Risk assessment of information security based on grey incidence and D-s theory of evidence

Abstract

As new threats continue to emerge, the information system cannot be safe forever. To ensure information security, a security risk assessment is needed. Compared to traditional methods, such as AHP, fuzzy logic, and grey analysis, an approach based on grey incidence and D-S theory of evidence is put forward to evaluate information system security in this paper. Firstly, the uncertainty in index parameter values is analyzed, according to the actual condition and history statistical data, the vacant index parameter values may meet three kinds of distributions: uniform distribution, exponential distribution, and normal distribution. The corresponding prior estimates are given to fill the vacant values up. Then, the concept of interval conversion operator is defined, using grey incidence to determine the uncertain degrees of different indices, and the mass functions are obtained by the uncertain degrees. Finally, mass functions are fused in accordance with the rule of combination and sequence the information system security risk according to the belief function value. An example application has proved the feasibility and effectiveness of this method. The results indicate this method can obviously reduce the overall uncertainty and provide a new thought to information security risk assessment approaches. © 2013 Asian Network for Scientific Information.