期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

结合OCTAVE和灰色系统的信息安全风险评估方法 被引量:1

Algorithm of Information Security Risk Evaluation Based on OCTAVE and Grey System
下载PDF
导出
摘要 为提高评估准确性,提出一种定性和定量结合的评估算法.在数据收集阶段采用可操作的关键威胁、资产、弱点评估(OCTAVE)方法,从企业中不同阶层成员的视角出发,定义需要评估的资产范围,并进行管理脆弱性与技术脆弱性评估.在定量计算部分,利用灰色系统理论,在对指标进行归一化处理后,利用三角白化权函数计算其隶属度,从而确定风险等级.实验结果表明,本文方法可有效提高信息安全风险评估的准确性,并具较好的实用推广价值. To make sure the assessment accuracy,an efficient algorithm with qualitative analysis and quantify calculate is described.To collect the data,the algorithm chooses the operationally critical threat,asset and vulnerability evaluation(OCTAVE) method,defining the assets which need to be assessed,evaluating the administrant and technical vulnerabilities.To calculate the risk,grey theory is chosen,and triangular whiten weight function is used to compute the membership degrees,the risk level is then determined. This valuable method can be used in practical operations of information security risk assessment.
作者 王晓箴 卢志刚 刘宝旭
机构地区 中国科学院高能物理研究所计算中心 中国科学院研究生院
出处 《北京邮电大学学报》 EI CAS CSCD 北大核心 2009年第5期128-131,共4页 Journal of Beijing University of Posts and Telecommunications
基金 海南省自然科学基金项目(80639) 国家高技术研究与发展计划项目(2006AA01Z410) 国家科技支撑计划重点项目(2009BAH521306) 北京市自然科学基金面上项目(4072010)
关键词 风险评估 灰色系统 归一化方法 risk evaluation grey system normalization method
分类号 TN911.22 [电子电信—通信与信息系统]
  • 相关文献

参考文献9

  • 1Alberts C, Dorofree A. OCTAVE [ SM ] method implementation guide [ EB/OL ]. Carnegie Mellon. Carnegie Mellon Software Engineering Instititute, 2001 [ 2008-12- 10]. http: //www. cert. org/octave/octavemethod, html.
  • 2Alberts C, Dorofee A. Managing information security risks: the OCTAVE[ SM] approach [ M ]. Boston: Addison-Wesley, 2003.
  • 3中华人民共和国.GB/T17859-1999,计算机信息系统安全保护等级划分准则[S].1999:1-5.
  • 4Schechter S E. Toward econometric models of the security risk from remote attacks[J]. IEEE Security and Privacy, 2005, 3(1): 40-44.
  • 5Sun Yijian, Huang Rufu. Fuzzy set-based risk evaluation model for real estate projects [J ]. Tsinghua Science and Technology, 2008(1) : 158-164.
  • 6孙有发,陈世权,吴今培,刘永清,张超,马强.基于集值统计的模糊神经网络专家系统及其应用[J].模糊系统与数学,2001,15(2):97-101. 被引量:15
  • 7Butler S A, Fischbeck P. Multi-attribute risk assessment, technical report CMD-CS-01-169[R]. Carnegie Mellon University. Carnegie Mellon University, 2001.
  • 8Liu Sifeng, Shi Bin. An evaluation system on development of science and technology park [ C ] // Proceedings of Asia Pacific Regional Workshop on Science and Technology Park Development. Jakarta: UNESCO, 2007: 46-58.
  • 9Wu Shunxiang, Li Maoqing. The method of data preprocessing in grey information systems [ C ]//CARCV'06. Singapore: [s.n. ], 2006: 1-4.

二级参考文献8

共引文献14

同被引文献12

  • 1LI Tao.An immunity based network security risk estimation[J].Science in China(Series F),2005,48(5):557-578. 被引量:30
  • 2Visintine V. An introduction to information risk assessment[J]. SANS Institute Journal, 2003, 8 (5) : 101- 118.
  • 3Chu C K, Chu M. An integrated framework for the assessment of network operations, reliability, and security [J]. Bell Labs Technical Journal, 2004, 8(4): 133- 152.
  • 4Glickman M, Balthrop J, Forrest S. A machine learning evaluation of an artificial immune system [ J ]. Evolut Comput, 2008, 13(2): 179-212.
  • 5Matzinger P. Danger model: a renewed sense of self[J]. Science, 2004, 296(5566): 301-305.
  • 6Zhou Ji, Dasgupta D. Revisiting negative selection algorithm[J]. Evolutionary Computation Journal, 2007, 15 (2) : 123-139.
  • 7Dasgupta D. Advances in artificial immune system [ J ]. IEEE Comp Intel Mag, 2008, 11(4) : 4-9.
  • 8Kim J, Bentley P. Immune memory and gene library evolution in dynamical clone selection algorithm [ J ]. Journal of Genetic Programming and Evolvable Ma- chines, 2008, 5(4) : 361-391.
  • 9University of California. KDDLib [ EB/OL ]. (2009-03- 02) [ 2009-07-16 ]. http://kdd. ics. uci. edu/databases/kddcup99. html.
  • 10彭凌西,陈月峰,刘才铭,曾金全,刘孙俊,赵辉.基于危险理论的网络风险评估模型[J].电子科技大学学报,2007,36(6):1198-1201. 被引量:12

引证文献1

二级引证文献6

北京邮电大学学报
2009年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部