摘要
以证据理论为基础,构造一种能够适应多重不确定环境的网络信息系统安全风险评估模型。在模型中建立安全风险评估指标体系并对指标权重进行量化;重新定义基本概率赋值函数,以适应安全风险评估过程中证据的不确定性描述;实现证据一致性检验并确定调整方法,从而进一步降低评估过程中专家经验的不确定性;最后,通过实证分析验证该模型的正确性和有效性。
This paper develops a security risk assessment model in network information systems for multi-uncertain environment based on evidence theory. In the model, security risk index system is established and index weights are quantified. The paper redefines the basic probability assignment anew so that it is suitable for the uncertain description of evidences in the process of security risk assessment. To decrease the uncertainties of expert experience in the process of assessment, the test of evidence consistency is implemented and the method of adjustment is confirmed. Finally, the correctness and effectiveness of the model are validated via empirical analysis.
出处
《管理学报》
CSSCI
2011年第4期614-620,627,共8页
Chinese Journal of Management
基金
国家自然科学基金资助项目(70901054)
教育部博士点基金资助项目(新教师类20090032120036)
关键词
网络信息系统
安全风险
不确定性
证据理论
network information systems
security risk
uncertainty
evidence theory