Research On Risk Assessment And Control Method For Airport Information System

The large-scale application of information technology in airports will inevitably emerge various network security issues.Once the airport information system attacked or malfunctioned,it may lead to serious accidents such as flight delays and large numbers of passengers staying at the airport.Therefore,the study on security assessment and control measures of airport information system has high practical significance.In order to overcome the problems of long evaluation cycle,cumbersome evaluation process in traditional information security methods,a new risk assessment method based on analytic hierarchy process(AHP)and improved D-S evidence theory is proposed.Firstly,the weight of each factor relative to the upper factor of the system is determined based on AHP,and the membership matrix of the lowest factor evaluation set is given by fuzzy comprehensive evaluation.Then,the degree of conflict between evidences can be obtained through the improved D-S synthesis algorithm based on matrix analysis and information entropy,and the weight of conflict evidence is reassigned to obtain the degree of support of evidence for each factor.Finally,the final security level of the system can be determined by comprehensive calculation.Experiments show that the method can fuse expert data better than traditional methods.The risk control model based on attribute adjacency matrix and game theory is proposed for network security administrators to reinforce key nodes in time under limited resources and reduce the losses caused by network attacks.The model deletes the loops and redundant nodes in the attack graph through BFS attack graph simplification algorithm,then transforms the simplified attack graph into attribute adjacency matrix,finally obtains the possible attack path and optimal defense strategy by using game theory.The vulnerabilities are always endless,and the repair of some vulnerabilities may also affect the normal operation of other business information systems.Thus the method based on the standards of grade protection about information security is proposed.And the experiment which takes an airport business information system as the research object to carry out actual risk control shows that the method can effectively improve the security of information systems through the analysis of relevant information system managers and security experts.