计算机工程与应用 ›› 2016, Vol. 52 ›› Issue (18): 104-110.

• 网络、通信与安全 • 上一篇    下一篇

马尔科夫逻辑网在信息安全风险管理中的应用

陈  宇,王亚弟,王晋东,王  坤   

  1. 信息工程大学 密码工程学院,郑州 450004
  • 出版日期:2016-09-15 发布日期:2016-09-14

Method for information system risk management based on Markov logic networks

CHEN Yu, WANG Yadi, WANG Jindong, WANG Kun   

  1. Institute of Cipher Engineering, Information Engineering University, Zhengzhou 450004, China
  • Online:2016-09-15 Published:2016-09-14

摘要: 针对现有的企业安全风险管理中,风险处理方案的制定和管理措施的选择缺乏量化手段、手动风险分析方式耗时过长等问题,提出了一种基于马尔科夫逻辑网的信息安全风险管理方法。首先利用马尔科夫逻辑网对被评估系统组件及服务间依赖关系进行描述,进而利用马尔科夫逻辑网的边际推理模型来预估不同安全管理措施情况下的系统可用性值,从而为管理措施的选择提供了量化依据。案例研究表明,该方法能够为企业信息系统安全风险管理措施的选择提供可靠的量化依据,且方法实施简单易行。

关键词: 马尔科夫逻辑网, 信息安全, 风险管理, 风险评估, 边际推理模型, 系统可用性

Abstract: Recent years, in practices of the information security risk management of enterprises, there is no quantitative method to develop risk management scheme and select risk management tools, and manual risk analysis always takes too much time. In this paper, it proposes an information security risk management approach based on Markov logic network. First, it uses Markov logic network to describe dependencies between the components and services of the evaluated systems. Next, it uses marginal reasoning model of Markov logic network to estimate the system availability in case of different risk management measures, so as to provide a quantitative basis for the selection of management measures. Case studies show that, this method can provide reliable quantitative basis for selecting information system security risk management measures for enterprise, and the method is simple to implement.

Key words: Markov logic networks, information security, risk management, risk assessment, marginal reasoning model, system availability