基于灰关联和D-S证据理论电网企业信息安全风险评估

随着信息化的加速发展,电网企业对信息系统依赖性越来越强,因此保证信息安全也成为电网企业信息管理的核心工作.提出一种灰色关联和D-S证据理论相结合的方法来评估电网企业信息系统安全风险.首先对指标参数值的不确定性进行分析,缺失指标参数值可能满足于均匀分布、指数分布或正态分布3种分布中的一种.根据历史数据和实际情况,判断并对缺失值进行填充.定义了区间转化算子,通过灰色关联法和隶属度矩阵确定不同指标的不确信度,进而构建了Mass函数矩阵,利用D-S合成算法对Mass函数进行信息融合,依据置信函数值对信息系统安全风险进行排序.通过实例证明了模型的有效性和可行性,研究结果显著降低了风险评估的不确定性,也为电网企业信息安全风险管理提供一种新的思路.

Risk Assessment of Power Grid Enterprises Information Security Based On Grey Incidence and D-S Evidence Theory

With the development of information,power grid enterprises are increasingly dependent on information system,therefore,ensuring information security becomes the core work of power grid enterprises information management.By combining grey incidence with D-S theory of evidence,the risk assessment method is proposed to deal with the information system security of power grid enterprises.Firstly,uncertainty in index parameter values is analyzed,the vacant index parameter values may meet one of the three kinds of distribution：uniform distribution,exponential distribution,and normal distribution.According to the history statistical data and actual condition,judge and fill up the vacant,the concept of interval conversion operators are defined.Then,using grey incidence and membership matrix to determine the uncertain degrees of different indices,and the mass functions are obtained by the uncertain degrees.Finally,mass functions are fused in accordance with D-S fusion method and sort the information system security risk according to the belief function value.An example application proves that the method is feasible and effective,the results indicate this method can obviously reduce the uncertainty of risk assessment and provide a new thought to information security risk assessment approaches in power grid enterprises.