Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2020, Vol. 60 Issue (5): 393-401    DOI: 10.16511/j.cnki.qhdxxb.2020.25.009
  专题:漏洞分析与风险评估 本期目录 | 过刊浏览 | 高级检索 |
基于矩阵修正方法的信息系统安全态势评估模型
杨宏宇1, 张旭高1, 吕伟力2
1. 中国民航大学 计算机科学与技术学院, 天津 300300;
2. 中国石油天然气股份有限公司 管道长春输油气分公司, 长春 130000
Matrix correction method based information system security assessment model
YANG Hongyu1, ZHANG Xugao1, LU Weili2
1. School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China;
2. Pipeline Changchun Transmission and Oil Company, China National Petroleum Corporation, Changchun 130000, China
全文: PDF(2171 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 针对现有信息系统安全态势评估方法准确性受专家评价偏好影响的问题,该文提出一种基于矩阵修正方法(matrix correction method,MCM)的信息系统安全态势评估模型(information system security situation assessment model,ISSSAM)。首先,在建立系统安全态势评估指标体系的基础上,修正反映指标间相对重要程度的区间判断矩阵,以提高指标层权重向量的客观性。其次,通过熵权隶属云量化计算准则层与目标层安全态势指标,并对系统的安全态势等级定级。最后,通过对国内某离港控制系统(departure control system,DCS)的评估实验,验证了本模型的有效性。实验结果表明:本模型的评估稳定性优于熵权系数法和传统层次分析法(analytic hierarchy process,AHP)。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
杨宏宇
张旭高
吕伟力
关键词 安全态势指标体系区间判断矩阵熵权隶属云    
Abstract:The accuracy of existing information system security assessments is affected by the expert evaluation preferences. This paper presents a matrix correction method (MCM) based on information system security situation assessment model (ISSSAM). The system uses a modified interval number judgment matrix to reflect the relative importance of various indicators to improve the objectivity of the indicator layer weight vector. Then, an entropy weight based cloud is used to quantify the criterion layer and the target layer security situation index to grade the system security level. Tests on a departure control system (DCS) verify the model validity and demonstrate that the evaluation stability of this model is better than the entropy weight coefficient method and the traditional analytic hierarchy process (AHP).
Key wordssecurity situation    index system    interval number judgment matrix    entropy weight based cloud
收稿日期: 2019-08-15      出版日期: 2020-04-26
引用本文:   
杨宏宇, 张旭高, 吕伟力. 基于矩阵修正方法的信息系统安全态势评估模型[J]. 清华大学学报(自然科学版), 2020, 60(5): 393-401.
YANG Hongyu, ZHANG Xugao, LU Weili. Matrix correction method based information system security assessment model. Journal of Tsinghua University(Science and Technology), 2020, 60(5): 393-401.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2020.25.009  或          http://jst.tsinghuajournals.com/CN/Y2020/V60/I5/393
  
  
  
  
  
  
  
  
  
  
  
  
  
  
[1] 曲向华, 史雪梅. 基于层次分析法的网络安全态势评估技术研究[J]. 自动化技术与应用, 2018, 37(11):43-45, 50.QU X H, SHI X M. Research of network security situation assessment based on AHP[J]. Techniques of Automation and Applications, 2018, 37(11):43-45, 50. (in Chinese)
[2] 付钰, 吴晓平, 叶清, 等. 基于模糊集与熵权理论的信息系统安全风险评估研究[J]. 电子学报, 2010, 38(7):1489-1494.FU Y, WU X P, YE Q, et al. An approach for information systems security risk assessment on fuzzy set and entropy-weight[J]. Acta Electronica Sinica, 2010, 38(7):1489-1494. (in Chinese)
[3] LUO H S, SHEN Y J, ZHANG G D, et al. Information security risk assessment based on two stages decision model with grey synthetic measure[C]//Proceedings of the 6th IEEE International Conference on Software Engineering and Service Science. Beijing, China:IEEE, 2015:795-798.
[4] 席荣荣, 云晓春, 张永铮, 等. 一种改进的网络安全态势量化评估方法[J]. 计算机学报, 2015, 38(4):749-758.XI R R, YUN X C, ZHANG Y Z, et al. An improved quantitative evaluation method for network security[J]. Chinese Journal of Computers, 2015, 38(4):749-758. (in Chinese)
[5] SHU F, LI M, CHEN S T, et al. Research on network security protection system based on dynamic modeling[C]//2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). Chengdu, China:IEEE Press, 2017:1602-1605.
[6] HEMANIDHI A, CHIMMANEE S, SANGUANSAT P. Network risk evaluation from security metric of vulnerability detection tools[C]//TENCON 2014-2014 IEEE Region 10 Conference. Bangkok, Thailand:IEEE Press, 2014:1-6.
[7] EOM J H, PARK S H, HAN Y J, et al. Risk assessment method based on business process-oriented asset evaluation for information system security[C]//Proceedings of the 7th International Conference on Computational Science. Beijing, China:Springer-Verlag, 2007:1024-1031.
[8] RIMSHA A S, ZAKHAROV A A. Method for risk assesment of industrial networks' information security of gas producing enterprise[C]//2018 Global Smart Industry Conference. Chelyabinsk, Russia:IEEE Press, 2018:1-5.
[9] 中华人民共和国国家质量监督检验检疫总局, 中国国家标准化管理委员会. 信息安全技术信息系统安全等级保护定级指南:GB/T 22240-2008[S]. 北京:中国标准出版社, 2008.General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China. Information security technology-classification guide for classified protection of information systems security:GB/T 22240-2008[S]. Beijing:Standards Press of China, 2008. (in Chinese)
[10] 成翔. 信息系统安全态势评估与基于业务流程的风险控制方法[D]. 天津:中国民航大学, 2016.CHENG X. Information system security situation assessment and risk control method based on operation-flow[D]. Tianjin:Civil Aviation University of China, 2016. (in Chinese)
[11] 朱建军, 刘士新, 王梦光. 一种新的求解区间数判断矩阵权重的方法[J]. 系统工程理论与实践, 2005, 25(4):29-34, 54.ZHU J J, LIU S X, WANG M G. Novel weight approach for interval numbers comparison matrix in the analytic hierarchy process[J]. Systems Engineering-Theory & Practice, 2005, 25(4):29-34, 54. (in Chinese)
[12] 李德毅, 孟海军, 史雪梅. 隶属云和隶属云发生器[J]. 计算机研究与发展, 1995, 32(6):15-20.LI D Y, MENG H J, SHI X M. Membership clouds and membership cloud generators[J]. Journal of Computer Research and Development, 1995, 32(6):15-20. (in Chinese)
[13] 冯增辉, 张金成, 张凯, 等. 基于云重心评判的战场态势评估方法[J]. 火力与指挥控制, 2011, 36(3):13-15.FENG Z H, ZHANG J C, ZHANG K, et al. Techniques for battlefield situation assessment based on cloud-gravity-center assessing[J]. Fire Control & Command Control, 2011, 36(3):13-15. (in Chinese)
[14] 李志伟. 信息系统风险评估及风险管理对策研究[D]. 北京:北京交通大学, 2010.LI Z W. The study on the information system risk assessment and management countermeasure[D]. Beijing:Beijing Jiaotong University, 2010. (in Chinese)
[15] 李耀波. SD核电工程管理信息系统分析与设计[D]. 济南:山东大学, 2013.LI Y B. Analysis and design of MIS (management information system) on nuclear power construction of SD[D]. Jinan:Shandong University, 2013. (in Chinese)
[16] 赵冬梅, 张玉清, 马建峰. 熵权系数法应用于网络安全的模糊风险评估[J]. 计算机工程, 2004, 30(18):21-23.ZHAO D M, ZHANG Y Q, MA J F. Fuzzy risk assessment of entropy-weight coefficient method applied in network security[J]. Computer Engineering, 2004, 30(18):21-23. (in Chinese)
[1] 李聪, 鲁一霏, 陈辰, 徐子烜, 杨锐. 城镇燃气管网事故应急救援特征分析及救援能力评估[J]. 清华大学学报(自然科学版), 2023, 63(10): 1537-1547.
[2] 马壮林, 高阳, 胡大伟, 王晋, 马飞, 熊英. 城市群绿色交通水平测度与时空演化特征实证研究[J]. 清华大学学报(自然科学版), 2022, 62(7): 1236-1250.
[3] 王丹琛, 徐扬, 李斌, 何星星. 基于业务效能的信息系统安全态势指标[J]. 清华大学学报(自然科学版), 2016, 56(5): 517-521,529.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn