基于D-AHP与灰色理论的信息安全风险评估

doi:10.19678/j.issn.1000-3428.0052209

计算机工程 ›› 2019, Vol. 45 ›› Issue (7): 194-202. doi: 10.19678/j.issn.1000-3428.0052209

基于D-AHP与灰色理论的信息安全风险评估

许硕, 唐作其, 王鑫

贵州大学计算机科学与技术学院, 贵阳 550025

收稿日期:2018-07-25 修回日期:2018-08-30 出版日期:2019-07-15 发布日期:2019-07-23
作者简介:许硕(1993-),男,硕士研究生,主研方向为信息安全;唐作其(通信作者),副教授;王鑫,硕士研究生。
基金资助:
贵州省科技计划项目（黔科合平台人才[2018]5616）；贵州大学青年教师科研基金项目（贵大青合字（2013）01号）。

Information Security Risk Assessment Based on D-AHP and Grey Theory

XU Shuo, TANG Zuoqi, WANG Xin

College of Computer Science and Technology, Guizhou University, Guiyang 550025, China

Received:2018-07-25 Revised:2018-08-30 Online:2019-07-15 Published:2019-07-23

摘要/Abstract

摘要： 充分考虑评估信息不确定性对评估结果的影响，提出一种基于D数层次分析法（D-AHP）与灰色理论的信息安全风险评估方法。根据相关行业标准识别信息系统的资产、威胁、脆弱性及已有安全措施，构建评估指标体系并建立层次化结构模型。使用D-AHP方法求解各指标的影响权重，以解决评估信息不确定性问题。针对评估过程中信息资源不足的灰性特征，运用灰色理论求解灰色评价矩阵。在此基础上，对信息安全风险进行综合评估并直观显示评估结果。分析表明，该方法可利用不确定信息进行风险评估，为制定有针对性的风险管控策略提供参考。

关键词: 信息安全风险评估, D数理论, D数层次分析法, 灰色理论, 模糊偏好关系

Abstract: Fully considering the influence of uncertainty of evaluation information on evaluation results,an information security risk assessment method based on D-number Analytic Hierarchy Process(D-AHP) and grey theory is proposed.According to the relevant industry standards,the assets,threats,vulnerabilities and existing security measures of information system are identified,the evaluation index system is constructed,and the hierarchical structure model is established.The D-AHP method is used to calculate the influence weights of each index to solve the uncertainty problem of the evaluation information.In view of the grey characteristics of insufficient information resources in the evaluation process,the grey theory is used to solve the grey evaluation matrix.On this basis,the information security risk is assessed comprehensively and the assessment results are displayed intuitively.Analysis show that this method can use uncertain information for risk assessment and provide reference for formulating targeted risk management and control strategies.

Key words: information security risk assessment, D-number theory, D-number Analytic Hierarchy Process(D-AHP), grey theory, fuzzy preference relation

中图分类号:

TP309

许硕, 唐作其, 王鑫. 基于D-AHP与灰色理论的信息安全风险评估[J]. 计算机工程, 2019, 45(7): 194-202.

XU Shuo, TANG Zuoqi, WANG Xin. Information Security Risk Assessment Based on D-AHP and Grey Theory[J]. Computer Engineering, 2019, 45(7): 194-202.

http://www.ecice06.com/CN/Y2019/V45/I7/194

参考文献

[1] SHAMELI-SENDI A,AGHABABAEI-BARZEGAR R,CHERIET M.Taxonomy of information security risk assessment(ISRA)[J].Computer and Security,2016,57:14-30.
[2] AGRAWAL V.A comparative study on information security risk analysis methods[J].Journal of Computers,2012,12(1):57-67.
[3] FENG Nan,WANG H J,LI Mingqiang.A security risk analysis model for information systems:causal relation-ships of risk factors and vulnerability propagation analysis[J].Information Sciences,2014,256:57-73.
[4] YU Jingjie,HU Min,WANG Peng.Evaluation and reliability analysis of network security risk factors based on D-S evidence theory[J].Journal of Intelligent and Fuzzy Systems,2018,34(2):861-869.
[5] RODRIGUEZ A,ORTEGA F,CONCEPCCION R.A method for the evaluation of risk in IT projects[J].Expert Systems with Applications,2016,45(C):273-285.
[6] 赵刚,吴天水.结合灰色网络威胁分析的信息安全风险评估[J].清华大学学报(自然科学版),2013,53(2):1761-1767.
[7] 中国国家标准化管理委员会.信息安全技术信息安全风险评估规范:GB/T 20984-2007[S].北京,[出版者不详]:2007.
[8] DEMPSTER A.Upper and lower probabilities induced by a multivalued mapping[J].Annals of Mathematical Statistics,1967,38:325-329.
[9] DENG Y.D numbers:theory and applications[J].Journal of Information and Computational Science,2012,9(9):2421-2428.
[10] HUANG Xiaozhong,WANG Ningkai,WEI Daijun.Investment decision using D numbers[C]//Proceedings of 2016 Chinese Control and Decision Conference.Washington D.C.,USA:IEEE Press,2016:4164-4167.
[11] LIU Huchen,YOU Jianxin,FAN Xiaojun,et al.Failure mode and effects analysis using D numbers and grey relational projection method[J].Expert Systems with Applications,2014,41(10):4670-4679.
[12] DENG Xinyang,HU Yong,DENG Yong.Bridge condition assessment using D numbers[J].Scientific World Journal,2014(5):358057.
[13] FAN Zong,WANG Lifang.Evaluation of university scientific research ability based on the output of sci-tech papers:a D-AHP approach[J].PLoS One,2017,12(2):e0171437.
[14] FAN Guichao,ZHONG Denghua,YAN Fugen,et al.A hybrid fuzzy evaluation method for curtain grouting efficiency assessment based on an AHP method extended by D numbers[J].Expert Systems with Applications,2016,44(C):289-303.
[15] DENG Xinyang,HU Yong,DENG Yong.Supplier selection using AHP methodology extended by D numbers[J].Expert Systems with Applications,2014,41(1):156-167.
[16] 邓聚龙.灰理论基础[M].武汉:华中科技大学出版社,2002.
[17] DENG Xinyang,DENG Yong.D-AHP method with different credibility of information[J].Soft Computing,2019,23(2):683-691.

选择文件类型/文献管理软件名称

选择包含的内容

基于D-AHP与灰色理论的信息安全风险评估

Information Security Risk Assessment Based on D-AHP and Grey Theory

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 8

编辑推荐

Metrics

本文评价

[1]	许硕, 唐作其, 王鑫. 基于D-AHP与TOPSIS的突发事件应急管理能力评估[J]. 计算机工程, 2019, 45(10): 314-320.
[2]	黄玉洁,唐作其,梁静. 基于信息熵与三参数区间的信息安全风险评估[J]. 计算机工程, 2018, 44(12): 178-183.
[3]	谢道文, 施式亮. 基于灰色理论与线性回归的降雨量测点优选[J]. 计算机工程, 2012, 38(16): 31-34.
[4]	赵博夫, 殷肖川, 吴传芝. 基于灰色理论的攻击者攻击能力评估[J]. 计算机工程, 2011, 37(14): 114-117.
[5]	刘明生, 孙树静. 基于WNN和EGA的信息安全风险评估[J]. 计算机工程, 2010, 36(22): 125-128.
[6]	王春华;马国超;马苗. 基于目标提取的红外与可见光图像融合算法[J]. 计算机工程, 2010, 36(2): 197-200.
[7]	路杨;何欣;杜娟娟. 基于灰色理论的故障案例检索算法[J]. 计算机工程, 2008, 34(9): 28-29,3.
[8]	庞庆华. 基于灰色理论的软件系统人机界面综合评价模型[J]. 计算机工程, 2007, 33(18): 59-61,7.

模态框（Modal）标题

选择文件类型/文献管理软件名称

选择包含的内容

基于D-AHP与灰色理论的信息安全风险评估

Information Security Risk Assessment Based on D-AHP and Grey Theory

RichHTML

PDF

可视化

被引次数

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 8

编辑推荐

Metrics

本文评价