检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:任秋洁 潘刚 白永强 米士超 Ren Qiujie;Pan Gang;Bai Yongqiang;Mi Shichao(Luoyang Institute of Science and Technology,Luoyang 471000,China;Luoyang Electronic Equipment Test Center of China,Luoyang 471003,China)
机构地区:[1]洛阳理工学院,河南洛阳471000 [2]洛阳电子装备试验中心,河南洛阳471003
出 处:《电子技术应用》2018年第8期113-117,共5页Application of Electronic Technique
基 金:国家自然科学基金(61372039);洛阳理工学院青年基金(2017QZ05)
摘 要:为进一步提高信息系统安全风险评估结果的准确性和可用性,降低主观因素的影响,以模糊层次分析法和攻击树模型为基础,对信息系统的安全风险进行评估。首先,采用攻击树模型描述系统可能遭受的攻击;其次,假定各叶节点具有不同的安全属性,采用模糊层次分析法求解各安全属性的权值,为降低专家评分的主观因素影响,假定各属性得分为区间变量,建立基于区间变量的属性概率发生模型。最后,采用实例进行分析验证,结果表明该方法不仅进一步降低了风险评估时主观因素的影响,且思路清晰,方法简单,具有较强的通用性和工程应用价值。In order to improve the accuracy and serviceability of information system security risk assessment and reduce the impact of subjective factors in risk assessment, based on fuzzy analytic hierarchy process and attack tree model, the security risk of infor-mation system is evaluated. Firstly, the attack tree model is used to describe the possible attack path. And then, the attack proba-bility is calculated, assuming that each leaf node has different security properties. Fuzzy AHP method is adopted to solve the secu-rity attribute weights. To reduce the influence of subjective factors during expert scoring, assuming that attribute scores are interval variables, an attribute probability generation model based on interval variables is established. Finally, an example is used to verify the analysis. It shows that this method not only reduces the influence of subjective factors in risk assessment, but also has clear thinking and simple methods. It has versatility and engineering application value.
分 类 号:TP309.2[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145