摘要
针对信息系统的安全风险评估问题,提出了一种将模糊理论与神经网络进行"浅层次"结合的评估方法。通过对信息系统所涉及的风险因素分别从资产影响、威胁频度、脆弱性严重程度三方面进行分析,建立了信息系统的安全风险层次化结构,并构造了各因素所对应评判集的隶属度矩阵;综合运用模糊推理算法与神经网络仿真技术,对信息系统的安全风险进行评估,进而判定信息系统安全风险等级。最后,通过实例分析说明了算法的应用,并借助误差分析检测了模型的有效性。
A risk assessment method was presented by combining fuzzy theory with artificial neural network to solve the problem of security risk assessment of information systems. The risk factors of information systems were classified into three aspects of the influence on asset, frequency of threat, and levels of survivability. Firstly, a model was established for evaluating the degrees of the information systems security risk, and the membership matrices for judgment set were presented. Then, the combinatorial neural network (NN) and fuzzy reasoning theory (FT) were applied to evaluating the security risk of information systems to obtain the final risk grade. Finally, a calculation example was used to show how the method works, and the error analysis was applied to detecting effectiveness and reliability of the model' performance.
出处
《海军工程大学学报》
CAS
北大核心
2010年第1期18-23,44,共7页
Journal of Naval University of Engineering
基金
国家自然科学基金资助项目(60774029)
关键词
信息系统
安全风险评估
模糊
神经网络
information systems
security risk assessment
fuzzy
neural network
