摘要
针对信息系统安全态势评估中安全风险等级确定问题,提出了一种利用改进的模糊层次分析法(FAHP)和贝叶斯网络推理评估安全态势的方法。采用改进的FAHP,解决了评估中难以衡量的攻击严重性因素的量化问题;同时,结合专家知识定义了推理规则下各因素的条件概率矩阵,进而建立了态势评估的贝叶斯网络推理模型,并给出了基于此模型的评估方法。实例分析表明,该方法合理有效,可为信息系统安全态势评估提供一种新思路。
An approach for the information systems security situation assessment based on an improved FAHP and Bayesian network was proposed to solve the problem of obtaining the risk grade. The improved FAHP was used to quantify the factor of attack severity which was hard to scale. Simultaneously, the conditional probability matrices for all factors were defined with the expert knowledge. Then a model for information security situation assessment was established by the Bayesian network inference, and the corresponding approach was presented. Finally, an illustrative instance was given to demonstrate its rationality and feasibility. Thus it may provide a new way for assessing information systems security situation.
出处
《通信学报》
EI
CSCD
北大核心
2009年第9期135-140,共6页
Journal on Communications
基金
国家自然科学基金资助项目(60774029)~~