作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2019, Vol. 45 ›› Issue (7): 194-202. doi: 10.19678/j.issn.1000-3428.0052209

• 安全技术 • 上一篇    下一篇

基于D-AHP与灰色理论的信息安全风险评估

许硕, 唐作其, 王鑫   

  1. 贵州大学 计算机科学与技术学院, 贵阳 550025
  • 收稿日期:2018-07-25 修回日期:2018-08-30 出版日期:2019-07-15 发布日期:2019-07-23
  • 作者简介:许硕(1993-),男,硕士研究生,主研方向为信息安全;唐作其(通信作者),副教授;王鑫,硕士研究生。
  • 基金资助:
    贵州省科技计划项目(黔科合平台人才[2018]5616);贵州大学青年教师科研基金项目(贵大青合字(2013)01号)。

Information Security Risk Assessment Based on D-AHP and Grey Theory

XU Shuo, TANG Zuoqi, WANG Xin   

  1. College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
  • Received:2018-07-25 Revised:2018-08-30 Online:2019-07-15 Published:2019-07-23

摘要: 充分考虑评估信息不确定性对评估结果的影响,提出一种基于D数层次分析法(D-AHP)与灰色理论的信息安全风险评估方法。根据相关行业标准识别信息系统的资产、威胁、脆弱性及已有安全措施,构建评估指标体系并建立层次化结构模型。使用D-AHP方法求解各指标的影响权重,以解决评估信息不确定性问题。针对评估过程中信息资源不足的灰性特征,运用灰色理论求解灰色评价矩阵。在此基础上,对信息安全风险进行综合评估并直观显示评估结果。分析表明,该方法可利用不确定信息进行风险评估,为制定有针对性的风险管控策略提供参考。

关键词: 信息安全风险评估, D数理论, D数层次分析法, 灰色理论, 模糊偏好关系

Abstract: Fully considering the influence of uncertainty of evaluation information on evaluation results,an information security risk assessment method based on D-number Analytic Hierarchy Process(D-AHP) and grey theory is proposed.According to the relevant industry standards,the assets,threats,vulnerabilities and existing security measures of information system are identified,the evaluation index system is constructed,and the hierarchical structure model is established.The D-AHP method is used to calculate the influence weights of each index to solve the uncertainty problem of the evaluation information.In view of the grey characteristics of insufficient information resources in the evaluation process,the grey theory is used to solve the grey evaluation matrix.On this basis,the information security risk is assessed comprehensively and the assessment results are displayed intuitively.Analysis show that this method can use uncertain information for risk assessment and provide reference for formulating targeted risk management and control strategies.

Key words: information security risk assessment, D-number theory, D-number Analytic Hierarchy Process(D-AHP), grey theory, fuzzy preference relation

中图分类号: