An Information System Risk Assessment Method Based on Risk Propagation

被引:0
|
作者
Yang H.-Y. [1 ,2 ]
Zhang L. [2 ]
Zhang L. [2 ]
机构
[1] College of Safety Science and Engineering, Civil Aviation University of China, Tianjin
[2] College of Computer Science and Technology, Civil Aviation University of China, Tianjin
[3] College of Information, University of Arizona, Tucson, 85721, AZ
来源
Beijing Youdian Daxue Xuebao/Journal of Beijing University of Posts and Telecommunications | 2021年 / 44卷 / 04期
关键词
Propagation probability; Risk assessment; Risk propagation; State transition probability; Three-parameter interval number;
D O I
10.13190/j.jbupt.2021-019
中图分类号
学科分类号
摘要
Traditional information system risk assessment methods do not consider the state change of nodes and the direction of risk propagation, and the accuracy of the evaluation results is affected by the subjectivity of experts. To solve these problems, an information system risk assessment method based on risk propagation is proposed. First, the initial state transition probability matrix of the node is determined, and the node state transition probability is obtained by modifying the matrix according to the attack attributes. Then, the propagation probability of nodes in all directions is calculated based on the topology network and node attribute value. Next, the three-parameter interval number method is used to obtain the quantitative value of node threat events. Finally, the risk value of each node is calculated according to the risk assessment method. Experimental results show that the proposed method is more objective and reasonable, and it improves the integrity and accuracy of the risk assessment of information systems. © 2021, Editorial Department of Journal of Beijing University of Posts and Telecommunications. All right reserved.
引用
收藏
页码:41 / 48
页数:7
相关论文
共 11 条
  • [1] Xu Shuo, Tang Zuoqi, Wang Xin, Information security risk assessment based on D-AHP and grey theory, Computer Engineering, 45, 7, pp. 194-202, (2019)
  • [2] Zhao Gang, Wu Tianshui, Information security risk assessment based on G-ANP, Journal of Tsinghua University (Science and Technology), 53, 2, pp. 1761-1767, (2013)
  • [3] Antonio R, Ortega F, Ramrio C., A method for the evaluation of risk in IT projects, Expert Systems with Applications, 45, C, pp. 273-285, (2016)
  • [4] Hong Q, Jian W T, Zheng T, Et al., An information security risk assessment algorithm based on risk propagation in energy Internet, 2017 IEEE Conference on Energy Internet and Energy System Integration (EI2), pp. 1-6, (2017)
  • [5] Feng N, Wang H J, Li M Q., A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis, Information Sciences, 6, pp. 57-73, (2014)
  • [6] Brin S, Page L., The anatomy of a large-scale hyper textual web search engine, Computer Networks and ISDN Systems, 30, 1, pp. 107-117, (1998)
  • [7] Xi Rongrong, Yun Xiaochun, Zhang Yongzheng, Et al., An improved quantitative evaluation method for network security, Chinese Journal of Computers, 38, 4, pp. 749-758, (2015)
  • [8] Whitman M, Mattord H, Whitman, Et al., Principles of information security, pp. 60-64, (2003)
  • [9] The standardization administration of china. information security risk assessment specification: GB/T 20984-2007, pp. 6-8, (2007)
  • [10] Huang Yujie, Tang Zuoqi, Liang Jing, Information security risk assessment based on information entropy and three-parameter interval, Computer Engineering, 44, 12, pp. 65-69, (2018)
12