WANG Yi,LIU San-yang,ZHANG Wen,WANG Ya-nan

DOI: https://doi.org/10.3969/j.issn.0372-2112.2014.12.025

2014-01-01

Abstract:Under the framework of IFS(Intuitionistic Fuzzy Sets),aiming at the situation that targets’attributes are interval value,the weights are totally unknown,and decision-makers have preference information,a threat assessment method with uncertain attribute weight based on intuitionistic fuzzy multi-attribute decision is proposed .Firstly,based on the above-mentioned problem,in-tuitionistic fuzzy interval judgment matrix is set up,and a standard interval value index processing method is put forward;secondly, by analyzing the target attribute,attribute weight,and decision-makers’authority degree in project,the preference project model in group decision making is finally constructed;thirdly,according to the attribute’s variety character in interval value,the definition of intuitionistic fuzzy interval value’s similarity and ideal resolve is given,and the optimization attribute weight restriction model is built up;lastly,some typical threat assessment examples are cited to verify that the method can reflect the influence of both subjec-tive and objective information,which can avoid the deviation caused by sensor invalidation,outside environment’s effect,or deci-sion-makers’subjective experience .Finally,the superiority of the method is proved by the threat assessment of some typical targets .

Xiang GAO,Yue-fei ZHU,Sheng-li LIU,Jin-long FEI,Long LIU

2013-01-01

Abstract:Aiming at the complex in the process of network security risk assessment, the asset, vulnerability and threat were used as the major factors in security assessment to establish the hierarchical index system for security assessment. The concept of credibility was introduced, and the security risk assessment model and fuzzy reasoning algorithm based on fuzzy Petri net were also proposed, making use of fuzzy Petri nets method joined together with the AHP to analyze the question, and combining qualitative analysis and quantitative analysis together. The example analysis shows that the ob-tained results are more accurate and scientific compared with traditional assessment methods. Therefore, this method is an effective network system risk assessment method.

Wei-Guo Zhang,Qin Mei,Qian Lu,Wei-Lin Xiao

DOI: https://doi.org/10.1016/j.cie.2011.05.003

IF: 7.18

2011-01-01

Computers & Industrial Engineering

Abstract:This paper deals with the problems of both project valuation and portfolio selection under the assumption that the investment capitals and the net cash flows of the projects are fuzzy variables. Using the credibilistic expected value and the credibilistic lower semivariance of fuzzy variables, this paper proposes both the credibilistic return index and the credibilistic risk index, which are measures of investment return and investment risk with annuity form for evaluating single project. Moreover, a composite risk-return index for selecting the optimal investment strategy is also presented. Then, we set up a general project portfolio optimization model with fuzzy returns and two specific models: triangle and interval fuzzy returns. Furthermore, we provide two algorithms: the improved heuristic rules based on genetic algorithm and the traversal algorithm. Finally, two numerical examples are presented to illustrate the efficiency and the effectiveness of these proposed optimization methods.

Yongli Li

2013-01-01

Abstract:A risk assessment model of classified protection based on fuzzy evaluation is put forward to objectively represent fuzziness and uncertainty in the information system risk assessment.Firstly,according to classified protection,the hierarchical evaluation system is proposed to normalize the selection of risk factors.Secondly,considering that the comment from experts might be uncertain or incomplete,the fuzzy comment set is defined so that the assessment model can deal with more complex situation.Moreover,the fuzzy evaluation method based on evidence theory is introduced to reduce the uncertainty and quantify the result of the assessment.Finally,a case study is given and the result shows that the model is effective and is widely used.

Dai Hang,Jia Bin,Mu Dejun

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.10.059

2006-01-01

Abstract:Including to the theory of risk evaluation, the concept of security domain has been raised and an evaluation model of information security risk based on fuzzy comprehensive judgment is proposed in this paper. The model simpli- fied multi-factor problems to single-factor problem by using multi-hierarchy structure. Moreover, elation matrix is intro- duced to describe the inter-relationship among judgment factors. At last, certain method is raised to analyse the result from fuzzy judgment and draw some conclusion.

Fang Liu,Kui Dai,Zhiying Wang,Jun Ma

DOI: https://doi.org/10.1007/978-3-540-31957-3_127

2005-01-01

Abstract:Decision making problems in security risk assessment are often associated with multiple criteria and multiple decision makers. In the proposed approach, decision making by multiple decision makers has been considered under uncertain conditions. An optimization model is used to assess criteria weights and then to rank risks. The different preference information from different decision makers are firstly transformed into uniform fuzzy preference relations and aggregated. Then ranking or selection of the alternatives reflects the decision makers' subjective preference based on the objective decision information. It has been found that using fuzzy set theory to represent uncertainties under multiple-participant multi-criteria environment is very promising. The practices indicate that fuzzy group decision making techniques provide concepts and theoretical results that are valuable in formulating and solving problems in security risk assessment.

Liang Liang,Peng Wang,Lin Tan

2013-01-01

Disaster Advances

Abstract:The comprehensive evaluation of information security risk is the key for executives in complex organizations to make macro decisions. Modern organizations have complicated structures and many levels. In addition, the influencing factors of organizing information security risk involve techniques, staffs and management. Under consideration of uncertainty on decision information, an improved fuzzy multi-criteria decision method is proposed. It combines fuzzy mathematics with partitioning method of space region, and provides a computing method for criteria weights by fusing criterion, thus to realize the comprehensive evaluation of organizing information security risk. Finally, an example of information security risk management for some large joint research project is taken to illustrate the guidance for actual work by the proposed method.

Xiaotong Li,Hua Li,Bingzhen Sun,Fang Wang

DOI: https://doi.org/10.3233/jifs-172097

2018-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Through advancing in information and communications technology, Smart Cities provide many potential advantages like improved energy efficiency, new economic opportunities and management methods, however the information security in the top-level design of building a quite efficient smart city is easy to be ignored and caused a huge economic losses for citizens. We focus on mining information risks of smart city from the perspective of system, identifying the key risks and determining the importance of each factor, in order to measure the risk accurately. This paper presents a failure mode and effects analysis (FMEA) method to analyze five dimensions of the information security of smart city, and assess the risks on the basis of the fuzzy set theory and the grey relational theory. Due to the problem is the risk assessment of multi-dimension for an organization information security, we present a decision model that provides an efficient framework for calculating the value of risk assessment. The results indicate that aspects of the highest importance of the information security risk of smart city are the threats in natural, contrived and physical aspects, followed by the lack of public security education and training. Through the analysis we can find out the relationship between the failure modes and the overall situation of the system, then it can distinguish the main factors which play a driving role, and the secondary factors which have less impact on the system. According to the assessment results, some suggestions are put forward to guarantee the information security of smart city. The practical application of fuzzy and grey FMEA proposed in this paper helps enhance the reliability of the prediction, and the ranking of risk factors can be used for better decision-making concerning taking measures, which in turn will make smart city safer.

Bo Wang,You Li,Shuming Wang,Junzo Watada

DOI: https://doi.org/10.1109/tfuzz.2018.2842752

IF: 12.253

2018-01-01

IEEE Transactions on Fuzzy Systems

Abstract:Considering nonstatistical uncertainties and/or insufficient historical data in security return forecasts, fuzzy set theory has been applied in the past decades to build portfolio selection models. Meanwhile, various risk measurements such as variance, entropy, and Value-at-Risk have been proposed in fuzzy environments to evaluate investment risks from different perspectives. Sharpe ratio, also known as the reward-to-variability ratio, which measures the risk premium per unit of the nonsystematic risk (asset deviation), has received great attention in modern portfolio theory. In this study, the Sharpe ratio in fuzzy environments is introduced, whereafter, a fuzzy Value-at-Risk ratio is proposed. Compared with Sharpe ratio, Value-at-Risk ratio is an index with dimensional knowledge that reflects the risk premium per unit of the systematic risk (the greatest loss under a given confidence level). On the basis of the two ratios, a multi-objective model is built to evaluate their joint impact on portfolio selection. Then, the proposed model is solved by a fuzzy simulation based multi-objective particle swarm optimization algorithm, where the global best of each iteration is determined by an improved dominance times based method. Finally, the algorithm superiority is justified via comparing with existing solvers on benchmark problems, and the model effectiveness is exemplified by using three case studies on portfolio selection.

hongsheng luo,yongjun shen,guidong zhang,liangliang huang

DOI: https://doi.org/10.1109/icsess.2015.7339176

2015-01-01

Abstract:To solve the fuzziness and uncertainty from many aspects on information security risk assessment, this paper proposes the information security risk assessment approach based on two stages decision model with grey synthetic measure. Firstly, the assessment criteria weights are determined by means of the combination of Delphi method and the adjacent criterion comparison method, and the grades of assessment results are determined; secondly, unity grey clustering coefficients or decision coefficients with synthetic measure are computed by grey clustering theory; at last, the grey classes of objects are determined and objects are squenced by risk values. Through case study, this method solves the uncertainty in parameter values and other factors, reduces the subjectivity of assessment process, and provides a new thought to information security risk assessment.

WANG Yi,FEI Hong-xiao,JIANG Ping

DOI: https://doi.org/10.3969/j.issn.1007-130x.2006.09.002

2006-01-01

Abstract:Based on the analysis of the factors that affect information security risks,a hierarchical information security assessment model is established.A risk analysis method based on fuzzy AHP is proposed to evaluate risks.This method adopts the triangular fuzzy number to represent the experts' judgment matrix of risk factors based on group decision,and uses AHP to handle these risk factors,thus provides reasonable data for decision-making.

Song HUANG,Hong-ya XIA,Li-qun TAN

DOI: https://doi.org/10.3969/j.issn.1673-629X.2010.01.049

2010-01-01

Abstract:with the sustainable development of the country and the acceleration of information technology,the information security issues is highly growing.In order to efficiently evaluate the information security and improve the security, an information system security model based on fuzzy comprehensive evaluation method is proposed.The model uses multi-layer structure and elation matrix is introduced to describe the inter-relationship among judgment factors.Moreover,on the basis of calculating the influence of factors on security,qualitative evaluation of security is accomplished.At last certain method is raised to analyse the result from fuzzy judgment and draws some conclusion.The method changes the ways of generally regarding information security as "black-box " to evaluation security,and plays a role in verifying and modifying the results made by traditional models.

Hua Zhi,Guidong Zhang,Yiqun Liu,Yongjun Shen

DOI: https://doi.org/10.1109/icsess.2017.8342953

2017-01-01

Abstract:There are many risks in software system throughout development and operation. If we can do some qualitative and quantitative analysis about the risk assessment indicators, and take steps to perform risk assessment, the loss of the risks will be obviously reduced. Analytic Hierarchy Process and modified fuzzy entropy weight are combined here, in this article, since the output of Analytic Hierarchy Process has subjective tendency, we need to use an optimized fuzzy entropy-weight to get a comprehensive weight to lower subjectivity and strengthen objectivity. In the end, We do an experiment to verify validity and applicability.

Xue Deng,Yuying Liu,Huidan Zhuang

2021-01-01

Abstract:Abstract—The security market is an uncertain and extremely complicated system, in which few scholars focus on the investor’s behavioral analysis by risk adaptation value parameter in the fuzzy portfolio model. In terms of this issue, this paper attempts to combine the three different investors’ risk attitudes and the security fuzzy uncertainty in the portfolio research. Firstly, the fuzzy return rate is defined as a trapezoidal fuzzy number with risk adaptation value parameter k. Different k values correspond to different risk attitudes which contain risk-averse, risk-neutral and risk-seeking. Secondly, in theory we derive the concrete numerical expressions of the possibilistic mean, variance and covariance with risk adaptation value by strictly mathematical proof based on possibility theory. On the basis of this, the fuzzy portfolio models with three different risk attitudes are developed under the constraints of transaction costs, investment proportion upper and lower bounds. Finally, some numerical examples are verified to show that our models are feasible and effective. Then we discuss and compare the results in the following cases: the influence of three different risk attitudes on the portfolio models when transaction costs are considered and not considered; the change of different k values and the impact of transaction costs when the risk attitude is the same.

You Li,Bo Wang,Junzo Watada

DOI: https://doi.org/10.1109/fuzzy.2011.6007314

2011-01-01

Abstract:Based on portfolio selection theory, this study proposes an improved fuzzy multi-objective model that can evaluate the invest risk exactly and increase the probability of obtaining the expected return. In building the model, fuzzy Value-at-Risk (VaR) is used to evaluate the exact future risk, in term of loss. The VaR can directly reflect the greatest loss of a selection case under a given confidence level. On the other hand, variance is utilized to make the selection more stable. This model can provide investors with more significant information in decision-making. To better solve this model, an improved particle swarm optimization algorithm is designed to mitigate the conventional local convergence problem. Finally, the proposed model and algorithm are exemplified by some numerical examples. Experiment results show that the model and algorithm are effective in solving the multi-objective portfolio selection problem.

ying xian chang,shi chao zhang,xin liu,dong lan liu,meng qian sun,fu hui zhao,hong lei yao

DOI: https://doi.org/10.1145/3675018.3675772

2024-01-01

Abstract:Quantitative assessment of data risks is a focal point in the field of data security. In this paper, we establish a multi-level power data security risk indicator system based on Data Security Capability Maturity Mode (DSMM) to delineate risk indicators covering the entire data lifecycle. We propose a method for representing expert evaluation information based on probabilistic hesitant fuzzy sets to mitigate issues arising from individual expert biases and the number of experts. By transforming the quantification of power data risks into a multi-attribute decision-making problem, we present a method for power data risk assessment based on probabilistic hesitant fuzzy multi-attribute group decision-making. Experimental results demonstrate that the proposed approach can effectively calculate power data risk levels, providing theoretical support for power data security protection.

周文中,袁永博,郎坤

DOI: https://doi.org/10.3969/j.issn.1674-8859.2012.04.007

2012-01-01

Abstract:In order to optimize distribution of resources used for green risk management in construction,risk ranking is of great necessity.To overcome the incompleteness of attributes used to characterize risks and simplification of ranking approaches,green risk factors in construction are identified.Taking fuzziness and uncertainty into account at the same time,the relevant risk factors are characterized with intuitionistic triangular fuzzy numbers from four dimensions:probability,damage,uncontrollability and urgency.Furthermore,an algorithm of multi-attribute decision making based on similarity to ideal grey relational projection,which combines grey system theory and TOPSIS with vector projection,is used to order risk factors,making references for subsequent risk management.Finally,the practicality of this model is validated through case analysis.

Pau-Chen Cheng,Pankaj Rohatgi,Claudia Keser,Paul A. Karger,Grant M. Wagner,Angela Schuett Reninger

DOI: https://doi.org/10.1109/sp.2007.21

2007-05-01

Abstract:This paper presents a new model for, or rather a new way of thinking about adaptive, risk—based access control. Our basic premise is that there is always inherent uncertainty and risk in access control decisions that is best addressed in an explicit way. We illustrate this concept by showing how the rationale of the well—known, Bell—Lapadula model based, Multi-Level Security (MLS) access control model could be used to develop a risk-adaptive access control model. This new model is more like a Fuzzy Logic control system [9] than a traditional access control system and hence the name “Fuzzy MLS”. The long version of this paper is published as an IBM Research Report [3].

Liu Renhui,Zhai Fengyong

DOI: https://doi.org/10.1109/wicom.2007.1211

2007-01-01

Abstract:There are the risk factors for software projects, which the emphasis on different importance for different software project, that should make multi-attribute risk evaluations. By the analysis for overall risks of software projects, software project risk evaluation system has been established, and complementary judgment matrix is designed based on triangular fuzzy number. Furthermore triangular fuzzy matrix has been made a solution by expansion principle from the multi-attribute-based., priorities of complementary judgment matrices are provided. The result realize for identifying the pivotal risk factor of construction project risk.

Fang Liu,Yong Chen,Kui Dai,Zhiying Wang,Zhiping Cai

DOI: https://doi.org/10.1007/11548706_57

2005-01-01

Abstract:Effective network security management requires assessment of inherently uncertain events and circumstances dynamically. This paper addresses the problems of risk probability assessment and presents an alternative approach for estimating probability of security risk associated with some interaction in ubiquitous computing. A risk probability assessment formula is proposed, and an estimating model adopting the Fuzzy C-Means clustering algorithm is presented. An experiment based on DARPA intrusion detection evaluation data is given to support the suggested approach and demonstrate the feasibility and suitability for use. The practices indicate that fuzzy clustering technique provides concepts and theoretical results that are valuable in formulating and solving problems in dynamic security assessment.