删除或更新信息,请邮件至freekaoyan#163.com(#换成@)

复杂系统风险评估专家系统

清华大学 辅仁网/2017-07-07

复杂系统风险评估专家系统
马刚1,2, 杜宇鸽3, 杨熙1, 张博1,2, 史忠植1
1. 中国科学院 计算技术研究所, 智能信息处理重点实验室, 北京 100190;
2. 中国科学院大学 计算机应用技术系, 北京 100049;
3. 中国信息安全测评中心, 北京 100085
Risk assessment expert system for the complex system
MA Gang1,2, DU Yuge3, YANG Xi1, ZHANG Bo1,2, SHI Zhongzhi1
1. Key Laboratory of Intelligent Information Processing, Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China;
2. University of Chinese Academy of Sciences, Beijing 100049, China;
3. China Information Technology Security Evaluation Center, Beijing 100085, China

摘要:

输出: BibTeX | EndNote (RIS)
摘要为了评估复杂系统的安全风险, 基于已有的风险评估算法, 在结合面向对象知识处理系统的基础上, 设计研发一套简捷、使用方便的基于知识的复杂系统风险评估专家系统。对典型复杂系统进行风险评估的结果证明: 该系统能够用于现场收集复杂系统数据并且对复杂系统的整体风险进行自动评估, 能够指导风险评估分析员对复杂系统中的资产结点制定出合理的安全保护策略, 比传统的专家人工分析具有更强的客观性与准确性。
关键词 面向对象知识处理系统,风险评估专家系统,资产
Abstract:A set of simple and convenient risk assessment expert system with knowledge was developed based on the existing risk assessment algorithms and the object-oriented knowledge processing system to assess the security risk of complex systems. The risk assessment results for a typical complex system prove that the developed expert system can be used to collect the information and assess security risk for the complex system, while guiding the risk assessment analyzer to make a reasonable security protection strategy for assets in the complex system, which is more objective and more accurate compared with the traditional expert artificial analysis.
Key wordsobject-oriented knowledge processing systemrisk assessment expert systemasset
收稿日期: 2014-10-28 出版日期: 2016-01-29
ZTFLH:TP309.2
通讯作者:史忠植,研究员,E-mail:shizz@ics.ict.ac.cnE-mail: shizz@ics.ict.ac.cn
引用本文:
马刚, 杜宇鸽, 杨熙, 张博, 史忠植. 复杂系统风险评估专家系统[J]. 清华大学学报(自然科学版), 2016, 56(1): 66-76,82.
MA Gang, DU Yuge, YANG Xi, ZHANG Bo, SHI Zhongzhi. Risk assessment expert system for the complex system. Journal of Tsinghua University(Science and Technology), 2016, 56(1): 66-76,82.
链接本文:
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.23.005 http://jst.tsinghuajournals.com/CN/Y2016/V56/I1/66


图表:
图1 典型复杂系统实例
图2 复杂系统构成要素及其相互关系
图3 威胁从资产a4传播到a1的详细过程
图4 复杂系统风险评估专家系统逻辑结构
图5 复杂系统风险评估专家系统知识库
图6 复杂系统风险评估专家系统主界面
图7 风险评估结果显示界面


参考文献:
[1] Jamin S, Raz D, Shavitt Y, et al. Guest editorial Internet and WWW measurement, mapping, and modeling [J]. IEEE Journal on Selected Areas in Communications, 2003, 21(6): 877-878.
[2] Jeong H, Tonbor B, Albert R, et al. The large-scale organization of metabolic networks [J]. Nature, 2000, 407(6804): 651-654.
[3] 王占山, 王军义, 梁洪晶. 复杂网络的相关研究及其进展 [J]. 自动化学会通讯, 2013, 34(170): 4-16.WANG Zhanshan, WANG Junyi, LIANG Hongjing. Research and progress of complex networks [J]. Communications of CAA, 2013, 34(170): 4-16. (in Chinese)
[4] Watts D J, Strogatz S H. Collective dynamics of "small-world" networks [J]. Nature, 1998, 393(6684): 440-442.
[5] 何大韧, 刘宗华, 汪秉宏. 复杂系统与复杂网络 [M]. 北京: 高等教育出版社, 2009.HE Daren, LIU Zonghua, WANG Binghong. Complex Systems and Complex Networks [M]. Beijing: Higher Education Press, 2009. (in Chinese)
[6] 吴晓平, 付钰. 信息安全风险评估教程 [M]. 武汉: 武汉大学出版社, 2011.WU Xiaoping, FU Yu. Textbook for Information Security Risk Assessment [M]. Wuhan: Wuhan University Press, 2011. (in Chinese)
[7] 张永铮, 方滨兴, 迟悦, 等. 用于评估网络信息系统的风险传播模型 [J]. 软件学报, 2007, 18(1): 137-145.ZHANG Yongzheng, FANG Bingxing, CHI Yue, et al. Risk propagation model for assessing network information systems [J]. Journal of Software, 2007, 18(1): 137-145. (in Chinese)
[8] 李晓蓉, 庄毅, 许斌. 基于危险理论的信息安全风险评估模型 [J]. 清华大学学报: 自然科学版, 2011, 51(10): 1231-1235.LI Xiaorong, ZHUANG Yi, XU Bin. Risk assessment model for information security based on danger theory [J]. Journal of Tsinghua University: Sci & Technol, 2011, 51(10): 1231-1235. (in Chinese)
[9] 张利, 彭建芬, 杜宇鸽, 等. 信息安全风险评估的综合评估方法综述 [J]. 清华大学学报: 自然科学版, 2012, 52(10): 1364-1368.ZHANG Li, PENG Jianfen, DU Yuge, et al. Information security risk assessment survey [J]. Journal of Tsinghua University: Sci & Technol, 2012, 52(10): 1364-1368. (in Chinese)
[10] 马刚, 杜宇鸽, 荣江, 等. 基于威胁传播的复杂信息系统安全风险评估 [C]//第六届信息安全漏洞分析与风险评估大会. 北京, 2013: 21-38. MA Gang, DU Yuge, RONG Jiang, et al. Risk assessment of the complex information system based on threat propagation [C]//The 6th Conference on Vulnerability Analysis and Risk Assessment. Beijing, 2013: 21-38. (in Chinese)
[11] 金鸿章, 韦琦, 郭建, 等. 复杂系统的脆性理论及应用[M]. 西安: 西北工业大学出版社, 2010. JIN Hongzhang, WEI Qi, GUO Jian, et al. Vulnerability Theory and Application of Complex Systems [M]. Xi'an: Northwestern Polytechnical University Press, 2010. (in Chinese)
[12] 穆成坡, 黄厚宽, 田盛丰. 入侵进程的层次化在线风险评估[J]. 计算机研究与发展, 2010, 47(10): 1724-1732. MU Chengpo, HUANG Houkuan, TIAN Shengfeng. Hierarchical online risk assessment for intrusion scenarios [J]. Journal of Computer Research and Development, 2010, 47(10): 1724-1732. (in Chinese)
[13] 时云峰, 张金祥, 冯建华. 基于异常捕获的强脆弱性分析与利用[J]. 软件学报, 2010, 21(11): 2944-2958. SHI Yunfeng, ZHANG Jinxiang, FENG Jianhua. Critical vulnerability analysis and exploitation based on exception capture [J]. Journal of Software, 2010, 21(11): 2944-2958. (in Chinese)
[14] 赵刚, 况晓辉, 李津, 等. 一种基于权值的大规模分布式系统结构脆弱性分析算法[J]. 计算机研究与发展, 2011, 48(5): 906-912. ZHAO Gang, KUANG Xiaohui, LI Jin, et al. A structural vulnerability analysis algorithm for large-scale distributed system [J]. Journal of Computer Research and Development, 2011, 48(5): 906-912. (in Chinese)
[15] 周亮, 李俊峨, 陆天波, 等. 信息系统漏洞风险定量评估模型研究[J]. 通信学报, 2009, 30(2): 71-76. ZHOU Liang, LI Jun'e, LU Tianbo, et al. Research on quantitative assessment model on vulnerability risk for information system [J]. Journal on Communications, 2009, 30(2): 71-76. (in Chinese)
[16] 陶倩, 马刚, 史忠植. 基于Agent的专家系统推理模型 [J]. 智能系统学报, 2013, 8(2): 135-142. TIAO Qian, MA Gang, SHI Zhongzhi. Research on the expert system reasoning model based on Agent [J]. CAAI Transactions on Intelligent System, 2013, 8(2): 135-142. (in Chinese)
[17] 张勇斌, 马玉书. 专家系统开发平台OKPS的设计与实现[J]. 西安石油学院学报: 自然科学版, 2003, 18(2): 76-78. ZHANG Yongbin, MA Yushu. Design and implementation of expert system development platform OKPS [J]. Journal of Xi'an Petroleum Institute: Natural Science Edition, 2003, 18(2): 76-78. (in Chinese)


相关文章:
[1]马刚, 杜宇鸽, 荣江, 甘家瑞, 史忠植, 安波. 基于威胁传播的复杂信息系统安全风险评估[J]. 清华大学学报(自然科学版), 2014, 54(1): 35-43.

相关话题/系统 北京 资产 传播 知识