Ling Liu
Jinzhong Electric Power Supply Company, Shanxi Electric Power Corporation, Jinzhong, China
Tonggang Bao
Jinzhong Electric Power Supply Company, Shanxi Electric Power Corporation, Jinzhong, China
Jiahang Yuan
School of Economic and Management, North China Electric Power University, Beijing, China
Cunbin Li
School of Economic and Management, North China Electric Power University, Beijing, China
ABSTRACT
As new threats continue to emerge, the information system cannot be safe forever. To ensure information security, a security risk assessment is needed. Compared to traditional methods, such as AHP, fuzzy logic, and grey analysis, an approach based on grey incidence and D-S theory of evidence is put forward to evaluate information system security in this paper. Firstly, the uncertainty in index parameter values is analyzed, according to the actual condition and history statistical data, the vacant index parameter values may meet three kinds of distributions: uniform distribution, exponential distribution, and normal distribution. The corresponding prior estimates are given to fill the vacant values up. Then, the concept of interval conversion operator is defined, using grey incidence to determine the uncertain degrees of different indices, and the mass functions are obtained by the uncertain degrees. Finally, mass functions are fused in accordance with the rule of combination and sequence the information system security risk according to the belief function value. An example application has proved the feasibility and effectiveness of this method. The results indicate this method can obviously reduce the overall uncertainty and provide a new thought to information security risk assessment approaches.
PDF References Citation
How to cite this article
Ling Liu, Tonggang Bao, Jiahang Yuan and Cunbin Li, 2013. Risk Assessment of Information Security Based on Grey Incidence and D-s Theory of Evidence. Journal of Applied Sciences, 13: 1740-1745.
DOI: 10.3923/jas.2013.1740.1745
URL: https://scialert.net/abstract/?doi=jas.2013.1740.1745
DOI: 10.3923/jas.2013.1740.1745
URL: https://scialert.net/abstract/?doi=jas.2013.1740.1745
REFERENCES
- Chen, S.J. and S.M. Chen, 2003. Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers. IEEE Trans. Fuzzy Syst., 11: 45-56.
CrossRef - Demotier, S., W. Schon and T. Denoeux, 2006. Risk assessment based on weak information using belief functions: A case study in water treatment. IEEE Trans. Syst. Man Cybernetics Part C: Appl. Rev., 36: 382-396.
CrossRef - Fu, Y., X.P. Wu, Q. Ye and X. Peng, 2010. An approach for information systems security risk assessment on fuzzy set and entropy-weight. Acta Electronica Sinica, 38: 1489-1494.
Direct Link - Fu, Y., X.P. Wu and C. Yan, 2006. The method of information security risk assessment using Bayesian networks. Wuhan Univ. (Nat. Sci. Edn.), 52: 631-634.
Direct Link - Gao, Y. and J. Luo, 2009. Information security risk assessment based on grey relational decision-making algorithm. J. Southeast Univ. (Nat. Sci. Ed.,), 39: 225-229.
Direct Link - Li, P. and S.F. Liu, 2011. Interval-valued intuitionistic fuzzy numbers decision-making method based on grey incidence analysis and D-S theory of evidence. Acata Automatica Sinica, 37: 993-998.
Direct Link - Zhao, D.M., J.H. Wang, J. Wu and J.F. Ma, 2005. Using fuzzy logic and entropy theory to risk assessment of the information security. Proceedings of the 4th International Conference on Machine Learning and Cybernetics, Volume 4, August 18-21, 2005, Guangzhou, China, pp: 2448-2453.
CrossRef - Zhao, L. and Z. Xue, 2009. Mult-i attribute group decision-making information system security assessment based on VPRS. J. ShangHai JiaoTong Univ., 43: 1161-1166.
Direct Link