| As one of the most important infrastructures of contemporary society, the network information systems are used more and more widely in every social field. The security of network information system has become the global issue affecting the national security and social stabilization. The security assessment is an important means to get a better understanding to the security state of information system. Its results are important bases to build up a network security solution. Therefore, the thorough and broad study on security assessment is essential in both theory aspect and practical aspect.Through analyzing the information system security criterias, the assessment models and the assessment methods that are currently used at home and abroad, this dissertation systematically constructs the theoretical framework, as well as proposes the new theories, methods and techniques of security assessment by introducing the interdisciplinary science method in information security, rough set theory, decision science, statistics, economics, machine learning, etc. Accordingly, the contents of this dissertation include three parts as follows.(1) A pratical security assessment tree model based on the CAACM is constructed. Based on summarizing and analyzing some primary security problems related with network information system, this dissertation proposes the five-attribute model (CAACM model) for security assessment. This model can describe the security attributes of an entire information system from a global view. Any of these attributes can represent independently one security attribute of the network information system. The CAACM model also has some other properties, such as continuity, stability and easy operation. It is suitable to assess system security effectively and rapidly. Therefore, the security assessment tree model based on the CAACM is proposed, which is applied to the foundation for the further studies on the security assessment of network information system.The key problem of the tree model lies in its structure hierarchy. For the complex network information system, when the dimension of the tree model is too big, the assessment results will be difficult to be assured, and the cost of the assessment will be high. In order to overcome these problems and improve the assessment efficiency, this dissertation firstly proposes the concept named"optimal index"based on the tree model, and then points out the principle and the method to determine the optimal indices.(2) Some theories and applications in security assessment tree model based on the CAACM are studied and discussed. By the use of the tree model based on the CAACM, this dissertation proposes a suite of implementation schemes of security assessment, discusses the key technology of multi-attribute group decision making method, and determines the research frame base on rough set theory. Taking the stoke exchange network system as an example, this dissertation further expounds the principles, architectures and practical process of security assessment, and gives the implementation and computation procedure for the security assessment of network information system.The security assessment of network information system is a complicated and systematic project, which is composed of main elements such as information acquisition, information transmission, integrated data processing, project planning, etc. In order to use a scientific effective technology and method to get accurate reliable assessment results rapidly, the six factors that affect the information extraction during the process of security assessment are proposed. This dissertation proposes four conditions which assure the reliability of the assessment results. It also puts forward some practical methods to gather the assessment information. The concept, method and steps to cointegrate the information from different channels are proposed. This dissertation also describes the physical means of the quantitative security degree.(3) The multi-attribute group decision making security assessment method is studied in detail. In this dissertation, the different versions of rough set approaches are introduced, such as variable precision rough set (VPRS), variable consistency dominance-based rough set approach (VC-DRSA) and generalized dominance-based rough set approach (G-DRSA). Combining with analytic hierarchy process (AHP), technique for order preference by similarity to ideal solution (TOPSIS), Bayesian theory and Gibbs sampling, this dissertation makes deeply study on the multi-attribute group decision making security assessment method. The solution procedures are given and the efficiency of these methods is also showed by some numerical examples.Besides, to the problem of different preference in large group, the group dividing algorithm which divides group based on the distance between individual preference and group preference is proposed, which also provides a kind of means and thought for the multi-stage decision in networks environment.
|
PDF Full Text Request