风险事件过程进行形式化描述,可模拟威胁发起者的思维过程,全面而细致刻画出威胁发起者制造风险事件的各种可能的行动方案,以及各个方案中脆弱性利用行为间的时序关系,为理解风险事件形成的动态过程提供清晰的视图。
第三,提出了基于利用图计算信息系统信息安全风险事件频率的方法。其中主要包括:威胁发起者攻击尝试频率的预测方法;基于利用图计算风险事件最大成功概率的算法;根据贝叶斯网络理论计算利用图中原子利用节点的成功概率的方法。
第四,提出并探讨了基于模糊NCIC(Nontraditional Capital Investment Criteria)方法的信息安全风险事件损失值计算方法。其中包括:信息安全风险事件的损失层次全息模型;用于模糊多准则评估的模糊NCIC方法;运用语言变量表示两两比较矩阵中决策者的模糊偏好信息的方法;运用模糊NCIC方法评估风险事件损失的计算流程。运用模糊NCIC方法评估风险事件损失可将风险事件损失以货币为单位地定量化,不仅能直观地反映风险事件给组织带来的危害性后果,而且便于安全决策人员对安全方案进行费效比分析,使得安全决策人员能将安全决策纳入到经济分析框架下来,从而可以使用经济学理论为信息安全管理决策提供有力的理论与方法指导。
第五,建立了一个完整的信息系统安全决策框架。该框架包括安全决策启动判断、安全投资预算调控和风险控制决策三个阶段。对于安全决策启动判断阶段,在给出安全决策启动条件的基础上确定了安全决策启动判断的流程。对于安全投资预算调控阶段,设计了动态调整组织当前的信息安全投资预算的流程,建立了信息系统最小安全投资额模型,提出了求解该模型的基于模糊算子的自适应遗传算法AGABOFA;该算法采用了自适应的遗传算子,基于模糊算子进行约束处理,并且在求解的解码过程中运用总全局风险值更新算法实现对安全方案对应的信息系统残余风险的计算。对于风险控制决策阶段,建立了信息安全风险控制的模糊多目标优化模型及该模型的求解框架,提出了求解该模型的基于模糊算子的扩展Pareto进化算法SPEABOFA;该算法基于模糊算子进行约束处理,通过Pareto解集过滤器、小生境技术和优秀解培育过程的操作保证了解的多样性,加速了解的收敛过程。最后给出了在模型Pareto解集合中求解最满意安全方案的模糊多属性决策方法。基于信息系统安全决策整体框架,可以最终求解出一个整合所有安全决策人员意见、充分考虑多个决策目标且能将信息安全风险控制在可接受范围之内的理想安全方案。
最后,在信息系统ISISRM理论方法研究的基础上,给出了一个信息系统信息安全风险管理的应用实例。
With the development of global informatization and the popularization of Internet, information system that correlate with organization business has became the important strategic resource which organization must depend upon in order to survive. So the importance of assuring the information security of information system has drawn broad attention. Once the information security of organization information system has been destroyed, it would not only cause the security attributes of organization information to be compromised but also make organization business; the loss of it is not only involve economic loss, but also can make deathful damnification to organization’s image, reputation, or even strategic competitive predominance. Therefore, it is very essential to perform information security risk management upon information system.
However, there are some common problems in existing information system information security risk management method. For example, these methods often separate the risk analysis and assessment of information system from the concrete organization environment and business background; or lack the formalization of the process which get the risk into shape; or take into account technical factor merely when they make security decision, so the decision process can’t embody multiple decision objective which organization supervisors expect to achieve. To solve these problems, this thesis presents a information system information security risk management method named ISISRM which provides a new way for information security risk management of information system , and then lucubrates the pivotal question of this new method. The main contents and fruits of this thesis are outlined as follows:
Firstly, ISISRM framework is constructed from four aspects such as the essence of idea, management circle, processes and methods, management organization. ISISRM provides a suit of normative practical procedure of implementing risk management on information system through an process framework composed by 13 processes. ISISRM method adequately materialize the modern information security risk management theory. ISISRM has four characteristic: it identifies and analyses risk factors orienting to the concrete business process in organization; it calculates risk event frequency based upon the process which get the risk event into shape; it measures information security risk based on proper quantity level; it balances several decision-making objective against each other to seek satisfied security plan.
Secondly, a method of modeling risk event through Exploit Graph(EG) is presented. A information system security analysis model is constructed. A algorithm of construct exploit graph is presented based on this model, and the efficiency of the algorithm is analysised. A system framework of risk event process modeling based on EG is proposed. Using EG to describe the process which the risk event is get into shape can simulate the thoughtway of the attack initiator, portray comprehensively and subtly all of the possible action scenarios that attack initiator can induce the risk event and the temporal order relations between vulnerability exploiting actions in each process. Then EG can provide a clear view for understanding the dynamic process of risk event.
Thirdly, a method of calculating information system information security risk events frequency based on EG is presented. The main content of this method includes the method of forecasting the attack frequency, the algorithm of calculating the maximal victory frequency of risk event based on EG, and the method of calculating the victory frequency of atomic exploit node in EG based on Bayesian Network theory.
Fourthly, a method of calculating the loss of information security risk event based on fuzzy NCIC(Nontraditional Capital Investment Criteria) method is put forward. The main study of this method include: a hierarchical holographic model of loss(HHML) of information security risk event is presented; the fuzzy NCIC method for fuzzy multi-criteria decision making is studied; the method using language variable to express the fuzzy preference information of decision-maker in the pairwise comparison matrix is proposed; the flow of using fuzzy NCIC method to assess the loss of information security risk event is presented is designed. Using fuzzy NCIC method to assess the loss of risk event can quantify the loss in currency format, then can not only intuitionisticly reflect the harmful result to information system and organization induced by risk events, but also be convenient for security decision maker to perform cost-effect-ratio analysis on security plans, which enable decision-maker to put information security risk management in the frame of economics analysis and to use economics theory to provide guidance and method for information security management decision.
Fifthly, an integrated framework of information security decision is built. The framework includes three phases: startup of security decision judging phase, budget on the investment of security adjusting and controlling phase, and risk control decision making phase. In the first phase, based on the condition of security decision start-up, the flow of judging the start-up of security decision is proposed. In the second phase, the flow of dynamicly adjusting the current security investment budget is designed, a model for minimal information security investment is presented, and an adaptive genetic algorithm based on fuzzy arithmetic named AGABOFA is proposed for the model. AGABOFA adopts adaptive genetic arithmetic, dispose restriction based on fuzzy arithmetic and uses overall global risk value update algorithm to calculate information system residual risk corresponding to given security plan during the decoding phase of solving course of itself. In the third phase, the model of fuzzy multi-objective optimization for information security risk control is built and the solving frame of the model is proposed. And the strength Pareto evolutionary algorithm based on fuzzy arithmetic named SPEABOFA for the model is presented, SPEABOFA dispose restriction based on fuzzy arithmetic, adopts several operations such as filtering, niches and breeding process which guarantee the diversity of the population and the divergent speed. Then a fuzzy multiple attributes group decision making method is presented for selecting the most satisfactory security plan in Pareto set of the model. Based on holistic frame of the information system security decision, a satisfactory security plan which synthesizes the opinion of all decision-maker, takes into account multiple security decision objective, and can control the information security risk of information system in the acceptable scope can be worked out.
Last, a real information system is used to illustrate key methodologies presented in this thesis.
引文
[1] MichAEL, E. W. Enemy at the Gate: Threats to Information Security. ACM Transactions on Information and System Security, 2003, 46(8): p1-8
[2] 人民日报.2005,3 月 21 日第三版.
[3] Townsend, Timothy J., Security Adequacy Review Process and Technology.Technical White Paper.Palo Alto, CA: Sun Microsystems, 1998.
[4] Hoffman, L. J., Hung, B. T. A Pictorial Representation and Validation of the Emerging Computer System Security Risk Management Framework. Computer Security Risk Management Model Builders Workshop, Ottawa, Canada. June 20–22, 1989: 6
[5] The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation. ISO/IEC15408, 1999(E)
[6] International Organization for Standardization. ISO/IEC TR 13335. Guidelines for the Management of IT Security (GMITS). 1996-2001
[7] SSE-CMM Model Description Document Version 2.0. 1999, http://www.sse-cmm.org,
[8] National Security Agency. Information Assurance Technical Framework (IATF),Version 3.0. 2000, http://www.iatf.net.
[9] Canada. Integrated Risk Management Framework: A Report on Implementation Progress,http://www.tbs-sct.gc.ca/rm-gr/irmf-cgir/2003-03-rprt_e.asp. 2003
[10] (美)克里斯多夫.阿尔伯玆, (美)奥黛莉.多诺菲. 信息安全风险管理:OCTAVESM方法. 北京: 清华大学出版社, 2003
[11] Australian/New Zealand Standard AS/N7,S 4360: 1999: Risk Management[S] .1999.
[12] General Accounting Office.AIMD-99-139[R].1999.
[13] Neumann. Computer-related risks[M]: ACM Press, Addison-Wesley Publishing Company, 1995
[14] Gareth Davies. Risk Analysis Generations-The evolution of Risk Analysis. August 1999, http://csweb.rau.ac.za/deth/research/article_page.htm.
[15] Wright.Third generation risk management practices. Computer fraud and security, Elsevier Science Ltd., February 1999.
[16] Haimes, Y. Risk Modeling, Assessment, and Management. Wiley Series in Systems Engineering. New York: John Wiley& Sons, August 1998
[17] L.J. Hoffman, Computer security risk analysis, in L.A.Cox and P.F. Ricci (eds), New Risks: Issues and Management, Plenum Press, New York, 1990, pp. 371-377.,
[18] Badenhorst, K. P., Eloff, J. H. P. Computer security methodology: risk analysis and project definition. Computers &Security, 1990, (9): p339-346
[19] Tregear, J., Consultant., S. Risk Assessment. Information Security Technical Report, 2001, 6(3): p19-27
[20] S.P.Bennett, M.P.Kailay. An application of qualitative risk analysis to computer security for the commercial sector. Information Security Technical Report, 2001, 6(3): p28-36
[21] Jelen, G. F., Williams, J. R. A Practical Approach to Measuring Assurance. 14th Annual Computer Security Applications Conference December 7-11, 1998:
[22] Foss, J. A., Barbosa., S. Assessing Computer Security Vulnerability. Operating System Review, 1995, 29(3): p3-13
[23] 钱钢. 信息系统安全的工程化管理研究[博士学位论文]. 南京: 东南大学, 2002
[24] Risk analysis modeling with the use of fuzzy logic.
[25] 朱而刚, 张素英. 基于灰色评估的信息安全风险评估模型. 信息安全与通信保密, 2004, (7): p32-35
[26] L.F.Kwok, D, L. Information security management and modeling. Information Management and Computer Security, 1999, 7(1): p30-39
[27] Parker, D. Why the Due Care security review method is superior to Risk Assessment. CSI ALERT Newsletter, Number 212., November 2000.
[28] Jung, C. Risk Analysis for Electronic Commerce Using Case-Based Reasoning. International Journal of Intelligent Systems in Accounting, Finance & Management, 1999, (8): p61-73
[29] CORAS IST-2000-25031 Web Site[EB/OL].http://www.nr.no/coras. February 24, 2006.
[30] Reactive System Design Support, “RSDS” [EB/OL].http://www.kcl.ac.uk. 2002.
[31] Staniford-Chen, S., Cheung, S., Crawford, R. et al. GrIDS - A Graph Based Intrusion Detection System for Large Networks. 19th National Information Systems Security Conference, Baltimore, Maryland: National Institute of Standards and Technology and National Computer Security Center. 1996: p361-370
[32] Krsul, I. V. Software Vulnerability Analysis[Ph.D.Dissertation]. West Lafayette, Indiana: Department of Computer Sciences, Purdue University, 1998
[33] Levin, D. Lessons Learned in Using Live Red Teams in IA Experiments. DARPA Information Survivability Conference and Exposition (DISCEX’03), Washington, D.C.: IEEE Computer Society. 2003, 1: p110-119
[34] Steffan, J., Schumacher, M. Collaborative Attack Modeling. Proceedings: 2002 ACM Symposium on Applied Computing (SAC 2002), Madrid, Spain: ACM/SIGAPP. 2002: p253-259
[35] Cheung, S., Lindqvist, U., Fong, M. W. Modeling Multistep Cyber Attacks for Scenario Recognition. Proceedings: DARPA Information Survivability Conference and Exposition (DISCEX’03), Washington, D.C.: IEEE Computer Society. 2003: p284-292
[36] Geib, C., Goldman, R., Harp, S. et al. Argus - An Architecture for Cooperating Intrusion Detection and Mitigation Applications. Honeywell Technology Center, 2004
[37] Zerkle, D., K. Levitt. NetKuang - A Multi-Host Configuration Vulnerability Checker Proceedings: 6th USENIX Security Symposium, San Jose, California: The USENIX Association. 1996: p195-201
[38] Dacier, M., Deswarte, Y., Ka?aniche, M. Quantitative Assessment of Operational Security: Models and Tools. Laboratory for Analysis and Architecture of Systems, National Center for Scientific Research (LAAS-CNRS), 1996
[39] Cha, S. S., Leveson, N. G., T. J. Shimeall. Safety Verification in MURPHY Using Fault Tree Analysis. Proceedings: 10th International Conference on Software Engineering, Singapore. 1988: p377-386
[40] Vesely, W. E., Goldberg, F. F., Roberts, N. H. et al. Fault Tree Handbook. Washington DC USA: Systems and Reliability Research, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission, 1981
[41] Helmer, G., Wong, J., Slagell, M. et al. Software Fault Tree and Colored Petri Net Based Specification, Design and Implementation of Agent-Based Intrusion Detection System. Requirements Engineering, 2000, 7(4): p207-220
[42] Schneier, B. Attack Trees. Dr. Dobb's Journal, 1999, 24(12): p21-29
[43] Cunningham, W. H. Optimal Attack and Reinforcement of A Network. Journal of the ACM (JACM), 1985, 32(3): p549-561
[44] Jha, S., Sheyner, O., Wing, J. Two Formal Analyses of Attack Graphs. Proceedings: 15th IEEE Computer Security Foundations Workshop (CSFW’15), Cape Breton, Nova Scotia, Canada. 2002: p49-63
[45] Kewley, D. L., J. F. Bouchard. DARPA Information Assurance Program Dynamic Defense Experiment Summary. IEEE Transactions on Systems, Man and Cybernetics - Part A: System and Humans, 2001, 31(4): p331-336
[46] Noel, S., Jajodia, S. Managing Attack Graph Complexity through Visual Hierarchical Aggregation. Proceedings: ACM CCS Workshop on Visualization and Data Mining for Computer Security, Fairfax, Virginia. 2004: p109-118
[47] Rieke, R. Tool Based Formal Modelling, Analysis and Visualisation of Enterprise Network Vulnerabilities Utilising Attack Graph Exploration. EICAR 2004 Conference CD-ROM: Best Paper Proceedings, Copenhagen. 2004: EICAR e.V.
[48] Ritchey, R. W., Ammann, P. Using Model Checking to Analyze Network Vulnerabilities. Proceedings: 2000 IEEE Computer Society Symposium on Security and Privacy (S&P 2000), Oakland, California. 2000: p156-165
[49] Sheyner, O., Haines, J., Jha, S. et al. Automated Generation and Analysis of Attack Graphs. Proceedings: 2002 IEEE Symposium on Security and Privacy (S&P 2002), Oakland, California. 2002: p254-265
[50] Swiler, L. P., Phillips, C., Ellis, D. et al. Computer-Attack Graph Generation Tool. Proceedings: DARPA Information Survivability Conference and Exposition (DISCEX II’01), Anaheim, California. 2001, 2: p1307-1321
[51] Swiler, L. P., Phillips, C., T. Gaylor. A Graph-Based Network-Vulnerability Analysis System. Sandia National Laboratories, Albuquerque, 1998
[52] Palshikar, G. K. An Introduction to Model Checking. CMP Media LLC,Manhasset, 2004
[53] B′erard, B., Bidoit, M., Finkel, A. et al. Systems and Software Verification: Model-Checking Techniques and Tools. Berlin, Germany: Springer-Verlag, 2001
[54] Das, K. J. Attack Development for Intrusion Detection Evaluation[MS.Dissertation]. Massachusetts: Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology,Cambridge, 2000
[55] Deraison, R. The Nessus Project. Nessus Open Source Vulnerability Scanner Project, 2004
[56] Elements, S.Secure Elements-Homepage.Secure Elements, http://www.secureelements.com/ (current July 2005), 2005
[57] Fox, K. L., Henning, R. R., Farrell, J. T. et al. A Prototype Next Generation Information Assurance Tool: A Data Fusion Model for Information System Defense. Proceedings: 7th World Multiconference on Systemics, Cybernetics and Informatics (SCI 2003), Orlando, Florida. 2003, 1: p284-289
[58] Gallagher, P. R. Glossary of Computer Security Terms. National Computer Security Center, Department of Defense, Fort George G. Meade, MD, 1998
[59] Jajodia, S., Noel, S., O’Berry, B. Topological Analysis of Network Attack Vulnerability. Boston,Massachusetts: Kluwer Academic Publisher, 2003
[60] Noel, S., Jajodia, S., O’Berry, B. et al. Efficient Minimum-Cost Network Hardening via Exploit Dependency Graphs. Proceedings: 19th Annual Computer Security Applications Conference, Las Vegas, Nevada. 2003:
[61] McDermott, J. Attack Net Penetration Testing. Proceedings: 2000 New Security Paradigms Workshop (NSPW’00), Cork, Ireland. 2000: p15-21
[62] Templeton, S. J., Levitt, K. A Requires/Provides Model for Computer Attacks. Proceedings: 2000 New Security Paradigms Workshop (NSPW’00), Cork, Ireland. 2000: p31-38
[63] Ramakrishnan, C. R., Sekar, R. Model-Based Analysis of Configuration Vulnerabilities. Journal of Computer Security, 2002, 10(1-2): p189-209
[64] Reifer, D., Ragan, T., Kalb, G. Recovery from A Cyber Attack. Proceedings: Software Technology Conference (STC) ' 99, Salt Lake City, Utah. 1999:
[65] Hamilton, S. N., Miller, W. L., Ott, A. et al. The Role of Game Theory in Information Warfare. Proceedings: 4th Information Survivability Workshop (ISW-2001/2002), Vancouver, BC, Canada. 2002:
[66] Hamilton, S. N., Miller, W. L., Ott, A. et al. Challenges in Applying Game Theory to the Domain of Information Warfare. Proceedings: 4th Information Survivability Workshop (ISW-2001/2002), Vancouver, BC, Canada: IEEE Computer Society. 2002:
[67] Alpcan, T., Basar, T. A Game Theoretic Approach to Decision and Analysis in Network Intrusion Detection. Proceedings: IEEE Conference on Decision and Control, Maui, Hawaii: IEEE Computer Society. 2003: p2595-2600
[68] Turban, E., Wetherbe, J., Mclean, E. Information Technology for Management: Improving Quality and Productivity. New York: John Wiley and Sons, 1996
[69] Benaroch, M. Managing Information Technology Investment Risk: A Real OptionsPerspective. Journal of Management Information Systems, 2002:
[70] Bilar, D. Quantitative risk analysis of computer networks[Ph.D.Dissertation]. Hanover, New Hampshire: Thayer School of Engineering,Dartmouth University, 2003
[71] Gehani, A. Support for automated passive host-based intrusion response[Ph.D.Dissertation]. Durham, North Caronila: Department of Computer Science,Duke University, 2003
[72] Butler, S. A. Security Attribute Evaluation Method[Ph.D.Dissertation]. Pittsburgh, PA: Department of Computer Science, Carnegie Mellon University, 2003
[73] Nick (Ning) Xie, Nancy R. Mead. SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies. Department of Computer Science , University of California at Davis : Technical Report TCMU/SEI-2004-TN-045, 2004.
[74] Gordon, L. A. The Economics of Information Security Investment. ACM Transactions on Information and System Security, 2002, 5(4): p438-457
[75] Kanta Matsuura, Information Security and Economics in Computer Networks: An Interdisciplinary Survey and a Proposal of Integrated Optimization of Investment, the 9th International Conference of Computing in Economics and Finance (CEF 2003), Seattle, July 2003.
[76] YeRuyi. A economic model of Information Security Investment[MS Dissertation]. Hong Kong: Department of Information and System Management, Hong Kong University of Science and Technology, 2004
[77] Cavusoglu, H. A model for evaluating IT security investments. Communications of the ACM, 2004, 47(7): p87-92
[78] Kokolakis, S. A., Demopoulos, A. J. The use of business process modelling in information systems security analysis and design. Information Management & Computer Security, 2000, 8(3): p107-116
[79] 中华人民共和国计算机信息系统安全保护条例,1994,2.
[80] 全国信息安全标准化技术委员会. TC260 N0001 信息技术安全技术信息系统安全保障等级评估准则 第一部分:简介和一般模型, 2004
[81] R.Ortalo, Y.Deswarte, M.Kaaniche. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions On Software Engineering, 1999, 25(5): p633-650
[82] U.S.A. Department of Defense.Trusted Computer System Evaluation Criteria.DoD-5200. 28-STD, 1985.
[83] 中国信息安全产品测评认证中心. 信息安全理论与技术. 北京: 人民邮电出版社, 2003
[84] Bishop M. , Bailey D. . A critical analysis of vulnerability taxonomies. Department of Computer Science , University of California at Davis : Technical Report CSE296211 , 1996.
[85] Longley D. , Shain M. , Caelli W. . Information Security :Dictionary of Concepts , Standards and Terms. New York :Macmillan , 1992.
[86] Krsul I. . Computer vulnerability analysis thesis proposal. Department of ComputerSciences , Purdue University , West Lafayette : Technical Report CSD2TR2972026 , Coast TR 97205.
[87] GJB 2256-94:军用计算机安全术语. http://www.lzs.gxsti.net.cn/CXY/jyaqsy.htm,2002-10.
[88] Krsul I. , Spafford E. , Tripunitara M. . Computer vulnerability analysis. Department of Computer Sciences , Purdue University , West Lafayette : Technical Report Coast TR 98207 , 1998.
[89] MITRE Corporation: Common Vulnerabilities and Exposures, http://www.cve.mitre.org/.
[90] Peltier,Thomas R. Information Security Risk Analysis.Boca Raton,FL:Auerbasc, 2001.
[91] Allen, J. Improving the security of networked systems. New York: McGraw-Hill, 1998
[92] Caelli, W., Longley, D., Shain, M. Information Security for Managers. Lodon: Stockton Press, 1989
[93] C.Bidan, V.Issarny. Dealing with Multi-Policy Security in Large Open Distributed Systems. Proceedings of 5th European Symposium on Research in Computer Security, Louvain Neuve Belgium. September,1998: p51-66
[94] U.S. Department of Commerce, National Institute of Standards and Technology, Technology Administration. Risk Management Guide: Recommendations of the National Institute of Standards and Technology. Draft, June 2001.
[95] John, A. M., Donald, E. B., John, R. J. Protecting the Network: Research Directions in Information Assurance. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, July 2001, 31(4): p34-54
[96] Common Criteria Project Sponsoring Organizations. Common Criteria for Information Security Evaluation Part 1-3, Version 2.1. August 1999.
[97] Merkow, M. S. The complete guide to Information system security.New York:AMACOM,American Management Association. 2000: p95-97
[98] Farmer D., Venema W.. Improving the security of your site by breaking into it. http://www.Fish.com/security/admin-guide-to-cracking.html , 1993.
[99] Security Administrator Tool for Analyzing Networks ( SATAN) Information and Software. http://www.cerias.purdue.edu/coast/satan.html.
[100] Clark Weissman. Penetration Testing. Technical report, Naval Research Laboratory, January 1995. NRL Technical Memorandum 5540:082A.
[101] B. S. Yee. Security Metrology and the Monty Hall Problem. Available at: http://www.cs.ucsd.edu/~bsy/pub/metrology.pdf, April 2001.
[102] MITRE Corporation. Open Vulnerability Assessment Language. Available at : http://oval.mitre.org, December 2002.
[103] Guy Helmer, Johnny Wong, Mark Slagell, etc. A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System. Symposium on Requirements Engineering for Information Security (SREIS), 2001.
[104] Robyn R. Lutz. Software Engineering for Safety: A Roadmap. Future of Software Engineering(FoSE) at ICSE'00, 2000.
[105] Robyn R. Lutz and Hui-Yin Shaw. Applying Adaptive Safety Analysis Techniques. Proceedings of the Tenth International Symposium on Software Reliability Engineering, 1999.
[106] Redmill F.,Chudleigh M.,Catmur J:HAZOP and Software HAZOP[R].Wiley&sons ,1999.
[107] John McDermott, Chris Fox. Using Abuse Case Models for Security Requirements Analysis. Proceedings of the 15th Annual Computer Security Applications Conference, 1998.
[108] National Security Agency Information Assurance Solutions Technical Directors. Information Assurance Technical Framework, Release 3.0. September 2000.
[109] 王贵驷, 江常青, 张利. 对我国信息系统认证与认可过程的探讨. 计算机工程与应用, 2003, (11): p73-75
[110] GAO Report. Information Security Risk Assessment-Practices of Leading Organizations[R].Report No. AIMD-99-139,1999.
[111] O.Sheyner. Scenario Graphs and Attack Graphs[Ph.D.Dissertation]. Carnegie Mellon University, 2004
[112] C.Ramakrishnan, R.Sekar. Model-based Vulnerability Analysis of Computer Systems. Proceedings of the 2nd International Workshop on Verification, Model Checking and Abstract Interpretation. 1998:
[113] V.Kumar, J.Srivastava, A.Lazarevic. Managing Cyber Threats:Issues, Approaches and Challenges: Kluwer Academic Publishers, 2003
[114] P.Ammann, D.Wijesekera, S.Kaushik et al. Graph-based Network Vulnerability Analysis. Proceeding of the 9th ACM Conference on Computer an d Communications Security. 2002: p217-224
[115] C.Phillips, L.Swiler. A Graph-based System for Network Vulnerability Analysis. Proceedings of the 1998 Workshop on New Security Paradigms Table of Contents. 1998: p71-78
[116] NuSMV Website[EB/OL]. http://nusmv.irst.tic.it/, 2004.
[117] 汪立东. 一种量化的计算机系统和网络安全风险评估方法[博士学位论文]. 哈尔滨: 哈尔滨工业大学, 2002
[118] R.Ritchey, B.O'berry, S.Noel. Representing TCP/IP Connectivity for Topological Analysis of Network Security. Proceeding of the 18th Annual Computer Security Applications Conference. 2002: p25-31
[119] Gregg Schudel, Bradley Wood. Modeling Behavior of the Cyber-Terrorist, http://www.csl.sri.com/~bjwood/cyber_terrorist_model_v4a.pdf.
[120] Bradley J.Wood, An Insider Threat Model For Adversary Simulation, http://www.csl.sri.com/~bjwood/Insider_threat_model_v02.pdf.
[121] Robert H. Anderson, Thomas Bozek, Tom Longsta,Wayne Meitzler, Michael Skroch, Ken Van Wyk. Research on Mitigating the Insider Threat to Information Systems. http://www.rand.org/publications/CF/CF1631.
[122] CERIAS classic vulnerability database user mannual [Z].2000.
[123] graphviz-1.12-1.i386[EB/OL].rpm.http://www.graphviz.ors/pub/graphviz/ARCHIVE/, 2004-11-10.
[124] T.A.Stephenson. An Introduction to Bayesian Network Theory and Usage. IDIAP-RR 00-03, Feb, 2000
[125] F.V.Jensen. An Introduction to Bayesian Networks. London: UC L Press Ltd., 1996
[126] Nils.J.Nilsson(美)著, 郑扣根, 庄越挺译. 人工智能. 北京: 机械工业出版社, 2000
[127] www.ai.nit.edu/murphyk/Software/BNT/bnt.html.
[128] Howard, J. D. An Analysis of Security Incidents on the Internet, 1989-1995 [Ph.D.Dissertation]. Pittsburgh, PA: Department of Engineering and Public Policy, Carnegie Mellon University, April, 1997
[129] Cooper, G., Herskovits, E. A Bayesian Method for the Induction of Bayesian Networks from Data. Machine Learning, 1992, (9): p309-347
[130] Singh, M., Valtorta, M. Construction of Bayesian Network Structures from Data : A Brief Survey and an Efficient Algorithm. International Journal of Approximate Reasoning, 1995, (12): p111-131
[131] KDDCUP99. http://kdd.ics.uci.edu/databases/kddcup99/task.html,
[132] Chickering, D. M. Learning Equivalence Classes of Bayesian Network Structures. Journal of Machine Learning Research, 2002, (2): p445-498
[133] 李怀祖. 决策理论导引. 北京: 机械工业出版社, 1993
[134] Shafer G. A Mathematical Theory of Evidence[M].Princeton University Press, 1976.
[135] Horvitz E, Heckerman D. The inconsistent use of measures of certainty in artificial intelligence research[A].L N Kanal, J F Lemmer. Uncertainty in Artificial Intelligence [C] .Elsevier Science Publishers, 1986.
[136] Information Technology Security Architecture Handbook, Communication Electronic Security, June 1994.
[137] International Organization for Standardization. Code of Practice for Information Security Management. ISO/IEC 17799: 2000, December 2000.
[138] Boucher, T. O., E.L.MacStravic. Multi-attribute evaluation within a present worth framework and its relation to Analytic Hierarchy Process. The Engineering Economist, 1991, 37(1): p1-32
[139] T.L.Saaty. The Analytic Hierarchy Process. New York: McGraw Hill 1980
[140] Boucher, T. O., E.L.MacStravic. A comparison between to multi-attribute decision methodologies use in Capital Investment Decision Analysis, IE Work Papers Series 96-114. Department of Industry Engineering,Rutgers University, 1996
[141] 刘普寅, 吴孟达. 模糊理论及其应用. 长沙: 国防科技大学出版社, 1998
[142] 许树伯. 实用决策方法—层次分析法原理. 天津: 天津大学出版社, 1988
[143] 汤兵勇. 现代模糊管理数学方法. 北京: 中国纺织大学出版社, 1999
[144] P.Szolovits, Pauker.S.G. Categorical and possibility reasoning in medical diagnosis.Artificial Intelligence, 1978, (11): p115-143
[145] F.Herrera., L.Verdegay., J. Linguistic assessments in group decision. Proceeding of 1st European Congress on Fuzzy and Intelligent Technologies, Aachen. 1993: p941-948
[146] Zimmer , A. C. " Verbal vs. numerical processing of subjective probabilities."Decision Making Under Uncertainty, RW. Scholz(ed.), North-Holland, Amsterdam, The Netherlands. 1983
[147] Bodescu, D. V., T.S. Wallsten. "Subjective estimation of precise and vague uncertainties," Judgmental Forecasting, G. Wright and P. Ayton (eds.). New York: John Wiley & Sons, 1987
[148] Zadeh, L. A. The concept of a linguistic variable and its applications to approximate reasoning (Part I). Information Science, 1975a, (8): p199-249
[149] Zadeh, L. A. The concept of a linguistic variable and its applications to approximate reasoning (Part II). Information Science, 1975b, (8): p301-357
[150] Zadeh, L. A. The concept of a linguistic variable and its applications to approximate reasoning (Part III). Information Science, 1975c, (9): p43-80
[151] Bonlssone, P. P., K.S.Decker. Selecting uncertainty calculiand granularity and experiment in trading-off precision and complexity. Kanal L H.Lemmer JF(Eds)Uncertainty in Artifical Intelligence, Amsterdam:North-Holland. 1986: p217-247
[152] G.Bordogna, G.Passi. A fuzzy linguistic approach generalizing Boolean information retrieval: a model and its evaluation. Journal of the American Society for Information Science, 1993, (4): p70-82
[153] F.Herrera, E.Herrera-Viedma, E.Lopez. On the linguistic approach in multi-person decision making. International Conference on Intelligent Technologies in Human-Related Sciences, ITHURS'96, Leon. 1996: p205-213
[154] V.Torra. Negation functions based semantics for ordered linguistic labels. International Journal of Intelligent Systems, 1996, (11): p975-988
[155] Norwich, A. M., Turksen, I. B. A model for the measurement of membership and the consequences of its empirical implementation. Fuzzy Sets and Systems, 1992, (12): p1-25
[156] Jain, R., Agogino, A. M. Calibration of fuzzy linguistic variables for expert systems. Proceedings of Conference on Computers in Engineering, ASME, New York. 1988: p313-318
[157] Turksen, L. B. Measurement of membership functions and their acquisition. Fuzzy Sets and Systems, 1991, (40): p5-38
[158] H.M.Hersh, A.Caramazza. A fuzzy set approach to modifiers and vagueness in natural language. Journal of Experimental Psychology: General, 1976, (105): p254-276
[159] H.M.Hersh, A.Caramazza, H.H.Brownell. Effects of context on fuzzy membership fuctions," , (eds.), , . North-Holland: Amsterdam, The Netherlands, 1979
[160] Rubin, D. C. On measuring fuzzes: A comment on "A fuzzy set approach to modifiers and vagueness in natural language". Journal of Experimental Psychology:General, 1979, (108):p486-489
[161] T.S.Wallsten, Budescu, D. V., A.Rapoport et al. Measuring the vague meanings of probability terms. Journal of Experimental Psychology : General, 1986, 115(4): p348-365
[162] Zimmer, A. C. Verbal vs. numerical processing of subjective probabilities. Decision Making Under Uncertainty, RW. Scholz (ed.), 1983, North-Holland, Amsterdam, The Netherlands: p159-182
[163] Zimmermann, H. J. Fuzzy Sets, Decision Making and Expert Systems. Boston, Massachusetts: Kluwer Academic Publishers, 1987
[164] Hsu, T. H. The fuzzy Delphi analytic hierarchy process. Chinese Fuzzy Systems Association, 1998, 4(4): p59-72
[165] Lee, E. S., Li , R. L. Comparison of Fuzzy Numbers Based on the Probability Measure of Fuzzy Events. Comput .Math. Appl., 1988, (15): p887-896
[166] Cheng, C.-H. Ranking fuzzy numbers with integral value. Fuzzy Sets and Systems, 1992, 50(2): p247-265
[167] 朱学军, 王安麟, 张惠桥. 非稳态罚函数 GA 及其用于机械/结构系统的健壮性设计. 机械科学与技术, 2000, 13(2): p230-233
[168] 陈守煜. 系统模糊决策理论与应用. 大连: 大连理工大学出版社, 1994
[169] G.Stoneburner. Underlying Technical Models for Information Technology Security. National Institute for Standards and Technology SP 800-33, 2001
[170] 潘正君, 康立山, 陈毓屏. 演化计算. 北京: 清华大出版社, 1998
[171] Z.Michalewtcz, K.Deb., M.Schmidt et al. Evolutionary Algorithms Engineering applications. Proceedings of Evolutionary Algorithms in Engineering and Computer Science, EUROGEN. 1999:
[172] Coello, Carlos.A. Use of a self-adaptive penalty approach for engineering optimization problems. Computers in Industry, 2000, 41(2): p113-127
[173] 陈守煜. 工程模糊集理论与应用. 北京: 国防工业出版社, 1998
[174] Jorge N.Farber.Steady state multiobjective optimization of continuous co-polymerization rectors.Polymer Engineering and Science, 1999,(26):p499-507
[175] 胡毓达. 实用多目标优化. 上海: 上海科技出版社, 1990
[176] Coello, C. A. C. An Empirical Study of Evolutionary Techniques for Multiobjective Optimization in Engineering Design[Ph.D.Dissertation]. New Orleans,LA: Department of Computer Science, Tulane University, 1996
[177] Coelo, C. A. C. An Updated Survey of GA-Based Multiobjective Optimization Techniques. Laboratorio Nacional de Informfitica Avanzada (LANIA), 1998-08
[178] David, A., Veldhuizen, V., Lamont, G. B. Multiobjective Evolutionary Algorithms: Analyzing the state-of-the-art. Evolutionary Computation, 2000, 8(2): p125-147
[179] Zitzler, E. Evolutionary Algorithms for Multiobjective Optimization: Methods and Applications[Ph.D.Dissertation]. Zurich: Swiss Federal Institute of Technology (ETH), 1999
[180] 刘勇, 康立山, 陈毓屏. 非数值并行算法(第二册):遗传算法. 北京: 科学出版社, 1995
[181] Deb, K. Multi-Objective Genetic Algorithms: Problem Difficulties and Construction of Test Problems. Department of Computer Science/LS 11, University of Dortmund, Germany, 1998
[182] Schaffer, J. D. Multiple Objective Optimization with Vector Evaluated Genetic Algorithms[Ph.D.Dissertation]. Vanderbilt University, 1984
[183] Goldberg, D. E. Genetic Algorithms in Search,Optimization and Machine Learning. Massachusetts: Addison-Wesley, Publishing Company, Reading, 1989
[184] Fonseca, C. M., Fleming, P. J. Multiobjective Optimization and Multiple Constraint Handling with Evolutionary Algorithms--Part I: A Unified Formulation. IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans, 1998, 28(1): p26-37
[185] Horn, J., Nafpliotis, N., Goldberg, D. E. A Niched Pareto Genetic Algorithm for Multiobjective Optimization. In Proceedings of the First IEEE Conference on Evolutionary Computation, Piscataway, New Jersey: IEEE World Congress on Computational Intelligence. June 1994:
[186] Srinivas, N., Deb, K. Multiobjective Optimization Using Non-dominated Sorting in Genetic Algorithms. Evolutionary Computation, 1994, 2(3): p221-248
[187] Zitzler, E., Thiele, L. An Evolutionary Algorithm for Multiobjective Optimization: The Strength Pareto Approach. Computer Engineering and Communication Networks Lab (TIK), Swiss Federal Institute of Technology (ETH) Zurich, Gloriastrasse 35, CH-8092, 1998
[188] 高瑛. 废物最小化的过程集成方法研究[博士学位论文]. 大连: 大连理工大学化工学院, 2001
[189] Deb, K. Evolutionary algorithms for multi-criterion optimization in engineering design. New York: Wiley, 1999
[190] Schaffer, J. D. Some Experiments in Machine Learning Using Vector Evaluated Genetic Algorithms[Ph.D.Dissertation]. Nashville: Vanderbilt University, 1984
[191] Srinivas, N., Deb, K. Multiobjective function optimization using nondominated sorting genetic algorithms. Evolutionary Computation, 1995, 2(3): p221-248
[192] 宜家骥. 多目标决策. 长沙: 湖南科学技术出版社, 1989
[193] 兰继斌,徐扬.模糊多属性决策的折衷方法.系统工程与电子技术, 2004,(1):p42-46
[194] 李荣均. 模糊多准则决策理论与应用. 北京: 科学出版社, 2002
[195] 赵海燕, 曹健, 张友良. 一种群体评价一致性合成方法. 系统工程理论与实践, 2000, 20(7): p52-57
[196] Cooke, S., Slack, N. 制定管理决策教程. 北京: 华夏出版社, 2000
[197] Chen, C. T. Extensions of the TOPSIS For Group Decision-Making Under Fuzzy Environment. Fuzzy Sets and Systems, 2000, 114: p1-9
[2] 人民日报.2005,3 月 21 日第三版.
[3] Townsend, Timothy J., Security Adequacy Review Process and Technology.Technical White Paper.Palo Alto, CA: Sun Microsystems, 1998.
[4] Hoffman, L. J., Hung, B. T. A Pictorial Representation and Validation of the Emerging Computer System Security Risk Management Framework. Computer Security Risk Management Model Builders Workshop, Ottawa, Canada. June 20–22, 1989: 6
[5] The International Organization for Standardization. Common Criteria for Information Technology Security Evaluation. ISO/IEC15408, 1999(E)
[6] International Organization for Standardization. ISO/IEC TR 13335. Guidelines for the Management of IT Security (GMITS). 1996-2001
[7] SSE-CMM Model Description Document Version 2.0. 1999, http://www.sse-cmm.org,
[8] National Security Agency. Information Assurance Technical Framework (IATF),Version 3.0. 2000, http://www.iatf.net.
[9] Canada. Integrated Risk Management Framework: A Report on Implementation Progress,http://www.tbs-sct.gc.ca/rm-gr/irmf-cgir/2003-03-rprt_e.asp. 2003
[10] (美)克里斯多夫.阿尔伯玆, (美)奥黛莉.多诺菲. 信息安全风险管理:OCTAVESM方法. 北京: 清华大学出版社, 2003
[11] Australian/New Zealand Standard AS/N7,S 4360: 1999: Risk Management[S] .1999.
[12] General Accounting Office.AIMD-99-139[R].1999.
[13] Neumann. Computer-related risks[M]: ACM Press, Addison-Wesley Publishing Company, 1995
[14] Gareth Davies. Risk Analysis Generations-The evolution of Risk Analysis. August 1999, http://csweb.rau.ac.za/deth/research/article_page.htm.
[15] Wright.Third generation risk management practices. Computer fraud and security, Elsevier Science Ltd., February 1999.
[16] Haimes, Y. Risk Modeling, Assessment, and Management. Wiley Series in Systems Engineering. New York: John Wiley& Sons, August 1998
[17] L.J. Hoffman, Computer security risk analysis, in L.A.Cox and P.F. Ricci (eds), New Risks: Issues and Management, Plenum Press, New York, 1990, pp. 371-377.,
[18] Badenhorst, K. P., Eloff, J. H. P. Computer security methodology: risk analysis and project definition. Computers &Security, 1990, (9): p339-346
[19] Tregear, J., Consultant., S. Risk Assessment. Information Security Technical Report, 2001, 6(3): p19-27
[20] S.P.Bennett, M.P.Kailay. An application of qualitative risk analysis to computer security for the commercial sector. Information Security Technical Report, 2001, 6(3): p28-36
[21] Jelen, G. F., Williams, J. R. A Practical Approach to Measuring Assurance. 14th Annual Computer Security Applications Conference December 7-11, 1998:
[22] Foss, J. A., Barbosa., S. Assessing Computer Security Vulnerability. Operating System Review, 1995, 29(3): p3-13
[23] 钱钢. 信息系统安全的工程化管理研究[博士学位论文]. 南京: 东南大学, 2002
[24] Risk analysis modeling with the use of fuzzy logic.
[25] 朱而刚, 张素英. 基于灰色评估的信息安全风险评估模型. 信息安全与通信保密, 2004, (7): p32-35
[26] L.F.Kwok, D, L. Information security management and modeling. Information Management and Computer Security, 1999, 7(1): p30-39
[27] Parker, D. Why the Due Care security review method is superior to Risk Assessment. CSI ALERT Newsletter, Number 212., November 2000.
[28] Jung, C. Risk Analysis for Electronic Commerce Using Case-Based Reasoning. International Journal of Intelligent Systems in Accounting, Finance & Management, 1999, (8): p61-73
[29] CORAS IST-2000-25031 Web Site[EB/OL].http://www.nr.no/coras. February 24, 2006.
[30] Reactive System Design Support, “RSDS” [EB/OL].http://www.kcl.ac.uk. 2002.
[31] Staniford-Chen, S., Cheung, S., Crawford, R. et al. GrIDS - A Graph Based Intrusion Detection System for Large Networks. 19th National Information Systems Security Conference, Baltimore, Maryland: National Institute of Standards and Technology and National Computer Security Center. 1996: p361-370
[32] Krsul, I. V. Software Vulnerability Analysis[Ph.D.Dissertation]. West Lafayette, Indiana: Department of Computer Sciences, Purdue University, 1998
[33] Levin, D. Lessons Learned in Using Live Red Teams in IA Experiments. DARPA Information Survivability Conference and Exposition (DISCEX’03), Washington, D.C.: IEEE Computer Society. 2003, 1: p110-119
[34] Steffan, J., Schumacher, M. Collaborative Attack Modeling. Proceedings: 2002 ACM Symposium on Applied Computing (SAC 2002), Madrid, Spain: ACM/SIGAPP. 2002: p253-259
[35] Cheung, S., Lindqvist, U., Fong, M. W. Modeling Multistep Cyber Attacks for Scenario Recognition. Proceedings: DARPA Information Survivability Conference and Exposition (DISCEX’03), Washington, D.C.: IEEE Computer Society. 2003: p284-292
[36] Geib, C., Goldman, R., Harp, S. et al. Argus - An Architecture for Cooperating Intrusion Detection and Mitigation Applications. Honeywell Technology Center, 2004
[37] Zerkle, D., K. Levitt. NetKuang - A Multi-Host Configuration Vulnerability Checker Proceedings: 6th USENIX Security Symposium, San Jose, California: The USENIX Association. 1996: p195-201
[38] Dacier, M., Deswarte, Y., Ka?aniche, M. Quantitative Assessment of Operational Security: Models and Tools. Laboratory for Analysis and Architecture of Systems, National Center for Scientific Research (LAAS-CNRS), 1996
[39] Cha, S. S., Leveson, N. G., T. J. Shimeall. Safety Verification in MURPHY Using Fault Tree Analysis. Proceedings: 10th International Conference on Software Engineering, Singapore. 1988: p377-386
[40] Vesely, W. E., Goldberg, F. F., Roberts, N. H. et al. Fault Tree Handbook. Washington DC USA: Systems and Reliability Research, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission, 1981
[41] Helmer, G., Wong, J., Slagell, M. et al. Software Fault Tree and Colored Petri Net Based Specification, Design and Implementation of Agent-Based Intrusion Detection System. Requirements Engineering, 2000, 7(4): p207-220
[42] Schneier, B. Attack Trees. Dr. Dobb's Journal, 1999, 24(12): p21-29
[43] Cunningham, W. H. Optimal Attack and Reinforcement of A Network. Journal of the ACM (JACM), 1985, 32(3): p549-561
[44] Jha, S., Sheyner, O., Wing, J. Two Formal Analyses of Attack Graphs. Proceedings: 15th IEEE Computer Security Foundations Workshop (CSFW’15), Cape Breton, Nova Scotia, Canada. 2002: p49-63
[45] Kewley, D. L., J. F. Bouchard. DARPA Information Assurance Program Dynamic Defense Experiment Summary. IEEE Transactions on Systems, Man and Cybernetics - Part A: System and Humans, 2001, 31(4): p331-336
[46] Noel, S., Jajodia, S. Managing Attack Graph Complexity through Visual Hierarchical Aggregation. Proceedings: ACM CCS Workshop on Visualization and Data Mining for Computer Security, Fairfax, Virginia. 2004: p109-118
[47] Rieke, R. Tool Based Formal Modelling, Analysis and Visualisation of Enterprise Network Vulnerabilities Utilising Attack Graph Exploration. EICAR 2004 Conference CD-ROM: Best Paper Proceedings, Copenhagen. 2004: EICAR e.V.
[48] Ritchey, R. W., Ammann, P. Using Model Checking to Analyze Network Vulnerabilities. Proceedings: 2000 IEEE Computer Society Symposium on Security and Privacy (S&P 2000), Oakland, California. 2000: p156-165
[49] Sheyner, O., Haines, J., Jha, S. et al. Automated Generation and Analysis of Attack Graphs. Proceedings: 2002 IEEE Symposium on Security and Privacy (S&P 2002), Oakland, California. 2002: p254-265
[50] Swiler, L. P., Phillips, C., Ellis, D. et al. Computer-Attack Graph Generation Tool. Proceedings: DARPA Information Survivability Conference and Exposition (DISCEX II’01), Anaheim, California. 2001, 2: p1307-1321
[51] Swiler, L. P., Phillips, C., T. Gaylor. A Graph-Based Network-Vulnerability Analysis System. Sandia National Laboratories, Albuquerque, 1998
[52] Palshikar, G. K. An Introduction to Model Checking. CMP Media LLC,Manhasset, 2004
[53] B′erard, B., Bidoit, M., Finkel, A. et al. Systems and Software Verification: Model-Checking Techniques and Tools. Berlin, Germany: Springer-Verlag, 2001
[54] Das, K. J. Attack Development for Intrusion Detection Evaluation[MS.Dissertation]. Massachusetts: Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology,Cambridge, 2000
[55] Deraison, R. The Nessus Project. Nessus Open Source Vulnerability Scanner Project, 2004
[56] Elements, S.Secure Elements-Homepage.Secure Elements, http://www.secureelements.com/ (current July 2005), 2005
[57] Fox, K. L., Henning, R. R., Farrell, J. T. et al. A Prototype Next Generation Information Assurance Tool: A Data Fusion Model for Information System Defense. Proceedings: 7th World Multiconference on Systemics, Cybernetics and Informatics (SCI 2003), Orlando, Florida. 2003, 1: p284-289
[58] Gallagher, P. R. Glossary of Computer Security Terms. National Computer Security Center, Department of Defense, Fort George G. Meade, MD, 1998
[59] Jajodia, S., Noel, S., O’Berry, B. Topological Analysis of Network Attack Vulnerability. Boston,Massachusetts: Kluwer Academic Publisher, 2003
[60] Noel, S., Jajodia, S., O’Berry, B. et al. Efficient Minimum-Cost Network Hardening via Exploit Dependency Graphs. Proceedings: 19th Annual Computer Security Applications Conference, Las Vegas, Nevada. 2003:
[61] McDermott, J. Attack Net Penetration Testing. Proceedings: 2000 New Security Paradigms Workshop (NSPW’00), Cork, Ireland. 2000: p15-21
[62] Templeton, S. J., Levitt, K. A Requires/Provides Model for Computer Attacks. Proceedings: 2000 New Security Paradigms Workshop (NSPW’00), Cork, Ireland. 2000: p31-38
[63] Ramakrishnan, C. R., Sekar, R. Model-Based Analysis of Configuration Vulnerabilities. Journal of Computer Security, 2002, 10(1-2): p189-209
[64] Reifer, D., Ragan, T., Kalb, G. Recovery from A Cyber Attack. Proceedings: Software Technology Conference (STC) ' 99, Salt Lake City, Utah. 1999:
[65] Hamilton, S. N., Miller, W. L., Ott, A. et al. The Role of Game Theory in Information Warfare. Proceedings: 4th Information Survivability Workshop (ISW-2001/2002), Vancouver, BC, Canada. 2002:
[66] Hamilton, S. N., Miller, W. L., Ott, A. et al. Challenges in Applying Game Theory to the Domain of Information Warfare. Proceedings: 4th Information Survivability Workshop (ISW-2001/2002), Vancouver, BC, Canada: IEEE Computer Society. 2002:
[67] Alpcan, T., Basar, T. A Game Theoretic Approach to Decision and Analysis in Network Intrusion Detection. Proceedings: IEEE Conference on Decision and Control, Maui, Hawaii: IEEE Computer Society. 2003: p2595-2600
[68] Turban, E., Wetherbe, J., Mclean, E. Information Technology for Management: Improving Quality and Productivity. New York: John Wiley and Sons, 1996
[69] Benaroch, M. Managing Information Technology Investment Risk: A Real OptionsPerspective. Journal of Management Information Systems, 2002:
[70] Bilar, D. Quantitative risk analysis of computer networks[Ph.D.Dissertation]. Hanover, New Hampshire: Thayer School of Engineering,Dartmouth University, 2003
[71] Gehani, A. Support for automated passive host-based intrusion response[Ph.D.Dissertation]. Durham, North Caronila: Department of Computer Science,Duke University, 2003
[72] Butler, S. A. Security Attribute Evaluation Method[Ph.D.Dissertation]. Pittsburgh, PA: Department of Computer Science, Carnegie Mellon University, 2003
[73] Nick (Ning) Xie, Nancy R. Mead. SQUARE Project: Cost/Benefit Analysis Framework for Information Security Improvement Projects in Small Companies. Department of Computer Science , University of California at Davis : Technical Report TCMU/SEI-2004-TN-045, 2004.
[74] Gordon, L. A. The Economics of Information Security Investment. ACM Transactions on Information and System Security, 2002, 5(4): p438-457
[75] Kanta Matsuura, Information Security and Economics in Computer Networks: An Interdisciplinary Survey and a Proposal of Integrated Optimization of Investment, the 9th International Conference of Computing in Economics and Finance (CEF 2003), Seattle, July 2003.
[76] YeRuyi. A economic model of Information Security Investment[MS Dissertation]. Hong Kong: Department of Information and System Management, Hong Kong University of Science and Technology, 2004
[77] Cavusoglu, H. A model for evaluating IT security investments. Communications of the ACM, 2004, 47(7): p87-92
[78] Kokolakis, S. A., Demopoulos, A. J. The use of business process modelling in information systems security analysis and design. Information Management & Computer Security, 2000, 8(3): p107-116
[79] 中华人民共和国计算机信息系统安全保护条例,1994,2.
[80] 全国信息安全标准化技术委员会. TC260 N0001 信息技术安全技术信息系统安全保障等级评估准则 第一部分:简介和一般模型, 2004
[81] R.Ortalo, Y.Deswarte, M.Kaaniche. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions On Software Engineering, 1999, 25(5): p633-650
[82] U.S.A. Department of Defense.Trusted Computer System Evaluation Criteria.DoD-5200. 28-STD, 1985.
[83] 中国信息安全产品测评认证中心. 信息安全理论与技术. 北京: 人民邮电出版社, 2003
[84] Bishop M. , Bailey D. . A critical analysis of vulnerability taxonomies. Department of Computer Science , University of California at Davis : Technical Report CSE296211 , 1996.
[85] Longley D. , Shain M. , Caelli W. . Information Security :Dictionary of Concepts , Standards and Terms. New York :Macmillan , 1992.
[86] Krsul I. . Computer vulnerability analysis thesis proposal. Department of ComputerSciences , Purdue University , West Lafayette : Technical Report CSD2TR2972026 , Coast TR 97205.
[87] GJB 2256-94:军用计算机安全术语. http://www.lzs.gxsti.net.cn/CXY/jyaqsy.htm,2002-10.
[88] Krsul I. , Spafford E. , Tripunitara M. . Computer vulnerability analysis. Department of Computer Sciences , Purdue University , West Lafayette : Technical Report Coast TR 98207 , 1998.
[89] MITRE Corporation: Common Vulnerabilities and Exposures, http://www.cve.mitre.org/.
[90] Peltier,Thomas R. Information Security Risk Analysis.Boca Raton,FL:Auerbasc, 2001.
[91] Allen, J. Improving the security of networked systems. New York: McGraw-Hill, 1998
[92] Caelli, W., Longley, D., Shain, M. Information Security for Managers. Lodon: Stockton Press, 1989
[93] C.Bidan, V.Issarny. Dealing with Multi-Policy Security in Large Open Distributed Systems. Proceedings of 5th European Symposium on Research in Computer Security, Louvain Neuve Belgium. September,1998: p51-66
[94] U.S. Department of Commerce, National Institute of Standards and Technology, Technology Administration. Risk Management Guide: Recommendations of the National Institute of Standards and Technology. Draft, June 2001.
[95] John, A. M., Donald, E. B., John, R. J. Protecting the Network: Research Directions in Information Assurance. IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, July 2001, 31(4): p34-54
[96] Common Criteria Project Sponsoring Organizations. Common Criteria for Information Security Evaluation Part 1-3, Version 2.1. August 1999.
[97] Merkow, M. S. The complete guide to Information system security.New York:AMACOM,American Management Association. 2000: p95-97
[98] Farmer D., Venema W.. Improving the security of your site by breaking into it. http://www.Fish.com/security/admin-guide-to-cracking.html , 1993.
[99] Security Administrator Tool for Analyzing Networks ( SATAN) Information and Software. http://www.cerias.purdue.edu/coast/satan.html.
[100] Clark Weissman. Penetration Testing. Technical report, Naval Research Laboratory, January 1995. NRL Technical Memorandum 5540:082A.
[101] B. S. Yee. Security Metrology and the Monty Hall Problem. Available at: http://www.cs.ucsd.edu/~bsy/pub/metrology.pdf, April 2001.
[102] MITRE Corporation. Open Vulnerability Assessment Language. Available at : http://oval.mitre.org, December 2002.
[103] Guy Helmer, Johnny Wong, Mark Slagell, etc. A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System. Symposium on Requirements Engineering for Information Security (SREIS), 2001.
[104] Robyn R. Lutz. Software Engineering for Safety: A Roadmap. Future of Software Engineering(FoSE) at ICSE'00, 2000.
[105] Robyn R. Lutz and Hui-Yin Shaw. Applying Adaptive Safety Analysis Techniques. Proceedings of the Tenth International Symposium on Software Reliability Engineering, 1999.
[106] Redmill F.,Chudleigh M.,Catmur J:HAZOP and Software HAZOP[R].Wiley&sons ,1999.
[107] John McDermott, Chris Fox. Using Abuse Case Models for Security Requirements Analysis. Proceedings of the 15th Annual Computer Security Applications Conference, 1998.
[108] National Security Agency Information Assurance Solutions Technical Directors. Information Assurance Technical Framework, Release 3.0. September 2000.
[109] 王贵驷, 江常青, 张利. 对我国信息系统认证与认可过程的探讨. 计算机工程与应用, 2003, (11): p73-75
[110] GAO Report. Information Security Risk Assessment-Practices of Leading Organizations[R].Report No. AIMD-99-139,1999.
[111] O.Sheyner. Scenario Graphs and Attack Graphs[Ph.D.Dissertation]. Carnegie Mellon University, 2004
[112] C.Ramakrishnan, R.Sekar. Model-based Vulnerability Analysis of Computer Systems. Proceedings of the 2nd International Workshop on Verification, Model Checking and Abstract Interpretation. 1998:
[113] V.Kumar, J.Srivastava, A.Lazarevic. Managing Cyber Threats:Issues, Approaches and Challenges: Kluwer Academic Publishers, 2003
[114] P.Ammann, D.Wijesekera, S.Kaushik et al. Graph-based Network Vulnerability Analysis. Proceeding of the 9th ACM Conference on Computer an d Communications Security. 2002: p217-224
[115] C.Phillips, L.Swiler. A Graph-based System for Network Vulnerability Analysis. Proceedings of the 1998 Workshop on New Security Paradigms Table of Contents. 1998: p71-78
[116] NuSMV Website[EB/OL]. http://nusmv.irst.tic.it/, 2004.
[117] 汪立东. 一种量化的计算机系统和网络安全风险评估方法[博士学位论文]. 哈尔滨: 哈尔滨工业大学, 2002
[118] R.Ritchey, B.O'berry, S.Noel. Representing TCP/IP Connectivity for Topological Analysis of Network Security. Proceeding of the 18th Annual Computer Security Applications Conference. 2002: p25-31
[119] Gregg Schudel, Bradley Wood. Modeling Behavior of the Cyber-Terrorist, http://www.csl.sri.com/~bjwood/cyber_terrorist_model_v4a.pdf.
[120] Bradley J.Wood, An Insider Threat Model For Adversary Simulation, http://www.csl.sri.com/~bjwood/Insider_threat_model_v02.pdf.
[121] Robert H. Anderson, Thomas Bozek, Tom Longsta,Wayne Meitzler, Michael Skroch, Ken Van Wyk. Research on Mitigating the Insider Threat to Information Systems. http://www.rand.org/publications/CF/CF1631.
[122] CERIAS classic vulnerability database user mannual [Z].2000.
[123] graphviz-1.12-1.i386[EB/OL].rpm.http://www.graphviz.ors/pub/graphviz/ARCHIVE/, 2004-11-10.
[124] T.A.Stephenson. An Introduction to Bayesian Network Theory and Usage. IDIAP-RR 00-03, Feb, 2000
[125] F.V.Jensen. An Introduction to Bayesian Networks. London: UC L Press Ltd., 1996
[126] Nils.J.Nilsson(美)著, 郑扣根, 庄越挺译. 人工智能. 北京: 机械工业出版社, 2000
[127] www.ai.nit.edu/murphyk/Software/BNT/bnt.html.
[128] Howard, J. D. An Analysis of Security Incidents on the Internet, 1989-1995 [Ph.D.Dissertation]. Pittsburgh, PA: Department of Engineering and Public Policy, Carnegie Mellon University, April, 1997
[129] Cooper, G., Herskovits, E. A Bayesian Method for the Induction of Bayesian Networks from Data. Machine Learning, 1992, (9): p309-347
[130] Singh, M., Valtorta, M. Construction of Bayesian Network Structures from Data : A Brief Survey and an Efficient Algorithm. International Journal of Approximate Reasoning, 1995, (12): p111-131
[131] KDDCUP99. http://kdd.ics.uci.edu/databases/kddcup99/task.html,
[132] Chickering, D. M. Learning Equivalence Classes of Bayesian Network Structures. Journal of Machine Learning Research, 2002, (2): p445-498
[133] 李怀祖. 决策理论导引. 北京: 机械工业出版社, 1993
[134] Shafer G. A Mathematical Theory of Evidence[M].Princeton University Press, 1976.
[135] Horvitz E, Heckerman D. The inconsistent use of measures of certainty in artificial intelligence research[A].L N Kanal, J F Lemmer. Uncertainty in Artificial Intelligence [C] .Elsevier Science Publishers, 1986.
[136] Information Technology Security Architecture Handbook, Communication Electronic Security, June 1994.
[137] International Organization for Standardization. Code of Practice for Information Security Management. ISO/IEC 17799: 2000, December 2000.
[138] Boucher, T. O., E.L.MacStravic. Multi-attribute evaluation within a present worth framework and its relation to Analytic Hierarchy Process. The Engineering Economist, 1991, 37(1): p1-32
[139] T.L.Saaty. The Analytic Hierarchy Process. New York: McGraw Hill 1980
[140] Boucher, T. O., E.L.MacStravic. A comparison between to multi-attribute decision methodologies use in Capital Investment Decision Analysis, IE Work Papers Series 96-114. Department of Industry Engineering,Rutgers University, 1996
[141] 刘普寅, 吴孟达. 模糊理论及其应用. 长沙: 国防科技大学出版社, 1998
[142] 许树伯. 实用决策方法—层次分析法原理. 天津: 天津大学出版社, 1988
[143] 汤兵勇. 现代模糊管理数学方法. 北京: 中国纺织大学出版社, 1999
[144] P.Szolovits, Pauker.S.G. Categorical and possibility reasoning in medical diagnosis.Artificial Intelligence, 1978, (11): p115-143
[145] F.Herrera., L.Verdegay., J. Linguistic assessments in group decision. Proceeding of 1st European Congress on Fuzzy and Intelligent Technologies, Aachen. 1993: p941-948
[146] Zimmer , A. C. " Verbal vs. numerical processing of subjective probabilities."Decision Making Under Uncertainty, RW. Scholz(ed.), North-Holland, Amsterdam, The Netherlands. 1983
[147] Bodescu, D. V., T.S. Wallsten. "Subjective estimation of precise and vague uncertainties," Judgmental Forecasting, G. Wright and P. Ayton (eds.). New York: John Wiley & Sons, 1987
[148] Zadeh, L. A. The concept of a linguistic variable and its applications to approximate reasoning (Part I). Information Science, 1975a, (8): p199-249
[149] Zadeh, L. A. The concept of a linguistic variable and its applications to approximate reasoning (Part II). Information Science, 1975b, (8): p301-357
[150] Zadeh, L. A. The concept of a linguistic variable and its applications to approximate reasoning (Part III). Information Science, 1975c, (9): p43-80
[151] Bonlssone, P. P., K.S.Decker. Selecting uncertainty calculiand granularity and experiment in trading-off precision and complexity. Kanal L H.Lemmer JF(Eds)Uncertainty in Artifical Intelligence, Amsterdam:North-Holland. 1986: p217-247
[152] G.Bordogna, G.Passi. A fuzzy linguistic approach generalizing Boolean information retrieval: a model and its evaluation. Journal of the American Society for Information Science, 1993, (4): p70-82
[153] F.Herrera, E.Herrera-Viedma, E.Lopez. On the linguistic approach in multi-person decision making. International Conference on Intelligent Technologies in Human-Related Sciences, ITHURS'96, Leon. 1996: p205-213
[154] V.Torra. Negation functions based semantics for ordered linguistic labels. International Journal of Intelligent Systems, 1996, (11): p975-988
[155] Norwich, A. M., Turksen, I. B. A model for the measurement of membership and the consequences of its empirical implementation. Fuzzy Sets and Systems, 1992, (12): p1-25
[156] Jain, R., Agogino, A. M. Calibration of fuzzy linguistic variables for expert systems. Proceedings of Conference on Computers in Engineering, ASME, New York. 1988: p313-318
[157] Turksen, L. B. Measurement of membership functions and their acquisition. Fuzzy Sets and Systems, 1991, (40): p5-38
[158] H.M.Hersh, A.Caramazza. A fuzzy set approach to modifiers and vagueness in natural language. Journal of Experimental Psychology: General, 1976, (105): p254-276
[159] H.M.Hersh, A.Caramazza, H.H.Brownell. Effects of context on fuzzy membership fuctions," , (eds.), , . North-Holland: Amsterdam, The Netherlands, 1979
[160] Rubin, D. C. On measuring fuzzes: A comment on "A fuzzy set approach to modifiers and vagueness in natural language". Journal of Experimental Psychology:General, 1979, (108):p486-489
[161] T.S.Wallsten, Budescu, D. V., A.Rapoport et al. Measuring the vague meanings of probability terms. Journal of Experimental Psychology : General, 1986, 115(4): p348-365
[162] Zimmer, A. C. Verbal vs. numerical processing of subjective probabilities. Decision Making Under Uncertainty, RW. Scholz (ed.), 1983, North-Holland, Amsterdam, The Netherlands: p159-182
[163] Zimmermann, H. J. Fuzzy Sets, Decision Making and Expert Systems. Boston, Massachusetts: Kluwer Academic Publishers, 1987
[164] Hsu, T. H. The fuzzy Delphi analytic hierarchy process. Chinese Fuzzy Systems Association, 1998, 4(4): p59-72
[165] Lee, E. S., Li , R. L. Comparison of Fuzzy Numbers Based on the Probability Measure of Fuzzy Events. Comput .Math. Appl., 1988, (15): p887-896
[166] Cheng, C.-H. Ranking fuzzy numbers with integral value. Fuzzy Sets and Systems, 1992, 50(2): p247-265
[167] 朱学军, 王安麟, 张惠桥. 非稳态罚函数 GA 及其用于机械/结构系统的健壮性设计. 机械科学与技术, 2000, 13(2): p230-233
[168] 陈守煜. 系统模糊决策理论与应用. 大连: 大连理工大学出版社, 1994
[169] G.Stoneburner. Underlying Technical Models for Information Technology Security. National Institute for Standards and Technology SP 800-33, 2001
[170] 潘正君, 康立山, 陈毓屏. 演化计算. 北京: 清华大出版社, 1998
[171] Z.Michalewtcz, K.Deb., M.Schmidt et al. Evolutionary Algorithms Engineering applications. Proceedings of Evolutionary Algorithms in Engineering and Computer Science, EUROGEN. 1999:
[172] Coello, Carlos.A. Use of a self-adaptive penalty approach for engineering optimization problems. Computers in Industry, 2000, 41(2): p113-127
[173] 陈守煜. 工程模糊集理论与应用. 北京: 国防工业出版社, 1998
[174] Jorge N.Farber.Steady state multiobjective optimization of continuous co-polymerization rectors.Polymer Engineering and Science, 1999,(26):p499-507
[175] 胡毓达. 实用多目标优化. 上海: 上海科技出版社, 1990
[176] Coello, C. A. C. An Empirical Study of Evolutionary Techniques for Multiobjective Optimization in Engineering Design[Ph.D.Dissertation]. New Orleans,LA: Department of Computer Science, Tulane University, 1996
[177] Coelo, C. A. C. An Updated Survey of GA-Based Multiobjective Optimization Techniques. Laboratorio Nacional de Informfitica Avanzada (LANIA), 1998-08
[178] David, A., Veldhuizen, V., Lamont, G. B. Multiobjective Evolutionary Algorithms: Analyzing the state-of-the-art. Evolutionary Computation, 2000, 8(2): p125-147
[179] Zitzler, E. Evolutionary Algorithms for Multiobjective Optimization: Methods and Applications[Ph.D.Dissertation]. Zurich: Swiss Federal Institute of Technology (ETH), 1999
[180] 刘勇, 康立山, 陈毓屏. 非数值并行算法(第二册):遗传算法. 北京: 科学出版社, 1995
[181] Deb, K. Multi-Objective Genetic Algorithms: Problem Difficulties and Construction of Test Problems. Department of Computer Science/LS 11, University of Dortmund, Germany, 1998
[182] Schaffer, J. D. Multiple Objective Optimization with Vector Evaluated Genetic Algorithms[Ph.D.Dissertation]. Vanderbilt University, 1984
[183] Goldberg, D. E. Genetic Algorithms in Search,Optimization and Machine Learning. Massachusetts: Addison-Wesley, Publishing Company, Reading, 1989
[184] Fonseca, C. M., Fleming, P. J. Multiobjective Optimization and Multiple Constraint Handling with Evolutionary Algorithms--Part I: A Unified Formulation. IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans, 1998, 28(1): p26-37
[185] Horn, J., Nafpliotis, N., Goldberg, D. E. A Niched Pareto Genetic Algorithm for Multiobjective Optimization. In Proceedings of the First IEEE Conference on Evolutionary Computation, Piscataway, New Jersey: IEEE World Congress on Computational Intelligence. June 1994:
[186] Srinivas, N., Deb, K. Multiobjective Optimization Using Non-dominated Sorting in Genetic Algorithms. Evolutionary Computation, 1994, 2(3): p221-248
[187] Zitzler, E., Thiele, L. An Evolutionary Algorithm for Multiobjective Optimization: The Strength Pareto Approach. Computer Engineering and Communication Networks Lab (TIK), Swiss Federal Institute of Technology (ETH) Zurich, Gloriastrasse 35, CH-8092, 1998
[188] 高瑛. 废物最小化的过程集成方法研究[博士学位论文]. 大连: 大连理工大学化工学院, 2001
[189] Deb, K. Evolutionary algorithms for multi-criterion optimization in engineering design. New York: Wiley, 1999
[190] Schaffer, J. D. Some Experiments in Machine Learning Using Vector Evaluated Genetic Algorithms[Ph.D.Dissertation]. Nashville: Vanderbilt University, 1984
[191] Srinivas, N., Deb, K. Multiobjective function optimization using nondominated sorting genetic algorithms. Evolutionary Computation, 1995, 2(3): p221-248
[192] 宜家骥. 多目标决策. 长沙: 湖南科学技术出版社, 1989
[193] 兰继斌,徐扬.模糊多属性决策的折衷方法.系统工程与电子技术, 2004,(1):p42-46
[194] 李荣均. 模糊多准则决策理论与应用. 北京: 科学出版社, 2002
[195] 赵海燕, 曹健, 张友良. 一种群体评价一致性合成方法. 系统工程理论与实践, 2000, 20(7): p52-57
[196] Cooke, S., Slack, N. 制定管理决策教程. 北京: 华夏出版社, 2000
[197] Chen, C. T. Extensions of the TOPSIS For Group Decision-Making Under Fuzzy Environment. Fuzzy Sets and Systems, 2000, 114: p1-9
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |