SHEN Jin-chang,DU Shu-xin,LUO Yi,LUO Ji-yang,YANG Qian,CHEN Zhi-feng

DOI: https://doi.org/10.3969/j.issn.1001-7402.2012.06.017

2012-01-01

Abstract:Instead of fuzzy membership function,by the theory of backward cloud generator and the algorithm of cloud we evaluate the fuzzy comprehensive system with the cloud model,which has the quality of fuzzy,random and statistic.Finally,with the supervision and testing data of food safety,we compare the method of cloud model with the normal method of fuzzy membership function,which proves that the cloud model has more advantages than the normal method.

Qing Yang,Yixin Jiang,Aidong Xu,Hong Wen,Feng Wang,LiuFei Chen,Kai Ouyang,Xiping Zhu

DOI: https://doi.org/10.1109/cns.2017.8228663

2017-01-01

Abstract:With the progress of the network and technology, the perfect combination of mobile intelligent terminal and internet, people are increasingly dependent on intelligent terminals. So, it was very necessary of a model for assessing the security performance of mobile intelligent terminals, especially to establish the objective model of the security performance of mobile intelligent terminal. In this paper, we propose a model that classification intelligent terminal security risk based on SVM algorithm, and it can achieve the classification of mobile intelligent terminal security level objectivity and accurately. Such that users have an intuitive understanding for the intelligent mobile terminal security, by which the security needs can be met.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

Qiang YAN,Hua-ying SHU,Zhong CHEN,Yun-suo DUAN

DOI: https://doi.org/10.3969/j.issn.1007-5321.2005.04.017

2005-01-01

Abstract:Security evaluation is an important approach for the security risk management of the information system. But there are lack of effective methods and tools for security evaluation. To resolve the problem, an object model of security evaluation is established based on the object oriented technology. The concepts of correlation test and dependency test are introduced and a set of tools is also developed according to the model. The practical application indicates that the object oriented technology can improve the efficiency of security evaluation, and the correlation test and dependency test also improve the penetration testing effects.

Zhou Guoqiang,Lu Wei,Zeng Qingkai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.11.002

2007-01-01

Abstract:An information security evaluation model is proposed.Based on the analyses of contents and functions of security evolution,the architecture of the security evaluation model and platform is presented,and its implementation is given.The main functions of this model are to organize,manage and control the security test and evaluation.It also has features in generalization,integration and configuration.

闫强,陈钟,段云所,唐礼勇

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.06.001

2003-01-01

Abstract:This paper reviews the history of information system security evaluation criteria, introduces criteria which have important effect on security evaluation such as TCSEC and CC, clarifies the evaluation method and its implementation model, and introduces recent researches of other countries in this field.

GUO Lifeng,WANG Junbiao,JIANG Jianjun

DOI: https://doi.org/10.3969/j.issn.1005-2402.2008.05.037

2008-01-01

Abstract:Lots of information systems are invested blindly in the process of enterprise informationization, but there is no effective method to evaluate their benefit. Accordingly, a fuzzy synthesized evaluation method based on critical success factor (CSF) and business process value is proposed. It analyses and quantifies the value of business process and the value which information system effect on the business process. The method is useful for analyzing the implementation benefit and weakness of information system.

张鑫,顾庆,陈道蓄

DOI: https://doi.org/10.3969/j.issn.1002-137x.2009.09.032

2009-01-01

Computer Science

Abstract:Quality of protection can be seen as the security target of security modules when doing their security treatments,which can be judged by quantitative criteria.The question of how to evaluate whether the current software system has fulfills the quality of protection target objectively and effectively has become one of the hotspots of research.Currently,however,most security professionals use the qualitative method for security evaluation,which is highly subjective and makes the evaluation result dependent on the individual experience and thus unreliable.So what needed are substantive and quantitative security metrics.Because of the complexity and the difficulty of implementing the security metrics,a novel security evaluation model was presented in this paper,which analyzed the relative security level of given systems from the views of attack surface,denial of service and attack graph.At last,a general discussion for the process and the result of the evaluation were given.

LI Zhi-guo,ZENG Qing-kai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.02.035

2008-01-01

Abstract:This paper proposes a quantitative security evaluation model,BFN,which reflects the probability relationship between functional components and threats in a system,based on risk analysis approach. By this model it can quantitatively evaluate the deficiency in functional components of a system as well as its impact on the system. The experiments demonstrate that the model can compare different systems in security,and optimize a system by analyzing its weakness.

QIAN Run-hua,SHI Qi-xin,ZHAO Rui-ling,CHEN Xi-qun

DOI: https://doi.org/10.3969/j.issn.1003-8868.2008.12.002

2008-01-01

Abstract:Objective To estimate deployment of field medical equipment, which is aim at the manifold differences between field medical equipment in wartime or emergencies and common hospital equipment. Methods Based on a good many factors, the system of comprehensive evaluation index on field medical equipment deployment were built up. The model of comprehensive evaluation index was established in applicant of a grey system theory. By discriminating model parameters, the order of comprehensive evaluation is involved in various medical equipment deployments. Results The examples of the evaluation show that is simple and convenient, lesser relevance in indicators and the evaluative results and actual position are conformity. Conclusion The evaluated results of field medical equipment deployment are important for the selection of field medical equipment, which can meet all deployable conditions in wartime or various emergencies. At the same time, the theoretic method has also settled the foundation in evaluation of other military equipment deployment.

ZHAO Hong-mei,LI Wei-ying,WANG Fu-shun,JIN Hua,PENG Yu-rong

DOI: https://doi.org/10.3969/j.issn.1003-188X.2008.09.071

2008-01-01

Abstract:This article describes the concept and characteristic of SSE-CMM.An evaluation process of system security of Hebei wheat planting expert system has been worked out and the evaluation process is used to analyze the information system security.The conclusions can be used to improve the system security.

Xiaotong Li,Hua Li,Bingzhen Sun,Fang Wang

DOI: https://doi.org/10.3233/jifs-172097

2018-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Through advancing in information and communications technology, Smart Cities provide many potential advantages like improved energy efficiency, new economic opportunities and management methods, however the information security in the top-level design of building a quite efficient smart city is easy to be ignored and caused a huge economic losses for citizens. We focus on mining information risks of smart city from the perspective of system, identifying the key risks and determining the importance of each factor, in order to measure the risk accurately. This paper presents a failure mode and effects analysis (FMEA) method to analyze five dimensions of the information security of smart city, and assess the risks on the basis of the fuzzy set theory and the grey relational theory. Due to the problem is the risk assessment of multi-dimension for an organization information security, we present a decision model that provides an efficient framework for calculating the value of risk assessment. The results indicate that aspects of the highest importance of the information security risk of smart city are the threats in natural, contrived and physical aspects, followed by the lack of public security education and training. Through the analysis we can find out the relationship between the failure modes and the overall situation of the system, then it can distinguish the main factors which play a driving role, and the secondary factors which have less impact on the system. According to the assessment results, some suggestions are put forward to guarantee the information security of smart city. The practical application of fuzzy and grey FMEA proposed in this paper helps enhance the reliability of the prediction, and the ranking of risk factors can be used for better decision-making concerning taking measures, which in turn will make smart city safer.

Hongbo Li,Xiaohong Li,Jianye Hao,Guangquan Xu,Zhiyong Feng,Xiaofei Xie

DOI: https://doi.org/10.1109/QRS.2017.45

2017-01-01

Abstract:It is critical and foremost to come up with the corresponding security requirements first which the following implementations are based on. However, previous security requirement elicitation work based on Common Criteria (CC) rarely addresses the detailed elicitation process of threats from specific functional requirements, which thus results in the widen gap between specific functional requirements and their corresponding threats. To this end, this paper proposes a framework for eliciting corresponding security requirements of specific functional requirements from the requirements specification. A formal model is built in the framework to assist requirement analysts in half-automatic collecting threats. To enhance the framework's automaticity and reusability, a security property base is constructed based on authoritative sources of security properties to support the framework. A practical information system is applied to verify the framework's practicability. Finally the framework's advantages and limitations are discussed thoroughly compared with previous approaches and useful insights are revealed.

Jin Yang,Cilin Wang,Le Yu,Caiming Liu,Lingxi Peng

DOI: https://doi.org/10.1007/978-3-642-34041-3_68

2012-01-01

Abstract:Cloud computing is an important innovation in the current computing model. The critical problem of cloud computing faced at present is the security issue. In the current network environment, that relying on a single terminal to check the Trojan virus is considered increasingly unreliable. Based on the correspondence between the artificial immune system antibody and pathogen invasion intensity, this paper is to establish a real-time network risk evaluation model in cloud computing. This paper builds a hierarchical, quantitative measurement indicator system, and a unified evaluation information base and knowledge base. The paper also combines assets evaluation system and network integration evaluation system, considering from the application layer, the host layer, network layer may be factors that affect the network risks. The experimental results show that the new model improves the ability of intrusion detection and prevention than that of the traditional intrusion prevention systems.

Yong li Tang,Yi qi Dai

DOI: https://doi.org/10.1109/WICOM.2009.5302149

2009-01-01

Abstract:it has attracted more attention to the researchers about how to build an appropriate model to assess the risk of information systems. Aimed at this issue, a measurement framework of combining qualitative analysis with quantitative computation is proposed. From the implementation of information security management measurement (ISMM), the model, factors, indices, means and implementation flow are also given in detail. At last, the implementation flow of ISMM is depicted.

MA Liang-Hua,WU Zhi-hao

2005-01-01

Abstract:The development of evaluation methods for security fund performance has accumulated many research achievements. During the course, the factor or index used to evaluate security fund performance is always the bone of contention, which is also the main route that the development of evaluation methods followed. Early e-valuation methods were single-factor and comprehensive performance evaluation models, multifactor models came up subsequently. On the basis of comprehensive performance evaluation, scholars divided the fund performance into market timing ability and securities selection ability.

Mingqiu Ren,Yi Leng,Le Zhang

DOI: https://doi.org/10.1088/1742-6596/2173/1/012062

2022-01-01

Journal of Physics: Conference Series

Abstract:Abstract The currently used evaluating method has such problems as complex evaluation index space, complexity of computation, low evaluation efficiency, and low systematicness and intellectualization, which is difficult to meet the requirements of operational effectiveness evaluation for ECM equipment. In order to guarantee the efficiency and accuracy of operational effectiveness evaluation, an integrated and systematic evaluation method was provided based on multi-views system’s simulation model architecture, which can show the actual frameworks of equipment system for evaluation, we describe the element, structure, operational process and index system in a standardized manner. Furthermore, a framework of Flexible-intelligent Evaluation towards Combat-capability Space in System-of-systems (FECSS) was proposed. The FECSS method builds a bi-directional mapping relation between the upper and low operational effectiveness indicators by basic indicators-formed space in system-of-systems which combined the complex evaluation index, evaluation process with intelligent evaluation model. The proposed method can effectively analysis the effectiveness results in condition of different types and numbers of equipment. It also makes the electronic countermeasure equipment project demonstration and operational application more feasibly and practically.

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan,Chenguang Lin

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.04.019

2004-01-01

Abstract:Aiming at the deficiency that is unable to provide useful security situation information encountered in the cur2 rent security evaluation systems , a hierarchical and quantitative model , which is used to evaluate security situation of net2 worked systems , and its corresponding computation method are proposed based on the importance of service , host , and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global , calculates the risk indexes of service , host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity , and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels : service , host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.

王雪冬,李伟英,王福顺,金花,刘丽娟,李宝昌

DOI: https://doi.org/10.3969/j.issn.1003-188x.2008.10.049

2008-01-01

Abstract:This paper briefly introduces the model of SSE-CMM, According to SSE-CMM model the solution schemes of agriculture information system is worked out, including the measure,programme and the sticking point. It is focusing on the connection between SSE-CMM and agriculture information system, as well as the entry for evaluation. The foreground of sse-cmm in agriculture information system is also given at last.