计算机科学 ›› 2018, Vol. 45 ›› Issue (12): 98-103.doi: 10.11896/j.issn.1002-137X.2018.12.015
冷强, 杨英杰, 胡浩
LENG Qiang, YANG Ying-jie, HU Hao
摘要: 信息资产评估是信息安全风险评估技术重要的研究内容之一。目前,其在资产评估中主要采用专家评估与专家权重相结合的评估量化方法,然而该方法在实际应用中却面临如何科学确定专家权重以降低偏差较大评估意见对整体评估结果影响的问题。针对该问题,提出了一种基于专家偏离度的权重自适应调整评估方法,能够合理地减小专家主观性给出的异常评估值对评估的影响。最后实现算法并通过实验验证算法的有效性。结果表明该方法能够合理减小异常评估值对评估的影响。
中图分类号:
[1]Information Technology-Guidelines for the Management of ItSecurity -Part 2:Managing and Planning IT Security:ISO/IEC TR 13335-2(1997)[S].New York:Information Technology Task Force,1998. [2]China National Standarization Administration Commission.Information Security Technology Information Security Risk Assessment Standard:GB/T20984-2007[S].BeiJing:China Stan-dards Press,2007.(in Chinese) 中国国家标准化管理委员会.信息安全技术信息安全风险评估规范:GB/T20984-2007[S].北京:中国标准出版社,2007. [3]STEVEN N,SUSHIL J,LINGYU W,et al.Measuring Security Risk of Networks Using Attack Graphs[J].International Journal of Next-Generation Computing,2010,1(1):135-147. [4]MOHAMMED A,MARTIN R.Attack Graph-Based Risk Assessment and Optimisation Approach[J].International Journal of Network Security & Its Applications,2014,6(3):31-43. [5]LI X,WANG C Y,WANG S J,et al.Construct Principles and Assessment Method of Index System[J].Mathematics in Practice and Theory,2012,42(20):69-74. [6]FU Y,WU X P,YE Q.Approach for information sysytems security situation evaluation using improved FAHP and Baysian network[J].Journal on Communications,2009,30(9):135-140.(in Chinese) 付钰,吴晓平,叶清.基于改进FAHP-BN的信息系统安全态势评估方法[J].通信学报,2009,30(9):135-140. [7]WU Z B,XU J P.Possibility distribution-based approach forMAGDM with hesitant fuzzy linguistic information[J].IEEE Transactions on Cybernetics,2016,46(3):694-705. [8]DUBOIS D,PRADE H.Bridging gaps between several forms of granular computing[J].Granular Computing,2016,1(2),115-126. [9]MENDEL J M.A comparison of three approaches for estimating (synthesizing) an interval type-2 fuzzy set model of a linguistic term for computing with words[J].Granular Computing,2016,1(1):59-69. [10]WANG D C,XU Y,LI B,et al.Mixed-index information system security evaluation[J].Journal of TsinghuaUniversity(Science &Technology),2016,56(5):517-521,529.(in Chinese) 王丹琛,徐扬,李彬,等.基于业务效能的信息系统安全态势指标[J].清华大学学报(自然科学版),2016,56(5):517-521,529. [11]WANG J D,ZHANG H W,WANG N,et al.Information System Security Risk Assessment and Defense Decision-making[M].Beijing:National Defense Industry Press,2017:139-161.(in Chinese) 王晋东,张恒巍,王娜,等.信息系统安全风险评估与防御决策[M].北京:国防工业出版社,2017:139-161. [12]LEE K C,HSIEH C H,WEI L J,et al.Sec-Buzzer:cyber security emerging topic mining with open threat intelligence retrieval and timeline event annotation(Soft Comput)[EB/OL].https://doi.org/10.1007/s00500-016-2265-0. [13]LIU A Y,WEI F J.The Study on the Method of Weight Determination of the Experts on the Evaluation of Language[J].Chinese Journal of Management Science,2011,19(6):149-155.(in Chinese) 刘安英,魏法杰.基于改进语言评估标度的专家后验权重确定方法研究[J].中国管理科学,2011,19(6):149-155. [14]TIAN X H.Research on Extended Model for Multiple Attribute Decision Making Based on Fuzzy Information[D].Dalian:Dalian Maritime University,2015.(in Chinese) 田晓娟.基于模糊信息的多属性决策扩展模型研究[D].大连:大连海事大学,2015. [15]WANG Y M,XU N R.The Optimal Transitive Matrix Method of Group Comparison Matrices and Weight Vectors[J].System Engineering Theory and Practice,1991,11(4):70-74.(in Chinese) 王应明,徐南荣.群体判断矩阵及权向量的最优传递矩阵求法[J].系统工程理论与实践,1991,11(4):70-74. [16]XU Z S,WEI C P.A consistency improving method in the Analytic Hierarchy Poress[J].Ewopean Journal of Operational Research,1999,116(2):443-449. [17]GAO Y,LUO X X,HU Y.Research on methods for deriving experts’ weights based on judgment matrix and cluster analysis[J].System Engineering and Electronics,2009,31(3):593-596.(in Chinese) 高阳,罗贤新,胡颖.基于判断矩阵的专家聚类赋权研究[J].系统工程与电子技术,2009,31(3):593-596. [18]LI L,LIU Y Q,LI S G.New Method for Determining the Obiective Weight of Decision Makers in Group Decision Based on Judgment Matrix and Cluster Analysis[J].Operations Research and Management Science,2011,20(4):77-81.(in Chinese) 李琳,刘雅奇,李双刚.一种群决策专家客观权重确定的改进方法[J].运筹与管理,2011,20(4):77-81. |
[1] | 刘凯祥, 谢永芳, 陈新, 吕飞, 刘俊矫. 基于DTMC的工业串行协议状态检测算法 Industrial Serial Protocol State Detection Algorithm Based on DTMC 计算机科学, 2022, 49(3): 301-307. https://doi.org/10.11896/jsjkx.210200078 |
[2] | 辜双佳, 刘万平, 黄东. 基于AES和QR的快递信息加密应用 Application of Express Information Encryption Based on AES and QR 计算机科学, 2021, 48(11A): 588-591. https://doi.org/10.11896/jsjkx.210100024 |
[3] | 金会芳, 吕宗旺, 甄彤. 基于物联网+区块链的粮食供应链金融的新模式研究 Study on New Model of Food Supply Chain Finance Based on Internet of Things+Blockchain 计算机科学, 2020, 47(11A): 604-608. https://doi.org/10.11896/jsjkx.200300140 |
[4] | 李斌, 周清雷, 斯雪明, 陈晓杰. 基于FPGA集群的Office口令恢复优化实现 Optimized Implementation of Office Password Recovery Based on FPGA Cluster 计算机科学, 2020, 47(11): 32-41. https://doi.org/10.11896/jsjkx.200500040 |
[5] | 孙连山,欧阳晓通,徐艳艳,王艺星. 面向间接依赖的数据起源过滤方法 Novel Sanitization Approach for Indirect Dependencies in Provenance Graph 计算机科学, 2019, 46(3): 164-169. https://doi.org/10.11896/j.issn.1002-137X.2019.03.025 |
[6] | 王辉, 周明明. 基于区块链的医疗信息安全存储模型 Medical Information Security Storage Model Based on Blockchain Technology 计算机科学, 2019, 46(12): 174-179. https://doi.org/10.11896/jsjkx.181102034 |
[7] | 詹雄, 郭昊, 何小芸, 刘周斌, 孙学洁, 陈红松. 国家电网边缘计算信息系统安全风险评估方法研究 Research on Security Risk Assessment Method of State Grid Edge Computing Information System 计算机科学, 2019, 46(11A): 428-432. |
[8] | 周艺华, 张冰, 杨宇光, 侍伟敏. 基于聚类的社交网络隐私保护方法 Cluster-based Social Network Privacy Protection Method 计算机科学, 2019, 46(10): 154-160. https://doi.org/10.11896/jsjkx.180901749 |
[9] | 丁庆洋,王秀利,朱建明,宋彪. 基于区块链的信息物理融合系统的信息安全保护框架 Information Security Framework Based on Blockchain for Cyber-physics System 计算机科学, 2018, 45(2): 32-39. https://doi.org/10.11896/j.issn.1002-137X.2018.02.006 |
[10] | 杜行舟, 张凯, 江坤, 马昊伯. 基于区块链的数字化指挥控制系统信息传输与追溯模式研究 Research on Blockchain-based Information Transmission and Tracing Pattern in Digitized Command-and-Control System 计算机科学, 2018, 45(11A): 576-579. |
[11] | 董贵山, 陈宇翔, 张兆雷, 白健, 郝尧. 基于区块链的身份管理认证研究 Research on Identity Management Authentication Based on Blockchain 计算机科学, 2018, 45(11): 52-59. https://doi.org/10.11896/j.issn.1002-137X.2018.11.006 |
[12] | 丁立彤,范九伦,刘意先. 基于灰色聚类的系统群安全评估方法 Method of Safety Evaluation for System Group Based on Grey Clustering 计算机科学, 2017, 44(Z11): 372-376. https://doi.org/10.11896/j.issn.1002-137X.2017.11A.078 |
[13] | 张亮亮,张翌维,梁洁,孙瑞一,王新安. 新量子技术时代下的信息安全 Information Security in New Quantum Technology Age 计算机科学, 2017, 44(7): 1-7. https://doi.org/10.11896/j.issn.1002-137X.2017.07.001 |
[14] | 张莉,栗青生,刘泉. 一种云端信息安全字形的生成模型 Chinese Character Generation Model for Cloud Information Security 计算机科学, 2016, 43(Z11): 417-421. https://doi.org/10.11896/j.issn.1002-137X.2016.11A.095 |
[15] | 齐法制,孙智慧. 基于特征阈值的恶意代码快速分析方法 Rapid Analysis Method of Malicious Code Based on Feature Threshold 计算机科学, 2016, 43(Z11): 342-345. https://doi.org/10.11896/j.issn.1002-137X.2016.11A.079 |
|