[1] BASIN D,DREIER J,HIRSCHI L,et al.A formal analysis of 5G authentication[C]//Proceedings of 2018 ACM SIGSAC Conference on Computer and Communications Security.New York,USA:ACM Press,2018:16-23. [2] LIU Caixia,HU Xinxin,LIU Shuxin,et al.Security analysis of 5G network EAP-AKA' protocol based on lowe classification[J].Journal of Electronics and Information Technology,2019,41(8):1800-1807.(in Chinese)刘彩霞,胡鑫鑫,刘树新,等.基于Lowe分类法的5G网络EAP-AKA'协议安全性分析[J].电子与信息学报,2019,41(8):1800-1807. [3] HUSSAIN S R,CHOWDHURY O,MEHNAZ S,et al.LTEInspector:a systematic approach for adversarial testing of 4G LTE[C]//Proceedings of 2018 Network and Dis-tributed System Security Symposium.Washington D.C.,USA:IEEE Press,2018:156-169. [4] HOLM H,SOMMESTAD T,ALMROTH J,et al.A quantitative evaluation of vulnerability scanning[J].Information Management & Computer Security,2011,19(4):231-247. [5] CHEN Qixiang.Information security risk assessment method for control system of wind power plant[J].Electronics World,2020(1):42-43,46.(in Chinese)陈其祥.一种风电厂控制系统信息安全风险评估方法[J].电子世界,2020(1):42-43,46. [6] ZHANG Wanqiao,YANG Qing.LTE redirection:forcing targeted LTE cellphone into unsafe network[EB/OL].[2019-12-25].https://ruxcon.org.au/assets/2016/slides/LTE_Redirection_Ruxcon.pdf. [7] MJØLSNES S F,OLIMID R F.Easy 4G/LTE IMSI catchers for non-programmers[M].Berlin,Germany:Springer,2017. [8] HONG B,BAE S,KIM Y.GUTI reallocation demystified:cellular location tracking with changing temporary identifier[C]//Proceedings of 2018 Network and Distributed System Security Symposium.Washington D.C.,USA:IEEE Press,2018:25-36. [9] RUPPRECHT D,KOHLS K,HOLZ T,et al.Breaking LTE on layer two[C]//Proceedings of 2019 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2019:123-156. [10] KIM H,LEE J,LEE E,et al.Touching the untouchables:dynamic security analysis of the LTE control plane[C]//Proceedings of 2019 IEEE Symposium on Security and Privacy.Washington D.C.,USA:IEEE Press,2019:1153-1168. [11] VESELY W E,GOLDBERG F F,ROBERTS N H,et al.Fault tree handbook[EB/OL].[2019-12-25].https://www.nrc.gov/docs/ML1007/ML100780465.pdf. [12] SCHNEIER B.Attack trees[J].Doctor Dobbs Journal,1999,24(12):21-29. [13] LIU Wenyan,HUO Shumin,TONG Qing,et al.Research on network security evaluation and analysis model[J].Chinese Journal of Network and Information Security,2018,4(4):1-11.(in Chinese)刘文彦,霍树民,仝青,等.网络安全评估与分析模型研究[J].网络与信息安全学报,2018,4(4):1-11. [14] DU S G,ZHU H J.Security assessment via attack tree model[M]//DU Suguo,ZHU Haojin.Security assess-ment in vehicular networks.Berlin,Germany:Springer,2013:9-16. [15] CHEN Yanhong,OU Yuyi,LING Jie.An improved trojan horse detection method based on extended attack tree model[J].Computer Applications and Software,2016,33(8):308-311.(in Chinese)陈燕红,欧毓毅,凌捷.一种改进的基于扩展攻击树模型的木马检测方法[J].计算机应用与软件,2016,33(8):308-311. [16] HERNAN S,LAMBERT S,OSTWALD T,et al.Uncover security design flaws using the STRIDE approach(2006)[EB/OL].[2019-12-25].http://msdn.microsoft.com/en-gb/magazine/cc163519. [17] FAN Hong.Understanding and implementation of national standards for information security risk assessment[M].Beijing:China Standard Press,2008.(in Chinese)范红.信息安全风险评估规范国家标准理解与实施[M].北京:中国标准出版社,2008. [18] BULDAS A,LAUD P,PRⅡSALU J,et al.Rational choice of security measures via multi-parameter attack trees[M].Berlin,Germany:Springer,2006. [19] MATEO J R S C.Multi-attribute utility theory[M].Berlin,Germany:Springer,2012. [20] GAN Zaobin,WU Ping,LU Songfeng,et al.Risk assessment of information system security based on extended attack tree[J].Application Research of Computers,2007,24(11):153-156.(in Chinese)甘早斌,吴平,路松峰,等.基于扩展攻击树的信息系统安全风险评估[J].计算机应用研究,2007,24(11):153-156. [21] HE Mingliang,CHEN Zemao,LONG Xiaodong.Improvement of attack tree model based on analytic hierarchy process[J].Application Research of Computers,2016,33(12):3755-3758.(in Chinese)何明亮,陈泽茂,龙小东.一种基于层次分析法的攻击树模型改进[J].计算机应用研究,2016,33(12):3755-3758. [22] CHAN H K,WANG X J.Fuzzy hierarchical model for risk assessment[M].Berlin,Germany:Springer,2013. [23] FU Y,WU X P,YE Q.Approach for information systems security situation evaluation using improved FAHP and Bayesian network[J].Journal on Communications,2009,30(9):135-140. [24] TAYLAN O,BAFAIL A O,ABDULAAL R M S,et al.Construction projects selection and risk assessment by fuzzy AHP and fuzzy TOPSIS methodologies[J].Applied Soft Computing,2014,17:105-116. [25] ZHANG Jijun.Fuzzy Analytic Hierarchy Process(FAHP)[J].Fuzzy Systems and Mathematics,2000,14(2):80-88.(in Chinese)张吉军.模糊层次分析法(FAHP)[J].模糊系统与数学,2000,14(2):80-88. [26] TAO Yuhui.How to construct fuzzy consistent judgment matrix in fuzzy analytic hierarchy process[J].Journal of Sichuan Normal University(Natural Science),2002,23(3):282-285.(in Chinese)陶余会.如何构造模糊层次分析法中模糊一致判断矩阵[J].四川师范学院学报(自然科学版),2002,23(3):282-285. [27] SONG Guangxing,YANG Deli.Consistency check and improvement method of fuzzy judgment matrix[J].Systems Engineering,2003,21(1):110-116.(in Chinese)宋光兴,杨德礼.模糊判断矩阵的一致性检验及一致性改进方法[J].系统工程,2003,21(1):110-116. [28] GEER D,HOO K S,JAQUITH A.Information security:why the future belongs to the quants[J].IEEE Security & Privacy,2003,1(4):24-32. [29] LÜ Zongping,QI Wei,GU Zhaojun.Attack tree model based on fuzzy analytic hierarchy proces[J].Computer Engineering and Design,2018,39(6):1501-1505,1515.(in Chinese)吕宗平,戚威,顾兆军.基于模糊层次分析法的攻击树模型[J].计算机工程与设计,2018,39(6):1501-1505,1515. |