通信学报 ›› 2019, Vol. 40 ›› Issue (4): 117-127.doi: 10.11959/j.issn.1000-436x.2019078

• 学术论文 • 上一篇    下一篇

不完全信息下的威胁处置效果模糊评估

李凤华1,2,3,李勇俊1,2,杨正坤1,2,张晗1,2,张玲翠1,2()   

  1. 1 中国科学院信息工程研究所,北京100093
    2 中国科学院大学网络空间安全学院,北京 100049
    3 通信网信息传输与分发技术重点实验室,河北 石家庄 050081
  • 修回日期:2019-01-22 出版日期:2019-04-25 发布日期:2019-05-05
  • 作者简介:李凤华(1966- ),男,湖北浠水人,博士,中国科学院研究员、博士生导师,主要研究方向为网络与系统安全、信息保护、隐私计算。|李勇俊(1992- ),男,浙江丽水人,中国科学院博士生,主要研究方向为入侵响应、访问控制。|杨正坤(1994- ),男,重庆人,中国科学院硕士生,主要研究方向为入侵响应。|张晗(1996- ),女,安徽淮北人,中国科学院硕士生,主要研究方向为入侵检测与响应、访问控制。|张玲翠(1986- ),女,河北固城人,中国科学院工程师、博士生,主要研究方向为网络安全、信息保护。
  • 基金资助:
    国家重点研发计划基金资助项目(2016YFB0801001);国家自然科学基金资助项目(61672515)

Fuzzy evaluation for response effectiveness in cases of incomplete information

Fenghua LI1,2,3,Yongjun LI1,2,Zhengkun YANG1,2,Han ZHANG1,2,Lingcui ZHANG1,2()   

  1. 1 Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
    2 School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China
    3 Science and Technology on Communication Networks Laboratory,Shijiazhuang 050081,China
  • Revised:2019-01-22 Online:2019-04-25 Published:2019-05-05
  • Supported by:
    The National Key Research and Development Program of China(2016YFB0801001);The National Natural Science Foundation of China(61672515)

摘要:

为合理选取和调整威胁处置方式,需要对威胁处置效果进行评估。现有的评估方法主要针对风险和威胁态势,很少评估威胁处置效果,且这些方法的前提条件之一是用于评估的所有信息完全,这一条件在实际环境中难以实现。针对该问题,提出了一种不完全信息下的威胁处置效果模糊评估方法。首先,综合考虑攻防双方设计层次化评估指标树;其次,利用模糊层次分析法计算各指标的综合权重;最后,通过模糊综合评价法对威胁处置效果进行评估。特别地,针对层次分析时判断矩阵元素缺失问题,利用指标重要性的传递性关系对缺失元素进行补全;针对综合评价时指标数据缺失问题,通过矩阵分解对缺失元素进行补全。实验结果表明,所提方法可有效处理信息不完全的情况,实现对威胁处置效果的有效评估。

关键词: 不完全信息, 威胁处置效果, 模糊评估, 矩阵补全

Abstract:

In order to appropriately select and adjust response countermeasures,it is necessary to evaluate response effectiveness.Although a large amount of effort has been spent on the evaluation of risk and threat situations,the existing schemes are not suitable to evaluate response effectiveness,because the sechems require that all the information used for evaluation is complete,which is difficult to implement in the real environment.To address the problem,a fuzzy scheme was proposed to deal with incomplete information (i.e.,missing elements of judgment matrix and missing data of indicators) and the response effectiveness was evaluate.Firstly,a hierarchical indicator tree was design to characterize the effectiveness from the perspectives of both attack and defense.Then,the fuzzy analytic hierarchy process (FAHP) was used to calculate the comprehensive weight of each indicator.Finally,the response effectiveness was calculated using fuzzy comprehensive evaluation.In particular,to deal with the problem of incompleteness of fuzzy judgment matrix in the process of FAHP,the missing elements were completed based on the transitivity of elements.And to deal with the problem of loss data in the comprehensive evaluation,the missing data was completed based on matrix completion.The experimental results show that the proposed scheme can accurately recover the missing data and can effectively evaluate the effectiveness of response.

Key words: incomplete information, response effectiveness, fuzzy evaluation, matrix completion

中图分类号: 

  • TP302