计算机与现代化

• 网络与通信 • 上一篇    下一篇

基于改进贝叶斯模型的信息安全风险评估

  

  1.  (贵州大学计算机科学与技术学院,贵州贵阳550025)
  • 出版日期:2018-04-28 发布日期:2018-05-02
  • 作者简介:黄玉洁(1991),女,河南信阳人,贵州大学计算机科学与技术学院硕士研究生,研究方向:信息系统安全; 唐作其(1979),男,贵州兴义人,副教授,硕士,研究方向:软件工程,网络与信息安全。
  • 基金资助:
    贵州省科技支撑计划项目(黔科合SY字[2011]3111); 贵州大学青年教师科研基金资助项目(贵大自青合字(2013)01号); 贵州大学研究生创新基金资助项目(研理工2017081)

Information Security Risk Assessment Based on Improved Bayesian Network Model

  1. (College of Computer Science and Technology, Guizhou University, Guiyang 550025, China)
  • Online:2018-04-28 Published:2018-05-02

摘要:  随着信息化时代的到来,信息安全问题变得日益复杂与多样,因此急需一种高性能的解决方法。本文在前人的研究基础上进一步改进贝叶斯网络模型在信息安全风险评估中的应用。首先分析信息系统风险元素种类,提出一种新的确定风险因素的方法,即建立因素之间常见关联关系;然后依据因素关联关系确定信息系统指标体系,并结合经验积累的条件概率,利用Matlab贝叶斯网络工具箱(BNT)构建完整的贝叶斯网络风险评估模型,其中包括对评估流程、方法使用及风险等级确定的分析;最后通过实例分析改进的贝叶斯评估模型,对实验数据推理出风险各等级概率。仿真结果与实际结论相一致,表明改进的贝叶斯评估模型能够准确反映信息系统安全风险等级,是一种有效且合理的评估方法。

关键词: 信息安全, 风险评估, 贝叶斯网络, 风险因素, 风险等级

Abstract: With the advent of the information age, information security issues become increasingly complex and diverse, so a costeffective solution should be badly in need. Based on the previous research, this paper further improves the application of Bayesian network model in information security risk assessment. Firstly, it analyzes the types of risk elements of information system, and puts forward a new method to determine the risk factors, that is, the common relationship between factors. Then, the information system index system is determined according to the factor relation. Combined with the conditional probability of experience accumulation, the Matlab Bayesian network toolbox (BNT) is used to construct a complete Bayesian network risk assessment model, which includes the analysis of the assessment process, the use of methods and the determination of risk levels. Finally, by analyzing the improved Bayesian assessment model, the probability of each level of risk is deduced according to experimental data. The simulation results are consistent with the actual results, which show that the improved evaluation method is effective and reasonable.

Key words: information security, risk assessment, Bayesian network, risk factors, risk grades

中图分类号: