Subscribe Now Subscribe Today
Research Article

Risk Assessment of Information Security Based on Grey Incidence and D-s Theory of Evidence

Ling Liu, Tonggang Bao, Jiahang Yuan and Cunbin Li

As new threats continue to emerge, the information system cannot be safe forever. To ensure information security, a security risk assessment is needed. Compared to traditional methods, such as AHP, fuzzy logic, and grey analysis, an approach based on grey incidence and D-S theory of evidence is put forward to evaluate information system security in this paper. Firstly, the uncertainty in index parameter values is analyzed, according to the actual condition and history statistical data, the vacant index parameter values may meet three kinds of distributions: uniform distribution, exponential distribution, and normal distribution. The corresponding prior estimates are given to fill the vacant values up. Then, the concept of interval conversion operator is defined, using grey incidence to determine the uncertain degrees of different indices, and the mass functions are obtained by the uncertain degrees. Finally, mass functions are fused in accordance with the rule of combination and sequence the information system security risk according to the belief function value. An example application has proved the feasibility and effectiveness of this method. The results indicate this method can obviously reduce the overall uncertainty and provide a new thought to information security risk assessment approaches.

Related Articles in ASCI
Similar Articles in this Journal
Search in Google Scholar
View Citation
Report Citation

  How to cite this article:

Ling Liu, Tonggang Bao, Jiahang Yuan and Cunbin Li, 2013. Risk Assessment of Information Security Based on Grey Incidence and D-s Theory of Evidence. Journal of Applied Sciences, 13: 1740-1745.

DOI: 10.3923/jas.2013.1740.1745


Chen, S.J. and S.M. Chen, 2003. Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers. IEEE Trans. Fuzzy Syst., 11: 45-56.
CrossRef  |  

Demotier, S., W. Schon and T. Denoeux, 2006. Risk assessment based on weak information using belief functions: A case study in water treatment. IEEE Trans. Syst. Man Cybernetics Part C: Appl. Rev., 36: 382-396.
CrossRef  |  

Fu, Y., X.P. Wu and C. Yan, 2006. The method of information security risk assessment using Bayesian networks. Wuhan Univ. (Nat. Sci. Edn.), 52: 631-634.
Direct Link  |  

Fu, Y., X.P. Wu, Q. Ye and X. Peng, 2010. An approach for information systems security risk assessment on fuzzy set and entropy-weight. Acta Electronica Sinica, 38: 1489-1494.
Direct Link  |  

Gao, H.S. and J. Zhu, 2008. Security risk assessment model of network based on D-S evidence theory. Comput. Eng. Appl., 44: 157-159.

Gao, Y. and J. Luo, 2009. Information security risk assessment based on grey relational decision-making algorithm. J. Southeast Univ. (Nat. Sci. Ed.,), 39: 225-229.
Direct Link  |  

Li, P. and S.F. Liu, 2011. Interval-valued intuitionistic fuzzy numbers decision-making method based on grey incidence analysis and D-S theory of evidence. Acata Automatica Sinica, 37: 993-998.
Direct Link  |  

Zhao, D.M., J.H. Wang, J. Wu and J.F. Ma, 2005. Using fuzzy logic and entropy theory to risk assessment of the information security. Proceedings of the 4th International Conference on Machine Learning and Cybernetics, Volume 4, August 18-21, 2005, Guangzhou, China, pp: 2448-2453.

Zhao, L. and Z. Xue, 2009. Mult-i attribute group decision-making information system security assessment based on VPRS. J. ShangHai JiaoTong Univ., 43: 1161-1166.
Direct Link  |  

©  2019 Science Alert. All Rights Reserved