Fuzzy Petri Nets Based Information System Security Situation Assessment Model
Existing assessment models have inconvenient statistics of fuzzy factors and lack of intuitive graphical implementation methods. This paper proposes an information system security situation assessment model based on fuzzy Petri nets (ISSSAF). Firstly, a g
- PDF / 622,713 Bytes
- 11 Pages / 439.37 x 666.142 pts Page_size
- 43 Downloads / 284 Views
, Yuhao Feng1 , Guangquan Xu2
, and Jiyong Zhang3
1 Civil Aviation University of China, Tianjin 300300, China
[email protected] 2 Tianjin University, Tianjin 300350, China 3 Swiss Federal Institute of Technology in Lausanne, 1015 Lausanne, Switzerland
Abstract. Existing assessment models have inconvenient statistics of fuzzy factors and lack of intuitive graphical implementation methods. This paper proposes an information system security situation assessment model based on fuzzy Petri nets (ISSSAF). Firstly, a general hierarchical assessment index system is established. According to the assessment system, a fuzzy Petri net (FPN) model is built and a fuzzy inference algorithm is designed. Secondly, the credibility of each proposition is calculated by inference, and the security situation of the system is graded by grey assessment and inference algorithm. Finally, an assessment experiment of a domestic departure control system (DCS) is carried out. The experimental results verify the effectiveness of ISSSAF. Compared with the traditional methods, it is more objective and accurate, which can help the relevant personnel to formulate effective security protection strategies for the information system. Keywords: Security situation · Index system · Fuzzy petri nets · Quantitative method
1 Introduction With the rapid development of information technology, the demand of various industries for the information system is increasing rapidly. It has become an indispensable part of information construction. At present, the main problem that restricts the information system to play a role has changed from the technical problem to the information system security supervision problem. As an important step of information system security supervision, it is the information system security situation assessment and risk control [1]. In recent years, the research of information system security situation assessment has become a hot subject, and the model-based methods have made some achievements. Zhao et al. [2] obtained the index comprehensive weight through a G-ANP method and determined the system risk level by using the grey statistical theory, but there was no intuitive graphical expression in the process of realizing the model. Fu et al. [3] proposed an information system security risk assessment model, which uses an entropy weight coefficient method to determine the index weight vector and reduce the subjective © Springer Nature Singapore Pte Ltd. 2020 G. Xu et al. (Eds.): FCS 2020, CCIS 1286, pp. 283–293, 2020. https://doi.org/10.1007/978-981-15-9739-8_22
284
H. Yang et al.
influence of expert experience. Pan et al. [4] proposed a dynamic reassessment model for mobile ad hoc networks, but the algorithm is complex and difficult to implement. Li et al. [5] proposed a quantitative assessment model of the vulnerability of civil aviation network system based on spatial local hazards, but only considered the hazard prevention level of some nodes. Wang et al. [6] evaluated the security situation of the information system through a
Data Loading...
