Method of Information Security Risk Assessment Based on Improved Fuzzy Theory of Evidence

Xuepeng Huang, Wei Xu


A method based on improved fuzzy theory of evidence was presented to solve the problem that there exist all kinds of uncertainty in the process of information security risk assessment. The hierarchy model for the information systems risk assessment was established firstly, and then fuzzy sets were introduced into theory of evidence. The basic probability assignments were constructed using the membership function of fuzzy sets, and the basic probability assignments were determined. Moreover, weight coefficients were calculated using entropy weight and empirical factor, which combined the objective weights with the subjective ones, and improved the validity and reliability. An illustration example indicates that the method is feasible and effective, and provides reasonable data for constituting the risk control strategy of the information systems security.


theory of evidence; fuzzy sets; entropy weight; information systems; risk assessment

Full Text:


International Journal of Online and Biomedical Engineering (iJOE) – eISSN: 2626-8493
Creative Commons License
Scopus logo Clarivate Analyatics ESCI logo IET Inspec logo DOAJ logo DBLP logo EBSCO logo Ulrich's logo Google Scholar logo MAS logo