摘要
针对军用互联网系统遭受日益增多的网络攻击问题,以军用互联网的安全目标(可用性、完整性、机密性)为原则,构建单个资产信息安全风险评估指标体系。首先结合系统脆弱性衡量单个资产安全风险,并利用加权平均法量化单个资产综合风险;然后引入信息熵衡量单个资产综合风险在信息系统的影响程度,计算军用互联网系统在物理环境、网络安全、主机系统、应用系统、数据安全等五个维度的风险值;最后采用AHP确定五个维度风险在军用互联网信息安全中的影响程度,实现军用互联网综合风险的衡量。通过搭建攻防仿真平台对多种攻击行为进行仿真,结果表明提出的方法有助于军用互联网信息安全风险评估标准的制定。
In view of the increasing network attacks on the military Internet system,this paper constructs the information security risk assessment index system of individual asset based on the principle of the security objectives(availability,integrity,and confidentiality)of the military Internet.Firstly,the security risk of individual asset is measured in combination with the system vulnerability,and the weighted average method is used to quantify the comprehensive risk of individual asset.Then,information entropy is introduced to measure the impact of the comprehensive risk of individual asset on the information system,and the five-dimensional risk values of military Internet system are calculated in physical environment,network security,host system,application system and data security.Finally,AHP is used to determine the influence degree of five-dimensional risk in military Internet information security and measure the comprehensive risk of military Internet.Through simulating a variety of attacks by building an attack and defense simulation platform,the results show that the proposed method can help to formulate the information security risk assessment standard of military Internet.
作者
谢俊彤
XIE Juntong(The 7th Research Institute of China Electronics Technology Group Corporation,Guangzhou 510310,China)
出处
《移动通信》
2022年第4期60-64,90,共6页
Mobile Communications
关键词
军用互联网
单个资产风险
综合风险
信息熵
AHP
Military internet
individual asset risk
comprehensive risk
information entropy
AHP
