摘要
在信息安全形势日益严峻的今天,寻找一种客观、准确、可靠的风险评估方法变得尤为重要。为降低主观因素的影响,提高评估结果的可靠性和准确性,并实现自动化评估,文章基于扩展攻击树模型与模糊层次分析法,提出了一种新的系统安全风险评估方法。同时,采用多属性效用理论来量化叶子节点的风险值,以实现客观准确的评估。实例验证表明,该风险评估方法简单易行,具有较高的应用价值和通用性。
In the increasingly severe situation of information security today,it is particularly important to find an objective,accurate and reliable risk assessment method.In order to reduce the influence of subjective factors,improve the reliability and accuracy of the evaluation results,and realize the automatic evaluation,this paper proposes a new system security risk evaluation method based on the extended attack tree model and fuzzy analytic hierarchy process.At the same time,the multi-attribute utility theory is used to quantify the risk value of leaf nodes to achieve objective and accurate evaluation.The example shows that the risk assessment method is simple and feasible,and has high application value and universality.
作者
朱爱青
ZHU Aiqing(Zibo Vocational Institute,Zibo,Shandong 255000,China)
出处
《计算机应用文摘》
2024年第5期83-85,88,共4页
Chinese Journal of Computer Application
关键词
扩展攻击树
信息系统安全
安全风险评估
expand attack tree
information system security
security risk assessment
