Gang Chen,Dawei Zhao

DOI: https://doi.org/10.4304/jnw.8.9.2093-2100

2013-01-01

Abstract:This paper concentrates on the information security risk assessment model utilizing the improved wavelet neural network. The structure of wavelet neural network is similar to the multi-layer neural network, which is a feed-forward neural network with one or more inputs. Afterwards, we point out that the training process of wavelet neural networks is made up of four steps until the value of error function can satisfy a pre-defined error criteria. In order to enhance the quality of information security risk assessment, we proposed a modified version of wavelet neural network which can effectively combine all influencing factors in assessing information security risk by linear integrating several weights. Furthermore, the proposed wavelet neural network is trained by the BP algorithm with batch mode, and the weight coefficients of the wavelet are modified with the adopting mode. Finally, a series of experiments are conduct to make performance evaluation. From the experimental results, we can see that the proposed model can assess information security risk accurately and rapidly

Weihua Li,Shaocheng Wu,Yue Ma,Tao Liu,Yali Bai,Jinxin Zuo

DOI: https://doi.org/10.1007/978-3-031-06791-4_38

2022-01-01

Abstract:In the ubiquitous network environment, the security threats facing the metering automation system are also increasing. The risk assessment of electric energy measurement automation system is an important goal of power grid security, but it faces difficulties such as single hidden danger identification means and lack of dynamic assessment models. To improve the accuracy and rationality of the system risk assessment, this paper realizes the dynamic risk assessment of the electric energy metering automation system. First, a risk assessment index system is established from the three aspects of technology, management, and regulations. Secondly, based on analytic hierarchy process, we analyzed the weight of the risk assessment indicator to obtain the subjective weight of the risk assessment indicator. Then, the Bayes grid method is improved by the method of probability distribution, which quantitatively describe the relationship between parent nodes and child nodes. Through the improved Bayesian grid method, the objective weight of the risk assessment indicator is obtained, and the comprehensive weight of the assessment indicator is calculated through combination weighting, which realizes the comprehensive risk assessment of the measurement automation system. Finally, the simulation experiment analysis and the sensitivity analysis of the proposed model are carried out. The result shows that the safety guarantee goal of the electric energy metering automation system depends to a large extent on the technical reliability.

Kunfu Wang,Wei Feng,Xing Li

DOI: https://doi.org/10.12783/dtcse/ccnt2020/35444

2021-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:In order to assist network administrators to assess network security risks, a new Bayesian model of network risk assessment method is proposed. Firstly, the model designs the quantitative method of attack revenue and attack cost index, introduces the atomic attack efficiency variable, and integrates the variable into the calculation of probability, obtains the prior risk probability of each node in the network, so as to carry out the static evaluation of network risk. Secondly, DNO_Alg of deleting node order is proposed to determine the order of eliminating elements, so that Bayesian model can be transformed into cluster tree. Finally, combined with the detected attacks, the cluster tree propagation algorithm is used to dynamically calculate the posterior risk probability of nodes, so as to evaluate the network risk in real time.

Yong Hu,Juhua Chen,Jiaxing Huang,Jinghua Xiao,Kang Xie,Junbiao Tang

2007-01-01

Abstract:Uncertainty during the period of software project development will bring huge risks to contractors and clients. If we can establish an effective model to predict the cost and quality of software projects based on facts such as the project character and two-side cooperating capability at the beginning of the project, the risks may be mitigated. Bayesian Belief Network (BBN) is a good method for analyzing uncertain consequences, but it is difficult to produce precise network structure and conditional probability table. In this paper, we built up network structure by Delphi method for conditional probability table learning, and learn to update probability table and nodes' confidence levels continuously according to the application cases. This gives the evaluation network its learning abilities, and the software development risk of organization can be evaluated more accurately. In addition, we introduced EM algorithm to enhance the ability in producing hidden nodes caused by variant software projects.

Xiong Jin-shi,Li Jian-hua,Yang Ying-hui

DOI: https://doi.org/10.1109/mines.2012.138

2013-01-01

Abstract:Weight reflects the essentiality of an index in index volume. Presented a method of determine index weight in security risk evaluation (SRE) based on information entropy. It is a kind of structure analysis method, which constituted entropy model for security risk evaluation of information system and defined subjection function in the first instance, shaped subjection degree matrix of experts' ideas via idea collection and expert compositor, and then introduced average cognitive degree and cognitive bind degree, eliminated experts' indetermination of cognition in compositor phases. In the end, gained vector quantities of weight via normalized. The method of determine index weight based on information entropy puts forward a new method to determine index weight in security risk evaluation.

Z. Q. Cai,J. B. Zhao,Y. Li,S. B. Si,M. N. Ni

DOI: https://doi.org/10.1109/ieem.2015.7385659

2015-01-01

Abstract:This paper proposed an information security Bayesian network (IBN) model to evaluate the system information security. First, an information security hierarchy model is put forward with the analytical hierarchy process based on the characteristics of equipment development enterprises information systems and information security evaluation criteria. Then, according to the definition of Bayesian network, the IBN is built by transforming the information security hierarchy model into Bayesian network with structure and probability distributions. Finally, a case study is implemented to demonstrate the proposed evaluation method. The results show that the IBN model provides a convenient framework to evaluate the system information security.

Yancui Duan,Yonghua Cai,Zhikang Wang,Xinyang Deng

DOI: https://doi.org/10.3390/app8030428

2018-01-01

Abstract:Nowadays, computer networks are playing a more and more important role in people’s daily lives. Meanwhile, the security of computer networks has also attracted widespread concern. However, up to now, there is no universal and effective assessment approach for computer network security. Therefore, a novel network security risk assessment approach by combining subjective and objective weights under uncertainty is proposed. In the proposed evaluation approach, the uncertainty of evaluation data is taken into account, which is translated into objective weights through an uncertainty measure. By combining the subjective weights of evaluation criteria and the objective weights of evaluation data, the final weights can be obtained. Then, Dempster–Shafer (D-S) evidence theory and pignistic probability transformation (PPT) are employed to derive a consensus decision for the degree of the network security risk. Two illustrative examples are given to show the efficiency of the proposed approach. This approach of risk assessment, which combines subjective and objective weights, can not only effectively evaluate computer network security, but also be widely used in decision-making.

Ming LI,Ren ZHANG,Mei HONG

DOI: https://doi.org/10.11840/j.issn.1001-6392.2018.02.001

2018-01-01

Abstract:Under the global climate change,the massive,unpredictable and disaster-chain effects of marine disasters are becoming more and more prominent,and the losses have increased year by year.So it is important to carry out the risk assessment of marine disasters.Aiming at the uncertainties in marine disaster assessment,this paper firstly analyzed the uncertainties of marine disaster risk based on risk theory and constructed the disaster assessment index system.Then,a Bayesian network for uncertain disaster assessment was proposed based on the Bayesian Network model,and a weighted Bayesian network assessment model was constructed based on subjective and objective weights.Finally,the assessment of marinc disastcr risk in coastal areas of China was carried out.Experiments show that the evaluation model effectively achieves the risk assessment of marine disasters and has practical operability.

刘芳,蔡志平,肖侬,王志英,陈勇

DOI: https://doi.org/10.3969/j.issn.1002-137x.2008.12.007

2008-01-01

Computer Science

Abstract:Risk probability estimating analyzes the distributed network and assesses inherently uncertain events and circumstances dynamically.And the estimating probability of security risk is an absolutely necessary step of developing network security protection system.The problems of feature extraction,cluster analysis,similarity measurement and estimation methods in network situation awareness were addressed.A risk probability assessment formula was proposed,and an estimating model adopting the neural networks was presented.An experiment based on DARPA intrusion detection evaluation data was given to support the suggested approach and demonstrated the feasibility and suitability for use.

Ruo-hai DI,Xiao-guang GAO,Zhi-gao GUO

DOI: https://doi.org/10.3969/j.issn.0372-2112.2016.06.035

2016-01-01

Abstract:Bayesian network is one of the main tools for data mining.In such cases as large equipment fault diagno-sis,geological disaster forecast,operational decision,etc,good results are expected to achieve based on small data sets. Therefore,this article focuses on the problem of learning Bayesian network from small data sets.Firstly,the structure con-straint model based on the probability distribution of the connection was built.Then,the improved-Bayesian Dirichlet-binary particle swarm optimization algorithm was proposed.Secondly,the monotonicity parameter constraint model was defined and the monotonicity constraint estimation algorithm was proposed.Finally,the proposed algorithm was applied to construct the threat assessment model.Then,the model was used for reasoning with the variable elimination method.Experimental results reveal that the structure learning algorithm outperforms classical binary particle swarm optimization algorithm and the param-eter learning method surpasses maximum likelihood estimation,isotonic regression and convex optimization method for small data sets.The threat assessment model is also proved to be effective.

Qian Yu,Yongjun Shen

DOI: https://doi.org/10.1109/imcec.2016.7867182

2016-01-01

Abstract:Risk prediction is an important part of the information security system. At present, information security system needs an effective prediction method urgently. In accordance with the information security risk assessment process and combination of assets, threat, vulnerability and safety control measures, to strengthen the correlation among these factors and make the prediction results more objective for the target, the authors put forward a model based on the combination of the grey theory and analytic network process(ANP) with information security risk prediction. First, the model predicted value of each element is obtained by grey theory GM(1,1), and then establish the weight of each risk assessment element through the analytic network process (ANP) by analyzing interdependency and feedback, finally, set up systematic risk fuzzy comprehensive calculation to process data and build accurate mathematical model by combining with the risk assessment level. That is [0,1],to achieve a more accurate risk situation prediction through the quantitative results so of realistic significance for information system security.

Liu Xia,Cai Jiani,Jiang Jianhui,Hong Xiang,Yang Genxing

DOI: https://doi.org/10.3969/j.issn.1000-386X.2010.06.085

2010-01-01

Abstract:Information security risk assessment is an important part of information security risk management.To assess the risk of an information system,not only the risks of its independent subsystems,but also the risks caused by the interactions among subsystems should be taken into consideration.Based on the analytic hierarchy process,a quantitative risk assessment method combining entropy weight with triangular fuzzy number is proposed.Triangular fuzzy numbers are used to describe the information that estimated by the information security experts,and the entropy weight is introduced to decrease the subjectivity of conventional weights.Moreover,the effect caused by the complexity of the system on risk occurrence probability is considered as well,that makes the assessment results more reasonable.An example based on Metro information systems is introduced to illustrate the application of the proposed method.

Yongqiang Song,Yongjun Shen,Guidong Zhang,Yuming Hu

DOI: https://doi.org/10.1109/ICSESS.2016.7883029

2016-01-01

Abstract:In the research of information security information security issues, many factors can cause the system to insecurity. In order to improve the accuracy of the risk assessment of information security, information security risk assessment model based on GA (genetic algorithm) and BP neural network is proposed. Using genetic algorithm to optimize the weights and thresholds of BP neural network to establish an information security risk assessment model, and using MATLAB to simulate, predict the value of risk. The simulation results show that GA-BP, compared with the standard BP neural network, with lower simulation error and better fitting effect, is a good information security risk assessment model.

Ming Li,Ren Zhang

DOI: https://doi.org/10.1109/access.2020.2993016

IF: 3.9

2020-01-01

IEEE Access

Abstract:Over the past decade, terrorism risk has become a prominent consideration in protecting the well-being of individuals and organizations. Consequence assessment of terrorist attack has become a research hotspot in security science. Aiming at the multi-source, interactional and uncertain factors in terrorism events, we introduce Information Flow (IF) to propose an improved weighted Bayesian Network (BN) with causality-based weights. Based on the weighted BN and Rand Forest (RF), we design a data-driven and expert knowledge-based consequence assessment model of terrorist attack. Firstly, RF is applied to filter effective evaluation indicators objectively. Then, IF is adopted to calculate weights of indicators and the weighted BN is built by structure learning and parameter learning. Finally, assessment experiments are conducted with terrorist attack events recorded in Global Terrorism Database. The results show that our proposed model overcomes the shortcomings of traditional quantitative risk assessment methods in verifiability and flexibility, and can reliably achieve quantitative assessment of terrorist attack risk under multi-source and uncertain information conditions.

Zhang Yan,Huang Shuguang,Wang Yongyi

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.11.075

2011-01-01

Abstract:In order to automatically assess the present network security situation,the authors propose a hierarchical network security risk assessment methodology.Its principles are as follows:first,DS theory is laid as the foundation for correlatively fusing alert data;then,based on weight value analytical methodology and hierarchical analysis technique,from bottom to top and from local to global,it calculates the security situation value for every hierarchical layer.Experiments based on real network environment illustrate that the assessment results are more accurate;furthermore,the hierarchical methodology based security situation presentation methodology is more straightforward and understandable. Compared with existing methods,the proposed method not only intensifies the evidence about alert data but also overcomes the weakness of present hierarchical assessment systems at fuzzy treating.

Ming LI,Ren ZHANG,Mei HONG

DOI: https://doi.org/10.20016/j.cnki.hykfygl.2018.01.009

2018-01-01

Abstract:Under the global climate change,the massive,unpredictable and disaster-chain effect of marine disasters are becoming more and more prominent,and the losses have increased year by year.Carrying out marine disaster assessment has important practical significance for marine eco-nomic construction,resource development and project construction.Firstly,this paper analyzed the uncertainties of marine disaster risk based on risk theory and constructed the disaster assessment index system.Then,a Bayesian network for uncertain disaster assessment was proposed based on the Bayesian Network model,and a weighted Bayesian network assessment model was constructed based on subjective and objective weights.Finally,the assessment of marine disaster risk in coastal areas of China was carried out.Experiments showed that the evaluation model effectively achieved the risk assessment of marine disasters and had practical operability.

Yao Ye,Cai Wandong,Fang Nan

DOI: https://doi.org/10.1109/ibcast.2016.7429909

2016-01-01

Abstract:There is an increasing demand for security risk assessment of network & information system where assessment usually is comprised of all kinds of Internal or external threat. Now there is also another problem to be solved, that is, when the information system increased another many risk parts, if the system is still under a security state. In order to answer this question, the paper adopted an incremental factor analysis method to assess information system risk. This method used influence of assets on system risk and risk coefficient to compute the risk increment coefficient, so as to judge information system risk levels. Experiment results indicated that this method is available as well as effective.

Ming Li,Mei Hong,Ren Zhang

DOI: https://doi.org/10.1007/s13753-018-0171-z

IF: 4.5

2018-05-15

International Journal of Disaster Risk Science

Abstract:The application of Bayesian network (BN) theory in risk assessment is an emerging trend. But in cases where data are incomplete and variables are mutually related, its application is restricted. To overcome these problems, an improved BN assessment model with parameter retrieval and decorrelation ability is proposed. First, multivariate nonlinear planning is applied to the feedback error learning of parameters. A genetic algorithm is used to learn the probability distribution of nodes that lack quantitative data. Then, based on an improved grey relational analysis that considers the correlation of variation rate, the optimal weight that characterizes the correlation is calculated and the weighted BN is improved for decorrelation. An improved risk assessment model based on the weighted BN then is built. An assessment of sea ice disaster shows that the model can be applied for risk assessment with incomplete data and variable correlation.

geosciences, multidisciplinary,meteorology & atmospheric sciences,water resources

XiaoLin Cui,Xiaobin Tan,Yong Zhang,Hongsheng Xi

DOI: https://doi.org/10.1109/CSSE.2008.949

2008-01-01

Abstract:Risk assessment is a very important tool to acquire a present and future security status of the network information system. Many risk assessment approaches consider the present system security status, while the future security status, which also has an impact on assessing the system risk, is not taken into consideration. In this paper we propose a novel risk assessment model based on Markov game theory. In this model, all of the possible risk in the future will impact on the present risk assessment. The farther away from now, the smaller impact on the risk assessment it has. After acquiring the system security status, we proposed an automatic generated reinforcement scheme which will provide a great convenience to the system administrator. A software tool is developed to demonstrate the performance of the risk assessment of a network information system and a simulation example shows the effectiveness of the proposed model. © 2008 IEEE.

Zhongmin Cai,Chenglong Li

DOI: https://doi.org/10.1155/2022/9023904

IF: 1.43

2022-05-18

Mathematical Problems in Engineering

Abstract:With the rapid development of modern society, the administrative information content rapid growth of e-government information resource sharing becomes the key of the government departments for effective social management. The cloud technology Internet big data are widely used and popular, which enable information resources to be shared among government data and are both an opportunity and challenge for effective e-government information resource sharing. It is of great significance to enhance government credibility. Information security risk assessment is a comprehensive evaluation of the potential risk of an uncertain stochastic process, traditional evaluation methods are deterministic models, and it is difficult to measure the security risk of uncertainty. On the other hand, with the opening and complexity of information system business functions, the nonlinearity and complexity of evaluation calculation also increase. By studying the relatively mature assessment criteria and methods in the field of information security, this study analyzes the information security status of small Internet of Things system based on the characteristics of Internet of Things information security. Combining the latest research results of information entropy neural network and other fields with the original risk assessment methods, the improved AHP information security risk assessment model is verified by simulation examples.

engineering, multidisciplinary,mathematics, interdisciplinary applications