Risk Analysis of Information System Security Based on the Evidence Distance

  • Jinhua LingHu
  • Ping PanEmail author
  • Yaoyao Du
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 582)


The configuration of the information system security policy is directly related to the security risks faced by the information assets. The security policy configuration required by the computer level protection ensures the optimal minimum configuration under the corresponding security level. Based on the information entropy theory, this paper defines the corresponding evidence distance, and obtains relevant evidence through threat, security policy configuration, system vulnerability investigation, and calculates the evidence distance of vulnerability being threatened according to the definition, thus realizing the measurement of system risk. With example analysis, the results prove that this method conducts effective risk evaluation model for information system intuitively and reliably, avoids the threat caused by subjective measurement, and shows performance benefits compared with existing solutions. It is not only theoretically but also practically feasible to realize the scientific analysis of security risk for the information system.


Information entropy Evidence distance Vulnerability Risk 


Foundation Item

Supported by the Education Reform Project in Guizhou Province (SJJG201404), and Anshun College Aviation Electronics, Electrical and Information Network Guizhou Provincial University Engineering Technology Research Center Open Project (NO: HKDZ201406).


  1. 1.
    Liu, F., Li, H.: Social network-based quantum trust management. In: International Conference on Computer Science & Network Technology, pp. 487–490. IEEE Press, China (2016)Google Scholar
  2. 2.
    Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). J. Comput. Secur. 57, 14–30 (2016)CrossRefGoogle Scholar
  3. 3.
    Kondakci, S.: Network security risk assessment using Bayesian belief networks. In: IEEE Second International Conference on Social Computing, pp. 952–960. IEEE Press, Washington DC (2010)Google Scholar
  4. 4.
    Cholez, H., Girard, F.: Maturity assessment and process improvement for information security management in small and medium enterprises. J. Softw. Evolut. Process. 26, 496–503 (2014)CrossRefGoogle Scholar
  5. 5.
    Al-Kuwaiti, M., Kyriakopoulos, N., Hussein, S.: A comparative analysis of network dependability, fault tolerance, reliability, security and survivability. IEEE Commun. Surv. Tutor. 11, 106–124 (2009)CrossRefGoogle Scholar
  6. 6.
    Liu, G.C., Wang, J.H.: Evaluation research on and empirical analysis of risks in information system audit based on AHP and entropy weight. Audit. Res. 01, 53–59 (2016)Google Scholar
  7. 7.
    Gong, S.D., Wang, L.: Research on information security risk assessment of industrial control system based on AHP and information entropy. Ind. Control Comput. 04, 11–15 (2017)Google Scholar
  8. 8.
    Sonawane, Y.K., Vijay, K.V.: An improved private key cryptography based algorithm securing text data. Int. J. Comput. Technol. 03, 367–370 (2016)Google Scholar
  9. 9.
    Liu, J., Zhao, G., Zheng, Y.P.: The model of information security risk situation analysis based on AHP- Bayesian network. J. Beijing Inf. Sci. Technol. Univ. (Natural Science Edition) 03, 68–74 (2015)Google Scholar
  10. 10.
    Sayyada, F.S., Shubhangi, D.C.: Multimedia information privacy preservation with fusion of MapReduce, Fuzzy K-means clustering and security for cloud storage. Int. J. Comput. Technol. 06, 21–26 (2019)Google Scholar
  11. 11.
    Zhao, G., Liu, H.: Practical risk assessment based on multiple fuzzy comprehensive evaluations and entropy weighting. J. Tsinghua Univ. 52, 1382–1387 (2012)Google Scholar
  12. 12.
    Song, J.K., Zhang, L.B.: Research on information security risk assessment based on triangular fuzzy entropy. Inf. Stud. Theory Appl. 36, 9–104 (2013)Google Scholar
  13. 13.
    Vinay, C., Sanyam, J., Kirti, S.: Savvy Book— A Smart, Versatile and Cybernated Record Management System. Int. J. Comput. Technol. 06, 08–10 (2019)Google Scholar
  14. 14.
    Zheng, L.L.: The application of fault tree analysis in the risk assessment of information security. In: Symposium on Security Level Protection of Security System Under the Large Data Environment. 03, 47–52 (2018)Google Scholar
  15. 15.
    Cao, Z.Q.: Research on the Decision Method of Information System Security Level Evaluation Results Based on D-S Evidence Theory, Beijing University of Posts and Telecommunications (2010)Google Scholar
  16. 16.
    Zhou, Y.Q., Han, D.Q., Yang, Y.: The research on the impact of evidence distance selection on conflict evidence combination. J. Xi’an Jiaotong Univ. 06, 1–8 (2018)Google Scholar
  17. 17.
    Tandardization Administration of the People’s Republic of China.: Information Security Technology—Baseline for Classified Protection of Information System Security (GB/T22239-2008). Standards Press of China, Beijing (2008)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.College of Computer Science and TechnologyGuizhou UniversityGuiyangChina

Personalised recommendations