| With the development of information and network technology, as the basis of industrial system, security problem of power information system is growing more and more attention. Risk assessment become particularly important nowadays. This paper will focus on the project of dynamic and static risk assessment of power information system.Through the information security risk management model, based on the assets, threat, vulnerability, and safety measures in four aspects, this paper made static risk assessment model of power information system. According to the fuzzy analytic hierarchy process (FAHP), we took static analysis of the system model and obtained weights of the factors. Then, we got the static risk value and level of the system. By improving the common vulnerability scoring system (CVSS), we proposed CVDE method through increasing the time and environmental index evaluation method, we carried on the dynamic analysis of the vulnerability with using of DS evidence theory. Based on the hidden markov model (HMM), optimizing the alert classification, we realized real-time analysis of threat assessment, improved expansibility of the mechanism. And this paper has carried on the power information system on the basis of the combination of dynamic and static risk assessment research to get the final risk value and level of the system. The experiment has verified the effectiveness of the mechanism, and made great contribution to the research. |
PDF Full Text Request