Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2016, Vol. 56 Issue (5): 517-521,529    DOI: 10.16511/j.cnki.qhdxxb.2016.25.010
  信息安全 本期目录 | 过刊浏览 | 高级检索 |
基于业务效能的信息系统安全态势指标
王丹琛1,2, 徐扬1, 李斌3, 何星星1
1. 西南交通大学 智能控制开发中心, 成都 610031;
2. 四川省信息安全测评中心, 成都 610017;
3. 中国信息安全测评中心, 北京 100085
Mixed-index information system security evaluation
WANG Danchen1,2, XU Yang1, LI Bin3, HE Xingxing1
1. Intelligent Control Development Center, Southwest Jiaotong University, Chengdu 610031, China;
2. Sichuan Information Security Testing Evaluation Center, Chengdu 610017, China;
3. China Information Technology Security Evaluation Center, Beijing 100085, China
全文: PDF(1005 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 为获取系统运行时安全态势的完整性, 在现有的信息安全态势评估指标体系中引入了业务效能指标, 提出了一种混合指标的信息系统安全态势评估方法。首先, 基于Q·S模型构建了系统业务效能指标体系, 其中包含实数型、区间型和语言型数据, 并通过BECM方法获得系统的业务效能指数; 其次, 针对系统的安全风险态势、稳定性态势等属性导致系统整体安全态势不确定性的问题应用格蕴涵代数的语言值综合评价模型, 对该文构建的指标体系进行评价, 得到了完整的信息系统安全态势; 最后, 通过示例证明提出的信息系统安全态势评估方法具有直观可信的态势评估结果, 有利于决策分析。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
王丹琛
徐扬
李斌
何星星
关键词 业务效能指数混合指标安全态势不可比较性语言值评价    
Abstract:A mixed-index evaluation method is given to evaluate the security of system operations using a business effectiveness index. The business effectiveness index was established in Q·S, with real type, interval data and language types using BECM. A complete information system security evaluation then uses a general consideration of both the business effectiveness index and other security indexes. The uncertainty of the overall system security due to incomparable attribute characteristics, such as the security risk and stable operating descriptions is improved by a comprehensive model to evaluate linguistic terms using lattice implication algebra. Examples demonstrate that this method gives intuitive, credible evaluations for decision analyse.
Key wordsbusiness effectiveness index    mixed-index    security situation    incomparability    linguistic evaluation
收稿日期: 2016-01-13      出版日期: 2016-05-15
ZTFLH:  TP393.08  
通讯作者: 徐扬, 教授, E-mail: xuyang@home.swjtu.edu.cn     E-mail: xuyang@home.swjtu.edu.cn
引用本文:   
王丹琛, 徐扬, 李斌, 何星星. 基于业务效能的信息系统安全态势指标[J]. 清华大学学报(自然科学版), 2016, 56(5): 517-521,529.
WANG Danchen, XU Yang, LI Bin, HE Xingxing. Mixed-index information system security evaluation. Journal of Tsinghua University(Science and Technology), 2016, 56(5): 517-521,529.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.25.010  或          http://jst.tsinghuajournals.com/CN/Y2016/V56/I5/517
  表1 业务效能指标体系
  图1 信息系统业务效能AHP模型
  图2 语言真值格蕴涵代数LV(n×2)的Hasse图
[1] Ulrik F, Joel B. Cyber situational awareness-A systematic review of the literature[J].Computer & Security, 2014,46:18-31.
[2] Endsley M R. Design and evaluation for situation awareness enhancement[C]//Proceedings of the Human Factors Society 32nd Annual Meeting. California:Human Factors & Ergonomics Society Meeting,1988:97-101.
[3] Endsley M R. Toward a theory of situation awareness in dynamic systems[J].Hum Factors Mar, 1995,37(1):32-64.
[4] Bass T, Gruber D. A glimpse into the future of ID[Z/OL]. (1999-11-16). http://www.usenix.org/publicaitons/login/1999-9/features/future.html.
[5] 龚正虎, 卓莹. 网络态势感知研究[J]. 软件学报, 2010,21(7):1605-1619. GONG Zhenghu, ZHUO Ying. Research on cyberspace situational awareness[J].Journal of Software, 2010,21(7):1605-1619.(in Chinese)
[6] Hall D, Llinas J. An introduction to multisensory data fusion[J].Proceedings of the IEEE, 1997,85(1):6-23.
[7] Klein G, Gnther H, Trber S. Modularizing cyber defense situational awareness-Technical integration before human understanding[J]. Computer Information, 2012,10:307-318.
[8] Yang S, Byers S, Holsopple J, et al. Intrusion activity projection for cyber situational awareness[C]//IEEE International Conference on Intelligence and Security Informatics. Taipei:Springer International Publishing, 2008:167-172.
[9] 王娟, 张凤荔, 傅翀, 等. 网络态势感知中的指标体系研究[J]. 计算机应用, 2007,27(8):1907-1912. WANG Juan, ZHANG Fengli, FU Chong, et al. Study on index system in network situation awareness[J].Journal of Computer Applications, 2007,27(8):1907-1912. (in Chinese)
[10] 蒋运承, 汤庸. 服务组合的质量估计模型[J]. 小型微型计算机系统, 2006,27(8):1519-1525. JIANG Yunchen, TANG Yong. Quality of service estimation model for service composition[J].Journal of Chinese Mini-Micro Computer Systems, 2006,27(8):1519-1525. (in Chinese)
[11] Liu Y, Ngu A H, Zeng L. Q·S computation and policing in dynamic web service selection[C]//Proceedings of the WWW'04. New York:ACM Press, 2004:42-53.
[12] Wang X, Vitvar T, Kerrigan M, et al. Synthetical evaluation of multiple qualities for service selection[C]//In:Asit D, Winfried L, eds. Proceedings of the ICSOC'06. LNCS 4294. Heidelberg:Springer-Verlag, 2006:152-162.
[13] Xu Y, Chen S W, Ma J. Linguistic truth-valued lattice implication algebra and its properties[C]//IMACS Multi Conference on Computational Engineering in System Application. Beijing:IEEE, 2006:1413-1418.
[14] Liu J, Xu Y, Ruan D, et al. A lattice-valued linguistic-based decision-making method[C]//2005 IEEE International Conference on Granular Computing. Beijing:IEEE, 2005:199-202.
[1] 杨宏宇, 张旭高, 吕伟力. 基于矩阵修正方法的信息系统安全态势评估模型[J]. 清华大学学报(自然科学版), 2020, 60(5): 393-401.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn