基于数据挖掘的信息系统风险评估体系框架研究
|
摘要
信息正在成为越来越重要的资源,同时信息面临的各种风险也越来越多。在当前以信息技术为基本工具的社会生产活动中,机构为了保证信息系统资产不受侵害,而投入的资金和人员力量也越来越大。
信息系统风险是人为或自然的威胁利用系统存在的脆弱性引发的安全事件,并由于受损信息资产的重要性而对机构造成的影响。开展信息系统风险评估是企业管理发展的需要,也是信息技术发展的需要。
从20世纪90年代已来,英国、美国等国家及国际标准化组织相继推出了一系列有关信息系统风险评估的标准,研究出一些实现方法并积累了大量的实践经验。目前信息系统风险评估的一个重要问题是对各类与安全相关的数据的分析处理。本文建立了一个基于数据挖掘技术的信息系统风险评估理论框架,在该框架的指导下,采用定量和定性研究的方法,对数据挖掘技术应用于信息系统风险评估的理论进行了研究并给出了实例分析。本论文除引言外共分为6章:
第一章主要对信息系统风险评估的概念及其产生缘由进行溯源,并探讨其发展过程中的主要理论基础、方法基础、模型及应用。
第二章在数据挖掘技术的基础上,建立了基于数据挖掘技术的信息系统风险评估理论框架。
总体来说,信息系统风险评估是对一些不确定的事件所做的估计和分析。这些事件主要包括信息系统资产、系统脆弱性、威胁等。信息系统的资产包括系统内部和网络互联外部的信息,所以也可以看作资产属性分布在一个更大、更复杂、分布式的数据库中。数据挖掘技术运用于风险评估,首要的目标是确定风险评估的应用主题,并对挖掘目标建立恰当的模型;其次是围绕信息系统风险评估主题收集数据源。本文将信息系统风险评估的数据源分为资产属性数据、威胁数据、Web资源数据三类,将这三类数据分别交给预处理模块处理,得出资产、威胁赋值列表。
信息系统风险因素可分为系统安全风险、数据信息风险、执行风险、人为因素风险、物理因素风险和管理因素风险等。本文在对风险因素进行分析评价时,先将引发风险的各类威胁因子提取出来,利用Poisson分布的方法计算威胁发生的频率,对系统资产的脆弱性进行赋值;然后对威胁(包括频率和分布)赋值表、资产(包括脆弱性)赋值表进行提取、分解、合并,转化,成为适合进行数据挖掘的数据格式;最后借鉴金融风险管理VaR方法进行风险损失度量,得出对风险评估的等级。
本文在进行信息系统风险防范措施决策时,首先根据有限状态机模型来计算信息生存性的指标(可抵抗性、可识别性和可恢复性),以作为信息风险防范措施投入和采取与否的依据;接着对风险防范措施的有效性、灵敏度等方面做出评估,从而对风险防范措施进行排序;最后借用粗糙集理论建立组合风险防范措施效果预测模型,利用模型计算出预测值后,将结果通过决策支持工具提交给决策者,用于信息系统风险评估的风险防范措施决策和相关技术处理。
第三章提出了资产安全属性动态空间应力计算方法。
由于信息资产之间的安全性是相互关联的,因此本文通过对信息资产完整性、机密性、可用性、等级和资产位置等属性进行空间转化,以B-Spline函数为基础,经过改进构造出信息资产安全属性空间,提出了资产属性相互关系动态应力计算方法。根据描述的资产所在安全属性空间曲面中的曲率变化,表现出资产安全属性之间的相互影响关系,并能动态地调整和计算资产安全属性值。这个资产安全属性动态空间应力计算方法,能够帮助系统动态地完成风险防范措施决策的修改。
第四章构建了基于经常性事件原则的优化决策量化模型。
每项风险控制措施的重要性有所不同,对信息系统整体安全性的影响也有所不同。企业往往会根据自身的条件,集中注意力于技术条件的可行性约束优化和资金投入约束优化。但是对于选择应该加强哪些方面的投入,则往往凭经验行事。对于信息系统面临的风险而言,有不可接受的风险和在有限防范措施下可接受的风险两类,信息系统资产也按对系统影响的重要性分为五个等级。本文在分析基于投资约束和风险防范需求约束的风险防范措施优化决策方法的基础上,将不可接受的风险、重要性较大的资产和自定义的重要风险防范措施作为经常性事件,依据Amdahl定律构建了基于经常性事件原则的优化决策量化模型。这个模型可以直接得出某项风险防范措施对整体系统安全性的影响,以及加强这项措施对整体系统安全性的贡献值,从而为建立信息系统风险评估的优化决策自动化系统提供了科学计算手段。
第五章用本文所提出的基于数据挖掘的风险评估框架,针对一个企业所面临的风险情况,对其进行风险评估,从而验证了本文所提出的风险评估框架的合理性。
第六章对论文的整体作了总结,并对并对未来信息系统风险评估的发展趋势进行了展望。
本文的创新之处体现在:建立了基于数据挖掘技术的信息系统风险评估理论框架;在B- Spline函数的基础上经过改进,提出了信息资产安全属性的动态空间应力计算方法;在Amdahl定律的基础上经过改进,构建了加强经常性事件的风险防范措施优化决策模型。
本论文是2005年度教育部哲学社会科学研究重大课题攻关项目(05JZD00024)“数字信息资源的规划、管理与利用研究”的研究成果之一,也是国家自然科学基金项目(70473068)“我国数字化信息资源管理的可视化模型研究”的研究成果之一
Being more and more important resource, information also suffers from more and more risks. Within the current social production activities using information technology as the basic tool, the fund and human resource input also become larger and larger in order to guarantee the information system asset away from damage.
The risk of information system is a kind of safety issue caused by vulnerability of system from artificial or natural threat, and it has influenced on the organizations due to the importance of the damaged information asset. The information system risk assessment not only the need for enterprise management development, but also the need for information technology development.
From 90's year of the twenties century, a series of information system risk assessment standards are proposed by countries as England and America and organizations as the International Standardization Organization, some implementation methods and large amount of practice experience are also worked out. Currently speaking, one important issue of the information system risk assessment is the analysis and handling of any kind of safety-relating data. On the basis of data mining technology, a theoretical framework for the information system risk assessment is proposed by this article. Under the guide of this framework, the quantitative and qualitative investigation method is adopted to give investigation and examples for the information system risk assessment theory. The whole dissertation is divided into six sections; the concrete content is as follows:
The first section mainly discusses the concept, main theory, method, model and application of information system risk assessment.
The second section mainly discusses theory framework for the information system risk assessment based on data mining technology.
Generally speaking, the information system risk assessment is a kind of estimation and analysis for some uncertain issues which mainly includes the information system asset, the system vulnerability, and the threat. The information system asset includes the system information (inside) and the internet information (outside), which could also be considered that the asset attribute is distributed in a larger, more complicated, and distributed data base. For the data mining technology which is applied to the risk assessment, firstly, the application subject of the risk assessment will be defined, and the suitable model for the mining object will be established; secondly, the data source should be collected around the information system risk assessment subject. The data resource of the information system risk assessment in this article is divided into asset attribute data, threat data, and Web resource data, which will be delivered to the preprocess module for processing and output the lists of asset value and threat value.
The information system risk elements could be divided into the system safety risk, the data information risk, the execution risk, the artificial element risk, the physical element risk and the management element risk.; thirdly, the risk elements will be extracted, decomposed, combined and converted into the data format which is suitable for data mining to do the analysis and evaluation; lastly, the risk decision making will be made according to related principles, and submitted to decision maker by decision making supporting tool for relating technology handling of information system risk assessment. For this article, during analysis and evaluation for the risk elements, the threat factors of each threat will be pulled out, the frequency and of the threat will be calculated according to Poisson distribution method, the value will be given for the vulnerability of the system asset; then the threat (including frequency) value table, the asset (including vulnerability) value table will be extracted, decomposed, combined and converted into the data format which is suitable for data mining; finally the risk assessment class will be got from the risk lost measurement according to the VaR method of the financial risk management.
During decision making on the information system risk prevention, the information survivability index will be calculated by the infinite state machine model to be the basis of the selection on information risk prevention input and adoption; then the validity, sensitivity of the risk prevention measures will be evaluated to make orders for the risk prevention measures; finally the effect prediction model of the combined risk prevention measures will be established according to the rough set theory, after the prediction value is calculated from the model, the result will be submitted to decision maker by decision making supporting tool for the measures decision making and relating technology handling of the information system risk assessment.
In section 3 the author mainly constructs a space stress calculation method about the information asset safety attribute dynamic correlation.
As the safety between the information assets has a correlation, so through a space conversion on the information asset attributes (such as integrity, confidentiality, availability, class and location), and based on B-Spline function, the information asset safety attribute space and the dynamic space stress calculation model will be established. The correlation of the asset safety attributes is shown from the curvature of the asset-relating surface, and the asset safety attribute value could be adjusted and calculated dynamically. The modification of the risk prevention measures could be finished dynamically with the help of this dynamic space stress calculation method about the information asset safety attribute.
The author proposed an optimization method for strengthening the risk decision making on common case in the fourth section.
The importance of each risk control measure has a variance; also the influence on the overall safety of the information system has a variance. Normally according to self condition, the enterprise will focus on the optimization for the restraint on technology condition feasibility and fund input. But for the selection on the type of technology input which should be strengthened, the experience will be the major consideration. Concerning the risk faced by the information system, the unacceptable risk and the acceptable risk under finite prevention measures are two kinds, also five classes are divided from the influence importance of the information system asset on the system. On the basis of the analysis of the risk prevention measures optimization method (which is based on the investment restraint and the risk prevention requirement restraint), the unacceptable risk, the important asset and the user-defined important risk prevention measures are considered as common case, and based on which the quantized module for optimizing the decision making is proposed according to the Amdahl theory. By this module, the influence of one certain risk prevention measure on the overall system safety could be worked out; the contribute value for the overall system safety could be strengthened; and the scientific calculation method could be provided for the establishment of the decision making optimization automatic system of the information system risk assessment.
In section 5 is studied by a case for the information system risk assessment based on data mining technology for an enterprise.
Section 6 gave a conclusion of the dissertation and some prospect that have interesting future.
The main investigation content are proposed a theoretical framework for the information system risk assessment based on data mining technology; proposed a space stress calculation method about the information asset safety attribute correlation; and proposed an optimization method for strengthening the risk decision making on common cases.
This article is one of the achievements of the AOE important philosophy and social science project named Research on the Plan, Management and Application of the Digital Information Source (No:05JZD00024) on 2005, and it is also one of the achievements of the NSFC project named Research on the Visualized Module of Digital Information Source Management (No:70473068).
信息系统风险是人为或自然的威胁利用系统存在的脆弱性引发的安全事件,并由于受损信息资产的重要性而对机构造成的影响。开展信息系统风险评估是企业管理发展的需要,也是信息技术发展的需要。
从20世纪90年代已来,英国、美国等国家及国际标准化组织相继推出了一系列有关信息系统风险评估的标准,研究出一些实现方法并积累了大量的实践经验。目前信息系统风险评估的一个重要问题是对各类与安全相关的数据的分析处理。本文建立了一个基于数据挖掘技术的信息系统风险评估理论框架,在该框架的指导下,采用定量和定性研究的方法,对数据挖掘技术应用于信息系统风险评估的理论进行了研究并给出了实例分析。本论文除引言外共分为6章:
第一章主要对信息系统风险评估的概念及其产生缘由进行溯源,并探讨其发展过程中的主要理论基础、方法基础、模型及应用。
第二章在数据挖掘技术的基础上,建立了基于数据挖掘技术的信息系统风险评估理论框架。
总体来说,信息系统风险评估是对一些不确定的事件所做的估计和分析。这些事件主要包括信息系统资产、系统脆弱性、威胁等。信息系统的资产包括系统内部和网络互联外部的信息,所以也可以看作资产属性分布在一个更大、更复杂、分布式的数据库中。数据挖掘技术运用于风险评估,首要的目标是确定风险评估的应用主题,并对挖掘目标建立恰当的模型;其次是围绕信息系统风险评估主题收集数据源。本文将信息系统风险评估的数据源分为资产属性数据、威胁数据、Web资源数据三类,将这三类数据分别交给预处理模块处理,得出资产、威胁赋值列表。
信息系统风险因素可分为系统安全风险、数据信息风险、执行风险、人为因素风险、物理因素风险和管理因素风险等。本文在对风险因素进行分析评价时,先将引发风险的各类威胁因子提取出来,利用Poisson分布的方法计算威胁发生的频率,对系统资产的脆弱性进行赋值;然后对威胁(包括频率和分布)赋值表、资产(包括脆弱性)赋值表进行提取、分解、合并,转化,成为适合进行数据挖掘的数据格式;最后借鉴金融风险管理VaR方法进行风险损失度量,得出对风险评估的等级。
本文在进行信息系统风险防范措施决策时,首先根据有限状态机模型来计算信息生存性的指标(可抵抗性、可识别性和可恢复性),以作为信息风险防范措施投入和采取与否的依据;接着对风险防范措施的有效性、灵敏度等方面做出评估,从而对风险防范措施进行排序;最后借用粗糙集理论建立组合风险防范措施效果预测模型,利用模型计算出预测值后,将结果通过决策支持工具提交给决策者,用于信息系统风险评估的风险防范措施决策和相关技术处理。
第三章提出了资产安全属性动态空间应力计算方法。
由于信息资产之间的安全性是相互关联的,因此本文通过对信息资产完整性、机密性、可用性、等级和资产位置等属性进行空间转化,以B-Spline函数为基础,经过改进构造出信息资产安全属性空间,提出了资产属性相互关系动态应力计算方法。根据描述的资产所在安全属性空间曲面中的曲率变化,表现出资产安全属性之间的相互影响关系,并能动态地调整和计算资产安全属性值。这个资产安全属性动态空间应力计算方法,能够帮助系统动态地完成风险防范措施决策的修改。
第四章构建了基于经常性事件原则的优化决策量化模型。
每项风险控制措施的重要性有所不同,对信息系统整体安全性的影响也有所不同。企业往往会根据自身的条件,集中注意力于技术条件的可行性约束优化和资金投入约束优化。但是对于选择应该加强哪些方面的投入,则往往凭经验行事。对于信息系统面临的风险而言,有不可接受的风险和在有限防范措施下可接受的风险两类,信息系统资产也按对系统影响的重要性分为五个等级。本文在分析基于投资约束和风险防范需求约束的风险防范措施优化决策方法的基础上,将不可接受的风险、重要性较大的资产和自定义的重要风险防范措施作为经常性事件,依据Amdahl定律构建了基于经常性事件原则的优化决策量化模型。这个模型可以直接得出某项风险防范措施对整体系统安全性的影响,以及加强这项措施对整体系统安全性的贡献值,从而为建立信息系统风险评估的优化决策自动化系统提供了科学计算手段。
第五章用本文所提出的基于数据挖掘的风险评估框架,针对一个企业所面临的风险情况,对其进行风险评估,从而验证了本文所提出的风险评估框架的合理性。
第六章对论文的整体作了总结,并对并对未来信息系统风险评估的发展趋势进行了展望。
本文的创新之处体现在:建立了基于数据挖掘技术的信息系统风险评估理论框架;在B- Spline函数的基础上经过改进,提出了信息资产安全属性的动态空间应力计算方法;在Amdahl定律的基础上经过改进,构建了加强经常性事件的风险防范措施优化决策模型。
本论文是2005年度教育部哲学社会科学研究重大课题攻关项目(05JZD00024)“数字信息资源的规划、管理与利用研究”的研究成果之一,也是国家自然科学基金项目(70473068)“我国数字化信息资源管理的可视化模型研究”的研究成果之一
Being more and more important resource, information also suffers from more and more risks. Within the current social production activities using information technology as the basic tool, the fund and human resource input also become larger and larger in order to guarantee the information system asset away from damage.
The risk of information system is a kind of safety issue caused by vulnerability of system from artificial or natural threat, and it has influenced on the organizations due to the importance of the damaged information asset. The information system risk assessment not only the need for enterprise management development, but also the need for information technology development.
From 90's year of the twenties century, a series of information system risk assessment standards are proposed by countries as England and America and organizations as the International Standardization Organization, some implementation methods and large amount of practice experience are also worked out. Currently speaking, one important issue of the information system risk assessment is the analysis and handling of any kind of safety-relating data. On the basis of data mining technology, a theoretical framework for the information system risk assessment is proposed by this article. Under the guide of this framework, the quantitative and qualitative investigation method is adopted to give investigation and examples for the information system risk assessment theory. The whole dissertation is divided into six sections; the concrete content is as follows:
The first section mainly discusses the concept, main theory, method, model and application of information system risk assessment.
The second section mainly discusses theory framework for the information system risk assessment based on data mining technology.
Generally speaking, the information system risk assessment is a kind of estimation and analysis for some uncertain issues which mainly includes the information system asset, the system vulnerability, and the threat. The information system asset includes the system information (inside) and the internet information (outside), which could also be considered that the asset attribute is distributed in a larger, more complicated, and distributed data base. For the data mining technology which is applied to the risk assessment, firstly, the application subject of the risk assessment will be defined, and the suitable model for the mining object will be established; secondly, the data source should be collected around the information system risk assessment subject. The data resource of the information system risk assessment in this article is divided into asset attribute data, threat data, and Web resource data, which will be delivered to the preprocess module for processing and output the lists of asset value and threat value.
The information system risk elements could be divided into the system safety risk, the data information risk, the execution risk, the artificial element risk, the physical element risk and the management element risk.; thirdly, the risk elements will be extracted, decomposed, combined and converted into the data format which is suitable for data mining to do the analysis and evaluation; lastly, the risk decision making will be made according to related principles, and submitted to decision maker by decision making supporting tool for relating technology handling of information system risk assessment. For this article, during analysis and evaluation for the risk elements, the threat factors of each threat will be pulled out, the frequency and of the threat will be calculated according to Poisson distribution method, the value will be given for the vulnerability of the system asset; then the threat (including frequency) value table, the asset (including vulnerability) value table will be extracted, decomposed, combined and converted into the data format which is suitable for data mining; finally the risk assessment class will be got from the risk lost measurement according to the VaR method of the financial risk management.
During decision making on the information system risk prevention, the information survivability index will be calculated by the infinite state machine model to be the basis of the selection on information risk prevention input and adoption; then the validity, sensitivity of the risk prevention measures will be evaluated to make orders for the risk prevention measures; finally the effect prediction model of the combined risk prevention measures will be established according to the rough set theory, after the prediction value is calculated from the model, the result will be submitted to decision maker by decision making supporting tool for the measures decision making and relating technology handling of the information system risk assessment.
In section 3 the author mainly constructs a space stress calculation method about the information asset safety attribute dynamic correlation.
As the safety between the information assets has a correlation, so through a space conversion on the information asset attributes (such as integrity, confidentiality, availability, class and location), and based on B-Spline function, the information asset safety attribute space and the dynamic space stress calculation model will be established. The correlation of the asset safety attributes is shown from the curvature of the asset-relating surface, and the asset safety attribute value could be adjusted and calculated dynamically. The modification of the risk prevention measures could be finished dynamically with the help of this dynamic space stress calculation method about the information asset safety attribute.
The author proposed an optimization method for strengthening the risk decision making on common case in the fourth section.
The importance of each risk control measure has a variance; also the influence on the overall safety of the information system has a variance. Normally according to self condition, the enterprise will focus on the optimization for the restraint on technology condition feasibility and fund input. But for the selection on the type of technology input which should be strengthened, the experience will be the major consideration. Concerning the risk faced by the information system, the unacceptable risk and the acceptable risk under finite prevention measures are two kinds, also five classes are divided from the influence importance of the information system asset on the system. On the basis of the analysis of the risk prevention measures optimization method (which is based on the investment restraint and the risk prevention requirement restraint), the unacceptable risk, the important asset and the user-defined important risk prevention measures are considered as common case, and based on which the quantized module for optimizing the decision making is proposed according to the Amdahl theory. By this module, the influence of one certain risk prevention measure on the overall system safety could be worked out; the contribute value for the overall system safety could be strengthened; and the scientific calculation method could be provided for the establishment of the decision making optimization automatic system of the information system risk assessment.
In section 5 is studied by a case for the information system risk assessment based on data mining technology for an enterprise.
Section 6 gave a conclusion of the dissertation and some prospect that have interesting future.
The main investigation content are proposed a theoretical framework for the information system risk assessment based on data mining technology; proposed a space stress calculation method about the information asset safety attribute correlation; and proposed an optimization method for strengthening the risk decision making on common cases.
This article is one of the achievements of the AOE important philosophy and social science project named Research on the Plan, Management and Application of the Digital Information Source (No:05JZD00024) on 2005, and it is also one of the achievements of the NSFC project named Research on the Visualized Module of Digital Information Source Management (No:70473068).
引文
1 D.A. Keim. Information visualization and visual data mining. IEEE Trans. Visualization and Computer Graphics,2002,8(1):1-8
2林雪纲,许榕生,熊华,朱淼良一种信息系统生存性的量化分析框架.电子与信息学报,2006(9):1721
1 Gregory T. Grocholski, and Anthony Noble. Top Business/Technology Issues Survey Results. ISACA, USA,2008
1范红.信息安全风险评估规范国家标准理解与实施.中国标准出版社,2008:2
1 Intenrational Organization for Standardization. ISO/EC TR 13335. Guidelines for the Management of IT Secuirty (GMTS). 1996-2001
2 International Organization for Standardization. Code of Practice for Information Secuirty Management. ISO/IEC 17799:2000. 2000(12)
Intenrational Standards Organization, Common Criteria for Information Technology Security Evaluation(CC) version 2.1. International Standards Organization International Standard 15408.2000-1-31
4 SSE-CMM Model Descirption Document Version 2.0. http://www.sse-emm.org,1999
1 Federal Agency for Security in Information Technology, IT-Baseline Protection Manual Standard Security Measures Version: October 2000. London:BSI,2000
1 Mehmed Kantardzic. Data Mining:Concepts, Models, Methods, and Algorithms. IEEE Press,2002:308
2王英梅等.信息安全风险评估.龟子工业出版社,2007:19
3 Swain A D, Guttmann H E. Handbook of Human Reliability Analysis with Emphasiso on Nuclear Power Plant Appilcation. Nuclear Regulatory Commission, Washmgton D C,1983
1 Stoneburner, G., A. Goguen, et al. Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, Special Publication 800-30,2001
1 Marios. Information System and it and Control Association. CISA Review Manual 2005
1 Marianne S. NIST Special Publication 800-26:Security Self-Assessment Guide for Information Technology Systems. Washington:U.S. Department of Commerce,2001(11)
2 Puline B, Joan H, Marianne S. NIST Special Publication 800-18:Guide for Developing Security Plans for Federal Information Systems, Revision 1. Washington:U.S. Department of Commerce,2005(8)
1 Verdu S. Fifty years of Shannon theory. IEEE Transaction on Information Theory,1998,44(6):2057-2078
1 Shannon C.E. A mathematical theory of communication. Bell Syst. Tech. J,1948,27:379-423,623-656
Shannon C.E. Communication in the presence of noise. Proc. IRE,1949,37:10-21
3钟义信.信息科学原理(第3版).北京邮电大学出版社,2002
4 Moitra S D. Konda S L. A simulation model for managing survivability of networked information systems, CMU/SEI-2000-TR-020
Jha S, Wing J, linger R, et al. Survivability analysis of network specifications. International Conference on Dependable Systems and Networks (DSN 2000). New York,2000(6)
6 Krings A W, Azadmanesh M H. Agraph based model for survivability analys. UI-CS-TR-02-D24,2004 Gao Zhi-xing, Ong C H, Tan W K. Survivability assessment:modeling dependencies in information systems. Proceeding of 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002). Vancouver, BC Canada. 2001:15-17
Linger R, Hevner A, Walton G, et al. Semantic foundations for survivable system analysis and design. Proceedings of the International Conference on Dependable Systems and Networks (DSN-2001). Goteberg. Sweden.2001(7)
9 McDermott J. Attack-potential-based survivability modeling for high-consequence systems. Proceeding of Third IEEE International Workshop on Information Assurance (IWIA05). College Park,2005:23-24
10郭渊博,马建峰.分布式系统中服务可生存性的定量分析.同济大学学报,2002,30(10):1190-1193
11 Ellison R, Fisher D, et al., Survivable network systems:an emerging discipline. Technical Report CMU/SE1-97-153,1997(11)
12林雪纲,许榕生,熊华,朱淼良.一种信息系统生存性的量化分析框架.电子与信息学报,2006(9):1721
1 Ellison R J, Linger R C, et al. A case study in survivable network system analysis. Technical Report CMU/SE1-98-TR-014, 1998(9)
2郭渊博,马建峰.分布式系统中服务可生存性的定量分析.同济大学学报,2002,30(10):1190-1193
1 Krings A W. Azadmanesh M H. Agraph based model for survivability analysis. Technical Report UI-CS-TR-02-024,2004
2 Jha S, Wing J, Linger R, Longstaf T. Survivability analysis of network specifications. Proceeding of International Conference on Dependable Systems and Networks, New York,2000(6):613-622
刘普寅,吴孟达.模糊理论及其应用.国防科技大学出版社,1998(1)
1 Du Junping, Guo Wensheng. The Study on Multi-Agent Cooperation in An E-business Intermediation Platform. Wuhan, China, 2005 International Workshop on SCILIB and Open Source Software Engineering,2005(10):27-29
1王景,刘良栋,王作义.组合预测方法的现状和发展.预测,1997(6):37-38
2程佚.常用预测方法及评价综述.四川师范大学学报(自然科学版),2002,25(1):70-72
3张文修,吴伟志,梁吉业等.粗糙集理论与方法.科学技术出版社,2001
4钟波,肖智,周家启.组合预测中基于粗糙集理论的权值确定方法.重庆大学学报,2002,25(7):127-130
3 Pawlak Z. Rough sets. International Journal of Information and Computer Science,1982,11(5):314-356
6 Szladow A, Ziarko Z, Rough sets. Working with imperfect data.AI Expert,1993(7)
7 Pawlak Z, Grzymala-Busse J, Slowinski R. Rough sets. Communications of the ACM
8韩祯祥,张琦,文福拴.粗糙集理论及其应用.信息与控制,1998,27(1):37-45
1赵显桥,曹欣玉,兰泽全等.基于粗集理论的煤灰结渣模糊综合评判权系数确定方法研究.煤炭学报,2004,29(2):222-225
2于达仁胡清华,鲍文.融合粗糙集和模糊聚类的连续数据知识发现.中国电机工程学报,2004,24(6):205-210
1 Ketil Stolen. Model-based risk assessment-the COBAS approach. In Proc. the 1st iTrust Workshop, G lasgow,2002(9)
1王胜利.影响图理论和应用的研究.北京航空航天大学博士学位论文,1991
2 Information technology-Security technique-Gruidelines for the managment of IT secuirty (GMTTS)-Part3:Techniques for the management of IT security. ISO JEC1 TC1/SC27 N1845,1997.12
3 Hannaman G W. Human Congnitive Reliability Model for PRA Analysis. NUS-4531, NUS Corp., San Diego, CA.1984
4 The National Institute of Standards and Technology (NIST), http://www.nist.gov
1 C&A Systems Secuirty:The COBRA Risk Consultant MethodologyTM,1999(6)
2 CCRA RiskAnalysis and Management Method (CRAMM). http://www.cramm.com,1985
3 Cost-of-RiskAnalysis (CORA). International Security Technology Inc, http://wwwist-usa.com
4 Ketil Stolen. Model-based risk assessment-the COBAS approach. In Proc. the 1st iTrust Workshop, G lasgow,2002(9)
5 NIST. Federal Information Processing Standards Publication 65:Guidelines for Automatic Data Processing Risk Analysis,1975
6 United States General Accounting Office. Information Security Risk Assessment-Practices of Leading Organizations-Case Study 3. GAO/AIMD-00-33.1999
7 Gary S, Ailce G, Alexis F. Risk Management Guide for Information Technology Systems. NIST SP-800-30,2001
8 United States General Accounting Office. Information Security Risk Assessment-Practices of Leading Organizations, Exposure Draft,1999(8)
9 British Standards Institute. BS 7799:Code of Practice for Information Security Management,1999
10 David B. Risk Assessment Models and Evolving Approaches. http://www.gammassl.co.uk
2 Information technology-Security technique-Guidelines for the management of IT security (GMITS)-Part 3:Techniques for the management of IT security. ISO/TEC JTC1/SC27 N1845,1997(12)
COBRA Risk Consultant. The New Era in Security Risk Management. http://www.securitypolicy.co.uk/riskanalysis/risk.htm
3 Thomas R P. Information Security Risk Analysis. New York:Auerbach Publications,1997
1 Will O. Information Risk Analysis, Assessment and Management. http://www.theiia.org/itauid 2 Palisade Asia-Pacific. Risk analysis in@RISK, http://www.palisade.com/btmUrisk.asp
1数据挖掘http://www.intsci.ac.cn/dm/kdd.html.2006-10-31
2林杰斌刘明德陈湘.数据挖掘与OLAP理论与实务.清华大学出版社2003
3郑建国,程曾平,周明全.智能化数据挖掘方法综述湖北汽车工业学院学报,2004(1):52-56
4武森.高维稀疏聚类知识发现.冶金工业出版社,2003:12-17
1耿增民,刘万春,朱玉文,杨静.Web数据挖掘中的数据预处理和后处理中国工人智能学会第11届全国学术年会论文集(上册),中国人工智能进展,2005:216-220
2 Jared Jackson, Jussi Myllymaki. Web-based data mining, http://ibm.com,2006-11-2
Mark Sweiger, Mark R. Madsen, Jimmy Langston, Howard Lombard.点击流数据仓库.电子工业出版社.2004:28-82
2 Logging Control in W3Chttp.http://www3.org/Daemon/User/Config/Logging.html#common-logfile-format, 2007-3-9
1陈宝树,党齐民.Web数据挖掘中的数据预处理.计算机工程,2002(7):125-127
2方成效,袁可风Web日志挖掘的数据预处理研究.计算机与现代化2006(4):79-81
3 Gordon S. Linoff, Michael, J. A. Berry. Web数据挖掘:将客户数据转化为客户价值.电子工业出版社,2004;32-38
1王英梅,王胜开,陈国顺,程湘云.信息安全风险评估.电子工业出版社,2007:19
1 Aslam T. Use of a Taxonomy of Security Faults. Proceedings of the Nineteenth NIST-NCSC National Information Systems Security Conference,1996:551-560
2 Howard J. An Analysis of Security Incidents on the Internet.1989-1995:PhD thesis, Department of Engineering and Public Policy, Camegie Mellon University, Pittsburgh, Pennsylvania,1997
3 Kumar S. Classification and Detection of Computer Intrusions. PhD thesis, Department of Computer Science, Purdue University, West Lafayette, Indiana,1995
4 Iackey R. Penetration of computer systems:An overview. Honeywell Computing Journal,1974,8(2):81-85
5 Landwehr C. A Taxonomy of Computer Program Security Flaws. ACM Computing Surveys,1994,26(3):211-254
6 Lindgvist U, Jonsson E. How to Systematically Classify Computer Security. Proceedings of the IEEE Symposium on Security and Privacy,1997:154-163
1 mi2g. Technical report, Windows regains mantle of most vulnerable OS. mi2g.com,2002(8)
John M, Robert V. Technical report, Software Engineering Baselines. Data and Analysis Center for Software,1996(7) Reasoning. How Open Source and Commercial Software Compare. Technical report, Reasoning Inc.,2003(2)
3 John M, Robert V. Software Engineering Baselines. Technical report, Data and Analysis Center for Software, NY:Rome Laboratory,1996(7)
4 Reasoning. How Open Source and Commercial Software Compare. Technical report, Reasoning Inc.,2003(2)
5 John D M, Anthony I, Kazuhira O. Software reliability:measurement, prediction, application. McGraw Hill Softwaer Engineering Series, Professional edition,1990
6 Intenret Security Strategies. X-Force database. http://www.iss.net/security center,2002
1马超群,李红权.VaR方法及其在中国金融风险管理中的应用.系统工程,2000,(2):56-59
2 Joiron P. Risk:measuring the risk in Value at Risk. Fi nancial Analysts Journal,1996(11/12)
1李德杰.Web数据挖掘工具及其在电子商务中的应用.微计算机应用,2002(7):180
1林雪纲,钱桂球,孙巍许榕生一种分布式信息系统生存性分析管理平台.中国计算机安全论坛2004年征文入选论文集,2004
1郑成兴.基于FSM模型的信息系统生存性计算.计算机工程与应用,2007,43(2):140
1 Kim TH, Kim HK. A relationship between security engineering and security evaluation. Lecture Notes In Computer Science, 2004,3046:717-724
2 Shawn A. Butler. Security Attribute Evaluation Method. Carnegie Mellon University. Doctoral Thesis,2003(5)
1 Wanner PCH, Weber RE Fault injection tool for network security evaluation. Lecture Notes In Computer Science,2003,2847: 127-136
1 Une M, Matsumoto T. A framework to evaluate security and cost of time stamping schemes. IEICE transactions on fundamentals of electronics communications and computer sciences E85A,2002(1):125-139
1候利娟,王国胤,聂能粗糙集理论中的离散化问题计算机科学,2000,27(12):89-94
2凌方,王建东.一种连续属性离散化的新方法.数据采集与处理,2002,17(2):179-182
3安利平,全凌云.粗糙集理论中一种属性离散化算法.河北工业大学学报,2002,31(3):39-43
4徐如燕,鲁汉榕,郭齐胜.基于信息论的连续属性离散化.计算机工程与设计,2002,23(2):62-64
5代建华,李元香,刘群.粗糙集理论中基于遗传算法的离散化方法.计算机工程与应用,2003(8):13-14
1张艳李晓雷,谈小强基于粗集理论的柴油机磨损模式识别方法.内燃机学报,2001,(4):373-376
2陈遵德Rough Set神经网络智能系统及其应用.模式识别与人工智能1999,12(1):1-5
3李增芳.基于人工智能和虚拟仪器技术的发动机故障诊断专家系统研究.浙江大学博士学位论文,2004
4赵显桥,曹欣玉,兰泽全等.基于粗集理论的煤灰结渣模糊综合评判权系数确定方法研究.煤炭学报,2004,29(2):222-225
5于达仁胡清华,鲍文.融合粗糙集和模糊聚类的连续数据知识发现.中国电机工程学报,2004,24(6):205-210
1 Frederick H, Gerald L. Introduction to Operations Research. New York:McGraw-Hill. Intenrational Book Company,1990
1朱仁芝,胡红专,胡延平.微机绘图基础.中国科技大学出版社,1996
2孙家广,陈玉健幸凯宁.计算机辅助几何造型技术.清华大学出版社,1990
3田捷,袁国平,文四立,常红星.实用计算机辅助二维绘图与三维造型.电子工业出版社,1994
1关于加强银行计算机安全,防范金融计算机犯罪若干问题的决定.中银发(2000)12号文
1 Mark Sweiger, Mark R. Madsen, Jimmy Langston, Howard Lombard.点击流数据仓库.电子工业出版社,2004:28-822 W3C Extended Log File Format. http://www.micosoft.com/technet/prodtechnol/windowsserver2003/zh-chs/library/iis/96af216b-e2c0-428e-9880-95cbd85d90al.ms px?mfr=true,2007-3-9
1 林杰斌,刘明德,陈湘.数据挖掘与OLAP理论与实务.清华大学出版社,2003
2 林雪纲,许榕生,熊华,朱淼良.一种信息系统生存性的量化分析框架.电子与信息学报,2006(9):1721
3 Richard Saub Wurman.信息饥渴—信息选择、表达与透析.电子工业出版社,2001
4 范红.信息安全风险评估规范国家标准理解与实施.中国标准出版社,2008:2
5 王英梅,王胜开,陈国顺,程湘云.信息安全风险评估.电子工业出版社,2007:19
6王胜利.影响图理论和应用的研究.北京航空航天大学博士学位论文,1991
7 钟义信.信息科学原理(第3版).北京邮电大学出版社,2002
8郭渊博,马建峰.分布式系统中服务可生存性的定量分析.同济大学学报,2002,30(10):1190-1193
9 刘普寅,吴孟达.模糊理论及其应用.国防科技大学出版社,1998(1)
10 毕强,杨文祥.网络信息资源开发与利用.科学出版社,2002
11 Gordon S. Linoff, Michael, Berry, JA沈钧毅等译.Web数据挖掘:将客户数据转化为客户价值.电子工业出版社,2004
12 毛国君.数据挖掘原理与算法.清华大学出版社,2005
13 周宁,张玉峰,张李义.信息可视化与知识检索.科学出版社,2005
14 周宁.信息资源数据库(第2版).武汉大学出版社,2006
15周宁.信息组织(第2版).武汉大学出版社,2004
16 马费成,胡翠华,陈亮.信息管理学基础.武汉大学出版社,2002
17 钟义信.信息科学原理(第3版).北京邮电大学出版社,2002
18武森.高维稀疏聚类知识发现.冶金工业出版社,2003
19 Charles F. Goldfarb, Paul Prescod.张利,王显著译.XML实用技术.清华大学出版社,1999
20 Peter G.AitKen.谢君英译.微软XML技术指南.中国电力出版社,2003
21 何晓群.多元统计分析.中国人民大学出版社,2004
22 秦寿康.综合评价原理与应用.电子工业出版社,2003
23 马振华.现代应用数学手册(概率统计与随机过程卷).清华大学出版社,2000
24方开泰.实用多元统计分析.华东师范大学出版社,1989
25 王继成.一个基于模糊神经网络的模式分类系统.计算机研究与发展,2003(1):26-30
26 徐爱琴.基于神经网络的分类决策树构造.计算机工程与应用,2000(10):4345
27 朱大奇.人工神经网络研究现状及其展望.江南大学学报,2004(1):103-110
28郝先臣,张德干.用于电子商务中的数据挖掘技术研究.小型微型计算机系统,2001(7):785-788
29王永庆.人工智能原理与方法.西安交通大学出版社,1998
30 王景,刘良栋王作义.组合预测方法的现状和发展.预测,1997(6):37-38
31 程佚.常用预测方法及评价综述.四川师范大学学报(自然科学版),2002,25(1):70-72
32 张文修,吴伟志,梁吉业等.粗糙集理论与方法.科学技术出版社,2001
33 钟波,肖智,周家启.组合预测中基于粗糙集理论的权值确定方法.重庆大学学报,2002,25(7):127-130
34 候利娟,王国胤,聂能.粗糙集理论中的离散化问题.计算机科学,2000,27(12):89-94
35 凌方,王建东.一种连续属性离散化的新方法.数据采集与处理,2002,17(2):179-182
36 安利平,全凌云.粗糙集理论中一种属性离散化算法.河北工业大学学报,2002,31(3):39-43
37 徐如燕,鲁汉榕,郭齐胜.基于信息论的连续属性离散化.计算机工程与设计,2002,23(2):62-64
38 代建华,李元香,刘群.粗糙集理论中基于遗传算法的离散化方法.计算机工程与应用,2003(8):13-14
39 张艳,李晓雷,谈小强.基于粗集理论的柴油机磨损模式识别方法.内燃机学报,2001,(4):373-376
40陈遵德Rough Set神经网络智能系统及其应用.模式识别与人工智能1999,12(1):1-5
41 李增芳.基于人工智能和虚拟仪器技术的发动机故障诊断专家系统研究.浙江大学博士学位论文,2004
42 赵显桥,曹欣玉,兰泽全等.基于粗集理论的煤灰结渣模糊综合评判权系数确定方法研究.煤炭学报,2004,29(2):222-225
43 于达仁,胡清华,鲍文.融合粗糙集和模糊聚类的连续数据知识发现.中国电机工程学报,2004,24(6):205-210
44 耿骞.信息系统分析与设计.高等教育出版社,2001
45 姜启源.数学模型.高等教育出版社,1993
46 张维明.信息系统建模.电子工业出版社,2002
47 Mark Sweiger, Mark R. Madsen, Jimmy Langston, Howard Lombard.陆昌辉等译.点击流数据仓库.电子工业出版社,2004
48 苏新宁.数据挖掘理论与技术.科学技术文献出版社,2003
49 Tom Soukup, Ian Davidson.朱建秋等译.可视化数据挖掘:数据可视化和数据挖掘的技术与工具.电子工业出版社,2004
50唐泽圣.三维数据场可视化清华大学出版社,1999
51 韩祯祥,张琦,文福拴.粗糙集理论及其应用.信息与控制,1998,27(1):37-45
52赵显桥,曹欣玉,兰泽全等.基于粗集理论的煤灰结渣模糊综合评判权系数确定方法研究.煤炭学报,2004,29(2):222-225
53 于达仁,胡清华,鲍文.融合粗糙集和模糊聚类的连续数据知识发现.中国电机工程学报,2004,24(6):205-210
54郑建国,程曾平,周明全.智能化数据挖掘方法综述.湖北汽车工业学院学报,2004(1):52-56
55 周宁,杨峰,刘玮.数字图书馆可视化接口方法探讨.中国图书馆学报,2004,30(4):62-66
56耿增民,刘万春,朱玉文,杨静.Web数据挖掘中的数据预处理和后处理.中国工人智能学会第11届全国学术年会论文集(上册):中国人工智能进展,2005:216-220
57何芳,张李义.信息系统开发过程的风险评价.武汉水利电力人学学报,1999(5):110-112
58郝晓玲,胡克理.信息安全评估方法与应用研究.情报杂志,2003(2):54-55
59 马超群,李红权.VaR方法及其在中国金融风险管理中的应用.系统工程,2000(2):56-59
60 李德杰.Web数据挖掘工具及其在电子商务中的应用.微计算机应用,2002(7):180
61 刘芳,戴葵,王志英.基于概率统计的系统安全性定量评估技术研究.计算机工程,2004(9):18-21
62朱仁芝,胡红专,胡延平.微机绘图基础.中国科技大学出版社,1996
63孙家广,陈玉健,幸凯宁.计算机辅助几何造型技术.清华大学出版社,1990
64 田捷,袁国平,文四立,常红星.实用计算机辅助二维绘图与三维造型.电子工业出版社,1994
65 林雪纲,钱桂球,孙巍,许榕生一种分布式信息系统生存性分析管理平台.中国计算机安全论坛2004年征文入选论文集,2004
66 郑成兴.基于FSM模型的信息系统生存性计算.计算机工程与应用,2007,43(2):140
67关于加强银行计算机安全,防范金融计算机犯罪若干问题的决定.中银发(2000)12号文
68刘芳.信息系统安全评估理论及其关键技术研究.国防科技大学博士学位论文,2005
69 吴世忠,罗建中.信息安全产品和信息系统安全的测评与认证.国家信息安全测评认证中心,2001
70 陆浪如.信息安全评估标准的研究与信息安全系统的设计.解放军信息工程大学博士学位论文,2001
71 戴宗坤,罗万伯等.信息系统安全.电子工业出版社,2002
72 Ethridge D.应用经济学研究方法论.中国人民大学出版社,1998
73戴葵.神经网络实现技术.国防科技大学出版社,1998
74李荣钧.模糊多准则决策理论与应用.科学出版社,2002(2):138-200
75 邱苑华.管理决策与应用数学.机械工业出版社,2002
76 陈守煌.工程模糊集理论与应用.国防工业出版社,1998
77卫成业.信息安全风险评估模型.网络安全技术和应用,2002(4):10-15
78陈德泉,林则夫.基于Poisson分布的信息安全风险评估.中国管理科学,2003(10)
79 林则夫.信息技术投资的风险评估及投资决策研究.中国科学技术大学博士学位论文,2004
80吴怀孔.投资的风险分析方法.生产率系统2003(1):25-27
81 陈守煌.系统模糊决策理论与应用.大连理工大学出版社,1994
82何清,史忠植,任力安.基于超曲面的多类分类方法.系统工程理论与实践2003(3)
83宋如顺.基于SSE-CMM的信息系统安全风险评估.计算机应用研究,2000(11):12-14
84虞晓芬,王初牧资产评估.清华大学出版社,2004:144-151
85 余肖生,周宁,张芳芳.基于KNN的图像自动分类模型研究.中国图书馆学报,2007(1):74-76
86余肖生,周宁,张芳芳.高维数据可视化方法研究情报科学,2007(1):117-120
87杨峰.信息可视化系统框架与关键技术研究.武汉大学博士学位论文,2006
88 余肖生.可视化Web挖掘及其关键技术研究.武汉大学博士学位论文,2007
89 宏伟,张维.信用风险的动态测量方法.南开管理评论,2001(1):3641
90 李小满.面向对象的安全评估方法及若干评估技术指标的构建.中科院软件研究所硕士学位论文,2004
91 洪宏.CC标准及相关风险评价系统关键技术研究.西安电子科技大学硕士学位论文,2004
1 DA. Keim. Information visualization and visual data mining. IEEE Trans. Visualization and Computer Graphics,2002,8(1):1-8
2 Gregory T. Grocholski, and Anthony Noble. Top Business/Technology Issues Survey Results. ISACA, USA,2008
3 Intenrational Standards Organization, Common Criteria for Information Technology Security Evaluation (CC) version 2.1. International Standards Organization Intenrational Standard 15408,2000-1-31
4 SSE-CMM Model Descirption Document Version 2.0. http://www.sse-emm.org,1999
5 International Organization for Standardization. Code of Practice for Information Secuirty Management. ISO/IEC 17799:2000.2000(12)
6 Intenrational Organization for Standardization. ISO/IEC TR 13335. Guidelines for the Management of IT Secuirty (GMITS).1996-2001
7 Federal Agency for Security in Information Technology, IT-Baseline Protection Manual Standard Security Measures Version:October 2000. London:BSI,2000
8 Ron R, Marianne S. NIST Special Publication 800-37:Guide for the Security Certificaiton and Accreditation. Washington:U.S. Department of Commerce,2000(5)
9 Mehmed Kantardzic. Data Mining:Concepts, Models, Methods, and Algorithms. IEEE Press,2002:308
10 Swain A D, Guttmann H E. Handbook of Human Reliability Analysis with Emphasiso on Nuclear Power Plant Appilcaiton. Nuclear Regulatory Commission, Washington D C,1983
11 Stoneburner, G., A. Goguen, et al. Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, Special Publication 800-30,2001
12 Marios. Information System and it and Control Association. CISA Review Manual 2005
13 Marianne S. NIST Special Publication 800-26:Security Self-Assessment Guide for Information Technology Systems. Washington:U.S. Department of Commerce,2001(11)
14 Pauline B, Joan H, Marianne S. NIST Special Publication 800-18:Guide for Developing Security Plans for Federal Information Systems, Revision 1. Washington:U.S. Department of Commerce,2005(8)
15 Information technology-Security technique-Gruidelines for the managment of IT secuirty (GMITS)-Part3:Techniques for the management of IT security. ISO JEC1TC1/SC27 N1845,1997(12)
16 Hannaman G W. Human Congnitive Reliabiilty Model for PRA Analysis. NUS4531, NUS Corp., San Diego, CA.1984
17 The National Institute of Standards and Technology (NIST), http://www.nist.gov
18 C&A Systems Secuirty:The COBRA Risk Consultant MethodologyTM,1999(7)
19 CCRARiskAnalysis and Management Method (CRAMM). http://www.cramm.com,1985
20 Cost-of-Risk Analysis (CORA), International Security Technology Inc, http://www.ist-usa.com
21 Ketil Stolen. Model-based risk assessment-the COBAS approach. In Proc. the 1st iTrust Workshop, G lasgow,2002(9)
22 NIST. Federal Information Processing Standards Publication 65:Guidelines for Automatic Data Processing Risk Analysis,1975
23 United States General Accounting Office. Information Security Risk Assessment-Practices of Leading Organizations-Case Study 3. GAO/AIMD-00-33,1999
24 Gary S, Ailce G, Alexis F. Risk Management Guide for Information Technology Systems. NIST SP-800-30,2001
25 United States General Accounting Office. Information Security Risk Assessment-Practices of Leading Organizations, Exposure Draft,1999(8)
26 British Standards Institute. BS 7799:Code of Practice for Information Security Management,1999
27 David B.Risk Assessment Models and Evolving Approaches.http://www.gammassl.co.uk
28 COBRA Risk Consultant. The New Era in Security Risk Management. http://www.securitypolicy.co.uk/riskanalysis/risk.htm
29 Thomas R P. Information Security Risk Analysis. New York:Auerbach Publications,1997
30 Will O. Information Risk Analysis, Assessment and Management. http://www.theiia.org/itauid
31 Palisade Asia-Pacific. Risk analysis in@ RISK, http://www.palisade.com/btmUrisk.asp
32 Verd'u S. Fifty years of Shannon theory. IEEE Transaction on Information Theory,1998,44(6): 2057-2078
33 Shannon C.E. A mathematical theory of communication. Bell Syst. Tech. J,1998,27:379-423,623-656
34 Shannon C.E. Communication in the presence of noise. Proc. IRE,1999,37:10-21
35 Moitra S D, Konda S L.A simulation model for managing survivability of networked information systems, CMU/SEI-2000-TR-020
36 Jha S, Wing J, linger R, et al. Survivability analysis of network specifications. International Conference on Dependable Systems and Networks (DSN 2000). New York,2000(6)
37 Krings A W, Azadmanesh M H. A graph based model for survivability analys. UI-CS-TR-02-D24,2004
38 Gao Zhi-xing, Ong C H, Tan W K. Survivability assessment:modeling dependencies in information systems. Proceeding of 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002). Vancouver, BC Canada.2001:15-17
39 linger R, Hevner A, Walton G, et al. Semantic foundations for survivable system analysis and design. Proceedings of the International Conference on Dependable Systems and Networks (DSN-2001). Goteberg. Sweden.2001(7)
40 McDermott J. Attack-potential-based survivability modeling for high-consequence systems. Proceeding of Third IEEE International Workshop on Information Assurance (IWIA05). College Park, 2005:23-24
41 Ellison R, Fisher D, et al. Survivable network systems:an emerging discipline. Technical Report CMU/SE1-97-153,1997(11)
42 Ellison R J, Linger R C, et al., A case study in survivable network system analysis. Technical Report CMU/SE1-98-TR-014,1998(9)
43 Dougherty E M.Human Teliability Analysis. New York, Wiley-Interscience,1988
44 Hannaman G W. Human Congnitive Reliabiilty M odel for PRA Analysis. NUS4531, NUS Corp., San Diego, CA. 1984
45 Krings A W. Azadmanesh M H. A graph based model for survivability analysis. Technical Report UI-CS-TR-02-024,2004
46 Jha S, Wing J, Linger R, Longstaf T. Survivability analysis of network specifications. Proceeding of International Conference on Dependable Systems and Networks, New York,2000(6):613-622
47 Du Junping, Guo Wensheng. The Study on Multi-Agent Cooperation in An E-business Intermediation Platform. Wuhan, China,2005 International Workshop on SCILJB and Open Source Software Engineering,2005(10):27-29
48 Pawlak Z. Rough sets. International Journal of Information and Computer Science,1982,11(5):314-356
49 Szladow A, Ziarko Z, Rough sets. Working with imperfect data. Al Expert,1993(7)
50 Pawlak Z, Grzymala-Busse J, Slowinski R. Rough sets. Communications of the ACM
51 Jared Jackson, Jussi Myllymaki. Web-based data mining. http://ibm.com,2006-11-2
52 Logging Control in W3C http. http://www.w3.org/Daemon/User/Config/Logging.html#common-logfile-format,2007-3-9
53 W3C Extended Log File Format. http://www.microsoft.com/technet/prodtechnol/windowsserver2003/zh-chs/library/iis/96af216b-e2c0-428 e-9880-95cbd85d90al.mspx?mfr=true,2007-3-9
54 Joiron P. Risk:measuring the risk in Value at Risk. Fi nancial Analysts Jounral,1996(11/12)
55 Frederick H, Gerald L. Introduction to Operations Research. New York:McGraw-Hill. Intenrational Book Company,1990
56 Kim TH, Kim HK A relationship between security engineering and security evaluation. Lecture Notes In Computer Science,2004,3046:717-724
57 Shawn A. Butler. Security Attribute Evaluation Method. Carnegie Mellon University. Doctoral Thesis, 2003(5)
58 Wanner PCH, Weber RE Fault injection tool for network security evaluation. Lecture Notes In Computer Science,2003,2847:127-136
59 Une M, Matsumoto T. A framework to evaluate security and cost of time stamping schemes. IEICE transactions on fundamentals of electronics communications and computer sciences E85A,2002(1): 125-139
60 Powell AM, Jr. SH, Greene G, Miranda J, Kennedy R, Zuzolo PA, et al. INSPECT:A New Tool for Emergency and Consequence Management.Symposium on the F-Scale and Severe-Weather Damage Assessment,2003 Feb 10
61 Kohonen, T. Self-Organized formation of topologically correct feature maps, Biological Cybernetics, 1982,43:59-69
62 Tree mapping. http://en.wikipedia.org/wiki/Treemap 2006-9-20
63 OLIVE, On-line Library of Information Visualization Environments, http://otal.umd.edu/Olive/
64 Samtaney R, Silver D. Visualizing features and tracking their evolution. Computer,1997,27(7):20-27
65 Mackinlay J. Automating the Design of Graphical Presentations of Relational Information. ACM Trans on Graphics,1986,5(2):161-182
66 Card, S.K. and J. Mackinlay. The Structure of the Information Visualization Design Space. Proc. of the IEEE Symposium on Information Visualization,1997
67 Burkhard. R. Towards a Framework and a Model for Knowledge Visualization:Synergies between Information and Knowledge Visualization. Knowledge and information visualization:searching for synergies, Heidelberg, Springer Lecture Notes in Computer Science,2005:238-255
68 Fisher, K. M. Semantic Networking:The New Kid on the Block. Journal of Research in Science Teaching, 2001,27(10):1001-1018
69 Shafer J C, A grawal R, Mehta M. A scalable parallel classifier for data mining. Proc of the 22nd Int.Confon Very Large Databases, Mumbai(Bombay), India,2004
70 Friedman N, Geiger D, Goldszm M. Bayesian network classifier. Machine Learning,1997(1):131-163
71 Powell M J D. Radial basis functions for multivariable interpolation. IMG Conference on Algronthms for the Approximation of Function and Data, UK:shrivenham,1985:143-167
72 Broomhead D S, Lowe D. Multivariate functional interpolation and adaptive networks. Complex Systems, 1988(2):321-355
73 Moody J, Darken C. Fast leanring in networks of locally-tunred processing units. Neural Computation, 1989(1):281-294
74 Johnson P. C, Jackson R. Frictional-collisional constitutive relations for granular material with application to plane shearing. J. Fluid Mech,176(1987):67-93
75 E. Brvnjolfsson, Lorin M Hit:Beyond computation:information technology, organization transformation and business performance. Jounral of Economic Perspectives,2000,14 (4):23-48
76 Enrst & Young. Global Informations ecurity survey.2003
77 Farbey, Barbara, Land, Frank, and Target David:Matching an IT project with an appropriate method of evaluation:A research note on Evaluating investments in IT. Jounral of Information Technology,1994(9): 239-243
78 Finne T. A Conceptual Framework for Information Security Management. Computers and Security,1997, 16(6):469-479
79 Finne T. Information Security Implemented in:the Theory on Stock Market Eficiency. Markowitz Portfolio Theory and Porter's Value Chain, Computers and Security,1998,17(4):303-307
80 Flatto J. The application of real options to the information technology valuation process:A bench mark study. PhD Dissertation, New Haven:Department of Management Systems, University of New Haven, 1996
81 GAO Report. Information Security Risk Assessment-Practices of Leading Organizations. Report 1999, No.AIMD-99-139,1999
82 Michel Benaroch. Option-Based Management of Technology Investment Risk. IEEE Transactions on Engineering Management,2001,48 (4):428-444
83 M. Crouhy, D. Galai, R. Mark. A comparative analysis of current credit risk models. Journal of Banking & Finance 2000(24):59-117
84 J. Semper, I. M. Clemente. Value at Risk calculation through ARCH factor methodology:Proposal and comparative analysis, European Jounral of operational Research,2003,50(3):516-528
85 Kent D. Miller, H. Gregory Waller. Scenarios, Real Options and Integrated Risk Management, Long Range Planning,2003(36):93-107
86 Frank J G, Carol S, Ali M. QRAS-The Quantitative Risk Assessment System. Porceedings Annual Reilability and MaintainabilitySymposium,2002
87 Christopher A, Audrey D. Managing Information Security Risks:The OCTAVE Approach. Pearson Education Inc,2003
88 Aslam T. Use of a Taxonomy of Security Faults. Proceedings of the Nineteenth NIST-NCSC National Information Systems Security Conference,1996:551-560
89 Howard J. An Analysis of Security Incidents on the Internet.1989-1995:PhD thesis, Department of Engineering and Public Policy, Camegie Mellon University, Pittsburgh, Pennsylvania,1997
90 Kumar S. Classification and Detection of Computer Intrusions. PhD thesis, Department of Computer Science, Purdue University, West Lafayette, Indiana,1995
91 lackey R. Penetration of computer systems:An overview. Honeywell Computing Journal,1974,8(2): 81-85
92 Landwehr C. ATaxonomy of Computer Program Security Flaws. ACM Computing Surveys,1994,26(3): 211-254
93 Lindgvist U, Jonsson E. How to Systematically Classify Computer Security. Proceedings of the IEEE Symposium on Security and Privacy,1997:154-163
94 Michael H, David L. Writing Secure Code. Microsoft Press, One Microsoft Way, WA:Redmond,2002
95 mi2g. Technical report:Windows regains mantle of most vulnerable OS. mi2g.com,2002(8)
96 John M, Robert V. Technical report, Software Engineering Baselines. Data and Analysis Center for Software,1996(7)
97 Reasoning. How Open Source and Commercial Software Compare. Technical report, Reasoning Inc., 2003(2)
98 John M, Robert V. Software Engineering Baselines. Technical report, Data and Analysis Center for Software, NY:Rome Laboratory,1996(7)
99 Reasoning. How Open Source and Commercial Software Compare. Technical report, Reasoning Inc., 2003(2)
100 John D M, Anthony I, Kazuhira O. Software reliability:measurement, prediction, application. McGraw Hill Softwaer Engineering Series, Professional edition,1990
101 Intenret Security Strategies. X-Force database. http://www.iss.net/security_center,2002
102 National Institute of Standards and Technology(NIST). ICAT Metabase. http://icat.nist.gov,2002
103 Security Focus. Security Focus Online Vulnerability Database. http://online.securityfocus.com
104 Carl E L, Alan R B, John P M, William S C. A Taxonomy of Computer Program Security. ACM Computing Surveys (CSUR).1994,26(3):211-254
105 Matt B. How Attackers Break Programs and How to Write Programs More Securely System Administration. Networking and Security (SANS). Baltimore,2000(5)
106 Jason I. Hong, Jennifer D. Ng, Scot Lederer, James A. Landay. Privacy Risk Models for Designing Pirvacy-Sensitive Ubiquitous Computing Systems. DIS2004, August 1-4,2004, Cambridge, Massachusetts, USA, ACM 1-58113-787-7/04/0008
107 Takenaka M, Shimoyama T, Koshiba T. Theoertical analysis of (2) (X) attack on RC6. IEICE Transactions on fundamentals of electronics communications and computer sciences 2004, e87a(1): 28-36
108 Unlocking Value:An Executive Primer on the Critical Role of IT Governance.2008 IT Governance Institute,2008(9)
109 Understanding How Business Goals Drive IT Goals.2008 IT Governance Institute,2008(9)
2林雪纲,许榕生,熊华,朱淼良一种信息系统生存性的量化分析框架.电子与信息学报,2006(9):1721
1 Gregory T. Grocholski, and Anthony Noble. Top Business/Technology Issues Survey Results. ISACA, USA,2008
1范红.信息安全风险评估规范国家标准理解与实施.中国标准出版社,2008:2
1 Intenrational Organization for Standardization. ISO/EC TR 13335. Guidelines for the Management of IT Secuirty (GMTS). 1996-2001
2 International Organization for Standardization. Code of Practice for Information Secuirty Management. ISO/IEC 17799:2000. 2000(12)
Intenrational Standards Organization, Common Criteria for Information Technology Security Evaluation(CC) version 2.1. International Standards Organization International Standard 15408.2000-1-31
4 SSE-CMM Model Descirption Document Version 2.0. http://www.sse-emm.org,1999
1 Federal Agency for Security in Information Technology, IT-Baseline Protection Manual Standard Security Measures Version: October 2000. London:BSI,2000
1 Mehmed Kantardzic. Data Mining:Concepts, Models, Methods, and Algorithms. IEEE Press,2002:308
2王英梅等.信息安全风险评估.龟子工业出版社,2007:19
3 Swain A D, Guttmann H E. Handbook of Human Reliability Analysis with Emphasiso on Nuclear Power Plant Appilcation. Nuclear Regulatory Commission, Washmgton D C,1983
1 Stoneburner, G., A. Goguen, et al. Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, Special Publication 800-30,2001
1 Marios. Information System and it and Control Association. CISA Review Manual 2005
1 Marianne S. NIST Special Publication 800-26:Security Self-Assessment Guide for Information Technology Systems. Washington:U.S. Department of Commerce,2001(11)
2 Puline B, Joan H, Marianne S. NIST Special Publication 800-18:Guide for Developing Security Plans for Federal Information Systems, Revision 1. Washington:U.S. Department of Commerce,2005(8)
1 Verdu S. Fifty years of Shannon theory. IEEE Transaction on Information Theory,1998,44(6):2057-2078
1 Shannon C.E. A mathematical theory of communication. Bell Syst. Tech. J,1948,27:379-423,623-656
Shannon C.E. Communication in the presence of noise. Proc. IRE,1949,37:10-21
3钟义信.信息科学原理(第3版).北京邮电大学出版社,2002
4 Moitra S D. Konda S L. A simulation model for managing survivability of networked information systems, CMU/SEI-2000-TR-020
Jha S, Wing J, linger R, et al. Survivability analysis of network specifications. International Conference on Dependable Systems and Networks (DSN 2000). New York,2000(6)
6 Krings A W, Azadmanesh M H. Agraph based model for survivability analys. UI-CS-TR-02-D24,2004 Gao Zhi-xing, Ong C H, Tan W K. Survivability assessment:modeling dependencies in information systems. Proceeding of 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002). Vancouver, BC Canada. 2001:15-17
Linger R, Hevner A, Walton G, et al. Semantic foundations for survivable system analysis and design. Proceedings of the International Conference on Dependable Systems and Networks (DSN-2001). Goteberg. Sweden.2001(7)
9 McDermott J. Attack-potential-based survivability modeling for high-consequence systems. Proceeding of Third IEEE International Workshop on Information Assurance (IWIA05). College Park,2005:23-24
10郭渊博,马建峰.分布式系统中服务可生存性的定量分析.同济大学学报,2002,30(10):1190-1193
11 Ellison R, Fisher D, et al., Survivable network systems:an emerging discipline. Technical Report CMU/SE1-97-153,1997(11)
12林雪纲,许榕生,熊华,朱淼良.一种信息系统生存性的量化分析框架.电子与信息学报,2006(9):1721
1 Ellison R J, Linger R C, et al. A case study in survivable network system analysis. Technical Report CMU/SE1-98-TR-014, 1998(9)
2郭渊博,马建峰.分布式系统中服务可生存性的定量分析.同济大学学报,2002,30(10):1190-1193
1 Krings A W. Azadmanesh M H. Agraph based model for survivability analysis. Technical Report UI-CS-TR-02-024,2004
2 Jha S, Wing J, Linger R, Longstaf T. Survivability analysis of network specifications. Proceeding of International Conference on Dependable Systems and Networks, New York,2000(6):613-622
刘普寅,吴孟达.模糊理论及其应用.国防科技大学出版社,1998(1)
1 Du Junping, Guo Wensheng. The Study on Multi-Agent Cooperation in An E-business Intermediation Platform. Wuhan, China, 2005 International Workshop on SCILIB and Open Source Software Engineering,2005(10):27-29
1王景,刘良栋,王作义.组合预测方法的现状和发展.预测,1997(6):37-38
2程佚.常用预测方法及评价综述.四川师范大学学报(自然科学版),2002,25(1):70-72
3张文修,吴伟志,梁吉业等.粗糙集理论与方法.科学技术出版社,2001
4钟波,肖智,周家启.组合预测中基于粗糙集理论的权值确定方法.重庆大学学报,2002,25(7):127-130
3 Pawlak Z. Rough sets. International Journal of Information and Computer Science,1982,11(5):314-356
6 Szladow A, Ziarko Z, Rough sets. Working with imperfect data.AI Expert,1993(7)
7 Pawlak Z, Grzymala-Busse J, Slowinski R. Rough sets. Communications of the ACM
8韩祯祥,张琦,文福拴.粗糙集理论及其应用.信息与控制,1998,27(1):37-45
1赵显桥,曹欣玉,兰泽全等.基于粗集理论的煤灰结渣模糊综合评判权系数确定方法研究.煤炭学报,2004,29(2):222-225
2于达仁胡清华,鲍文.融合粗糙集和模糊聚类的连续数据知识发现.中国电机工程学报,2004,24(6):205-210
1 Ketil Stolen. Model-based risk assessment-the COBAS approach. In Proc. the 1st iTrust Workshop, G lasgow,2002(9)
1王胜利.影响图理论和应用的研究.北京航空航天大学博士学位论文,1991
2 Information technology-Security technique-Gruidelines for the managment of IT secuirty (GMTTS)-Part3:Techniques for the management of IT security. ISO JEC1 TC1/SC27 N1845,1997.12
3 Hannaman G W. Human Congnitive Reliability Model for PRA Analysis. NUS-4531, NUS Corp., San Diego, CA.1984
4 The National Institute of Standards and Technology (NIST), http://www.nist.gov
1 C&A Systems Secuirty:The COBRA Risk Consultant MethodologyTM,1999(6)
2 CCRA RiskAnalysis and Management Method (CRAMM). http://www.cramm.com,1985
3 Cost-of-RiskAnalysis (CORA). International Security Technology Inc, http://wwwist-usa.com
4 Ketil Stolen. Model-based risk assessment-the COBAS approach. In Proc. the 1st iTrust Workshop, G lasgow,2002(9)
5 NIST. Federal Information Processing Standards Publication 65:Guidelines for Automatic Data Processing Risk Analysis,1975
6 United States General Accounting Office. Information Security Risk Assessment-Practices of Leading Organizations-Case Study 3. GAO/AIMD-00-33.1999
7 Gary S, Ailce G, Alexis F. Risk Management Guide for Information Technology Systems. NIST SP-800-30,2001
8 United States General Accounting Office. Information Security Risk Assessment-Practices of Leading Organizations, Exposure Draft,1999(8)
9 British Standards Institute. BS 7799:Code of Practice for Information Security Management,1999
10 David B. Risk Assessment Models and Evolving Approaches. http://www.gammassl.co.uk
2 Information technology-Security technique-Guidelines for the management of IT security (GMITS)-Part 3:Techniques for the management of IT security. ISO/TEC JTC1/SC27 N1845,1997(12)
COBRA Risk Consultant. The New Era in Security Risk Management. http://www.securitypolicy.co.uk/riskanalysis/risk.htm
3 Thomas R P. Information Security Risk Analysis. New York:Auerbach Publications,1997
1 Will O. Information Risk Analysis, Assessment and Management. http://www.theiia.org/itauid 2 Palisade Asia-Pacific. Risk analysis in@RISK, http://www.palisade.com/btmUrisk.asp
1数据挖掘http://www.intsci.ac.cn/dm/kdd.html.2006-10-31
2林杰斌刘明德陈湘.数据挖掘与OLAP理论与实务.清华大学出版社2003
3郑建国,程曾平,周明全.智能化数据挖掘方法综述湖北汽车工业学院学报,2004(1):52-56
4武森.高维稀疏聚类知识发现.冶金工业出版社,2003:12-17
1耿增民,刘万春,朱玉文,杨静.Web数据挖掘中的数据预处理和后处理中国工人智能学会第11届全国学术年会论文集(上册),中国人工智能进展,2005:216-220
2 Jared Jackson, Jussi Myllymaki. Web-based data mining, http://ibm.com,2006-11-2
Mark Sweiger, Mark R. Madsen, Jimmy Langston, Howard Lombard.点击流数据仓库.电子工业出版社.2004:28-82
2 Logging Control in W3Chttp.http://www3.org/Daemon/User/Config/Logging.html#common-logfile-format, 2007-3-9
1陈宝树,党齐民.Web数据挖掘中的数据预处理.计算机工程,2002(7):125-127
2方成效,袁可风Web日志挖掘的数据预处理研究.计算机与现代化2006(4):79-81
3 Gordon S. Linoff, Michael, J. A. Berry. Web数据挖掘:将客户数据转化为客户价值.电子工业出版社,2004;32-38
1王英梅,王胜开,陈国顺,程湘云.信息安全风险评估.电子工业出版社,2007:19
1 Aslam T. Use of a Taxonomy of Security Faults. Proceedings of the Nineteenth NIST-NCSC National Information Systems Security Conference,1996:551-560
2 Howard J. An Analysis of Security Incidents on the Internet.1989-1995:PhD thesis, Department of Engineering and Public Policy, Camegie Mellon University, Pittsburgh, Pennsylvania,1997
3 Kumar S. Classification and Detection of Computer Intrusions. PhD thesis, Department of Computer Science, Purdue University, West Lafayette, Indiana,1995
4 Iackey R. Penetration of computer systems:An overview. Honeywell Computing Journal,1974,8(2):81-85
5 Landwehr C. A Taxonomy of Computer Program Security Flaws. ACM Computing Surveys,1994,26(3):211-254
6 Lindgvist U, Jonsson E. How to Systematically Classify Computer Security. Proceedings of the IEEE Symposium on Security and Privacy,1997:154-163
1 mi2g. Technical report, Windows regains mantle of most vulnerable OS. mi2g.com,2002(8)
John M, Robert V. Technical report, Software Engineering Baselines. Data and Analysis Center for Software,1996(7) Reasoning. How Open Source and Commercial Software Compare. Technical report, Reasoning Inc.,2003(2)
3 John M, Robert V. Software Engineering Baselines. Technical report, Data and Analysis Center for Software, NY:Rome Laboratory,1996(7)
4 Reasoning. How Open Source and Commercial Software Compare. Technical report, Reasoning Inc.,2003(2)
5 John D M, Anthony I, Kazuhira O. Software reliability:measurement, prediction, application. McGraw Hill Softwaer Engineering Series, Professional edition,1990
6 Intenret Security Strategies. X-Force database. http://www.iss.net/security center,2002
1马超群,李红权.VaR方法及其在中国金融风险管理中的应用.系统工程,2000,(2):56-59
2 Joiron P. Risk:measuring the risk in Value at Risk. Fi nancial Analysts Journal,1996(11/12)
1李德杰.Web数据挖掘工具及其在电子商务中的应用.微计算机应用,2002(7):180
1林雪纲,钱桂球,孙巍许榕生一种分布式信息系统生存性分析管理平台.中国计算机安全论坛2004年征文入选论文集,2004
1郑成兴.基于FSM模型的信息系统生存性计算.计算机工程与应用,2007,43(2):140
1 Kim TH, Kim HK. A relationship between security engineering and security evaluation. Lecture Notes In Computer Science, 2004,3046:717-724
2 Shawn A. Butler. Security Attribute Evaluation Method. Carnegie Mellon University. Doctoral Thesis,2003(5)
1 Wanner PCH, Weber RE Fault injection tool for network security evaluation. Lecture Notes In Computer Science,2003,2847: 127-136
1 Une M, Matsumoto T. A framework to evaluate security and cost of time stamping schemes. IEICE transactions on fundamentals of electronics communications and computer sciences E85A,2002(1):125-139
1候利娟,王国胤,聂能粗糙集理论中的离散化问题计算机科学,2000,27(12):89-94
2凌方,王建东.一种连续属性离散化的新方法.数据采集与处理,2002,17(2):179-182
3安利平,全凌云.粗糙集理论中一种属性离散化算法.河北工业大学学报,2002,31(3):39-43
4徐如燕,鲁汉榕,郭齐胜.基于信息论的连续属性离散化.计算机工程与设计,2002,23(2):62-64
5代建华,李元香,刘群.粗糙集理论中基于遗传算法的离散化方法.计算机工程与应用,2003(8):13-14
1张艳李晓雷,谈小强基于粗集理论的柴油机磨损模式识别方法.内燃机学报,2001,(4):373-376
2陈遵德Rough Set神经网络智能系统及其应用.模式识别与人工智能1999,12(1):1-5
3李增芳.基于人工智能和虚拟仪器技术的发动机故障诊断专家系统研究.浙江大学博士学位论文,2004
4赵显桥,曹欣玉,兰泽全等.基于粗集理论的煤灰结渣模糊综合评判权系数确定方法研究.煤炭学报,2004,29(2):222-225
5于达仁胡清华,鲍文.融合粗糙集和模糊聚类的连续数据知识发现.中国电机工程学报,2004,24(6):205-210
1 Frederick H, Gerald L. Introduction to Operations Research. New York:McGraw-Hill. Intenrational Book Company,1990
1朱仁芝,胡红专,胡延平.微机绘图基础.中国科技大学出版社,1996
2孙家广,陈玉健幸凯宁.计算机辅助几何造型技术.清华大学出版社,1990
3田捷,袁国平,文四立,常红星.实用计算机辅助二维绘图与三维造型.电子工业出版社,1994
1关于加强银行计算机安全,防范金融计算机犯罪若干问题的决定.中银发(2000)12号文
1 Mark Sweiger, Mark R. Madsen, Jimmy Langston, Howard Lombard.点击流数据仓库.电子工业出版社,2004:28-822 W3C Extended Log File Format. http://www.micosoft.com/technet/prodtechnol/windowsserver2003/zh-chs/library/iis/96af216b-e2c0-428e-9880-95cbd85d90al.ms px?mfr=true,2007-3-9
1 林杰斌,刘明德,陈湘.数据挖掘与OLAP理论与实务.清华大学出版社,2003
2 林雪纲,许榕生,熊华,朱淼良.一种信息系统生存性的量化分析框架.电子与信息学报,2006(9):1721
3 Richard Saub Wurman.信息饥渴—信息选择、表达与透析.电子工业出版社,2001
4 范红.信息安全风险评估规范国家标准理解与实施.中国标准出版社,2008:2
5 王英梅,王胜开,陈国顺,程湘云.信息安全风险评估.电子工业出版社,2007:19
6王胜利.影响图理论和应用的研究.北京航空航天大学博士学位论文,1991
7 钟义信.信息科学原理(第3版).北京邮电大学出版社,2002
8郭渊博,马建峰.分布式系统中服务可生存性的定量分析.同济大学学报,2002,30(10):1190-1193
9 刘普寅,吴孟达.模糊理论及其应用.国防科技大学出版社,1998(1)
10 毕强,杨文祥.网络信息资源开发与利用.科学出版社,2002
11 Gordon S. Linoff, Michael, Berry, JA沈钧毅等译.Web数据挖掘:将客户数据转化为客户价值.电子工业出版社,2004
12 毛国君.数据挖掘原理与算法.清华大学出版社,2005
13 周宁,张玉峰,张李义.信息可视化与知识检索.科学出版社,2005
14 周宁.信息资源数据库(第2版).武汉大学出版社,2006
15周宁.信息组织(第2版).武汉大学出版社,2004
16 马费成,胡翠华,陈亮.信息管理学基础.武汉大学出版社,2002
17 钟义信.信息科学原理(第3版).北京邮电大学出版社,2002
18武森.高维稀疏聚类知识发现.冶金工业出版社,2003
19 Charles F. Goldfarb, Paul Prescod.张利,王显著译.XML实用技术.清华大学出版社,1999
20 Peter G.AitKen.谢君英译.微软XML技术指南.中国电力出版社,2003
21 何晓群.多元统计分析.中国人民大学出版社,2004
22 秦寿康.综合评价原理与应用.电子工业出版社,2003
23 马振华.现代应用数学手册(概率统计与随机过程卷).清华大学出版社,2000
24方开泰.实用多元统计分析.华东师范大学出版社,1989
25 王继成.一个基于模糊神经网络的模式分类系统.计算机研究与发展,2003(1):26-30
26 徐爱琴.基于神经网络的分类决策树构造.计算机工程与应用,2000(10):4345
27 朱大奇.人工神经网络研究现状及其展望.江南大学学报,2004(1):103-110
28郝先臣,张德干.用于电子商务中的数据挖掘技术研究.小型微型计算机系统,2001(7):785-788
29王永庆.人工智能原理与方法.西安交通大学出版社,1998
30 王景,刘良栋王作义.组合预测方法的现状和发展.预测,1997(6):37-38
31 程佚.常用预测方法及评价综述.四川师范大学学报(自然科学版),2002,25(1):70-72
32 张文修,吴伟志,梁吉业等.粗糙集理论与方法.科学技术出版社,2001
33 钟波,肖智,周家启.组合预测中基于粗糙集理论的权值确定方法.重庆大学学报,2002,25(7):127-130
34 候利娟,王国胤,聂能.粗糙集理论中的离散化问题.计算机科学,2000,27(12):89-94
35 凌方,王建东.一种连续属性离散化的新方法.数据采集与处理,2002,17(2):179-182
36 安利平,全凌云.粗糙集理论中一种属性离散化算法.河北工业大学学报,2002,31(3):39-43
37 徐如燕,鲁汉榕,郭齐胜.基于信息论的连续属性离散化.计算机工程与设计,2002,23(2):62-64
38 代建华,李元香,刘群.粗糙集理论中基于遗传算法的离散化方法.计算机工程与应用,2003(8):13-14
39 张艳,李晓雷,谈小强.基于粗集理论的柴油机磨损模式识别方法.内燃机学报,2001,(4):373-376
40陈遵德Rough Set神经网络智能系统及其应用.模式识别与人工智能1999,12(1):1-5
41 李增芳.基于人工智能和虚拟仪器技术的发动机故障诊断专家系统研究.浙江大学博士学位论文,2004
42 赵显桥,曹欣玉,兰泽全等.基于粗集理论的煤灰结渣模糊综合评判权系数确定方法研究.煤炭学报,2004,29(2):222-225
43 于达仁,胡清华,鲍文.融合粗糙集和模糊聚类的连续数据知识发现.中国电机工程学报,2004,24(6):205-210
44 耿骞.信息系统分析与设计.高等教育出版社,2001
45 姜启源.数学模型.高等教育出版社,1993
46 张维明.信息系统建模.电子工业出版社,2002
47 Mark Sweiger, Mark R. Madsen, Jimmy Langston, Howard Lombard.陆昌辉等译.点击流数据仓库.电子工业出版社,2004
48 苏新宁.数据挖掘理论与技术.科学技术文献出版社,2003
49 Tom Soukup, Ian Davidson.朱建秋等译.可视化数据挖掘:数据可视化和数据挖掘的技术与工具.电子工业出版社,2004
50唐泽圣.三维数据场可视化清华大学出版社,1999
51 韩祯祥,张琦,文福拴.粗糙集理论及其应用.信息与控制,1998,27(1):37-45
52赵显桥,曹欣玉,兰泽全等.基于粗集理论的煤灰结渣模糊综合评判权系数确定方法研究.煤炭学报,2004,29(2):222-225
53 于达仁,胡清华,鲍文.融合粗糙集和模糊聚类的连续数据知识发现.中国电机工程学报,2004,24(6):205-210
54郑建国,程曾平,周明全.智能化数据挖掘方法综述.湖北汽车工业学院学报,2004(1):52-56
55 周宁,杨峰,刘玮.数字图书馆可视化接口方法探讨.中国图书馆学报,2004,30(4):62-66
56耿增民,刘万春,朱玉文,杨静.Web数据挖掘中的数据预处理和后处理.中国工人智能学会第11届全国学术年会论文集(上册):中国人工智能进展,2005:216-220
57何芳,张李义.信息系统开发过程的风险评价.武汉水利电力人学学报,1999(5):110-112
58郝晓玲,胡克理.信息安全评估方法与应用研究.情报杂志,2003(2):54-55
59 马超群,李红权.VaR方法及其在中国金融风险管理中的应用.系统工程,2000(2):56-59
60 李德杰.Web数据挖掘工具及其在电子商务中的应用.微计算机应用,2002(7):180
61 刘芳,戴葵,王志英.基于概率统计的系统安全性定量评估技术研究.计算机工程,2004(9):18-21
62朱仁芝,胡红专,胡延平.微机绘图基础.中国科技大学出版社,1996
63孙家广,陈玉健,幸凯宁.计算机辅助几何造型技术.清华大学出版社,1990
64 田捷,袁国平,文四立,常红星.实用计算机辅助二维绘图与三维造型.电子工业出版社,1994
65 林雪纲,钱桂球,孙巍,许榕生一种分布式信息系统生存性分析管理平台.中国计算机安全论坛2004年征文入选论文集,2004
66 郑成兴.基于FSM模型的信息系统生存性计算.计算机工程与应用,2007,43(2):140
67关于加强银行计算机安全,防范金融计算机犯罪若干问题的决定.中银发(2000)12号文
68刘芳.信息系统安全评估理论及其关键技术研究.国防科技大学博士学位论文,2005
69 吴世忠,罗建中.信息安全产品和信息系统安全的测评与认证.国家信息安全测评认证中心,2001
70 陆浪如.信息安全评估标准的研究与信息安全系统的设计.解放军信息工程大学博士学位论文,2001
71 戴宗坤,罗万伯等.信息系统安全.电子工业出版社,2002
72 Ethridge D.应用经济学研究方法论.中国人民大学出版社,1998
73戴葵.神经网络实现技术.国防科技大学出版社,1998
74李荣钧.模糊多准则决策理论与应用.科学出版社,2002(2):138-200
75 邱苑华.管理决策与应用数学.机械工业出版社,2002
76 陈守煌.工程模糊集理论与应用.国防工业出版社,1998
77卫成业.信息安全风险评估模型.网络安全技术和应用,2002(4):10-15
78陈德泉,林则夫.基于Poisson分布的信息安全风险评估.中国管理科学,2003(10)
79 林则夫.信息技术投资的风险评估及投资决策研究.中国科学技术大学博士学位论文,2004
80吴怀孔.投资的风险分析方法.生产率系统2003(1):25-27
81 陈守煌.系统模糊决策理论与应用.大连理工大学出版社,1994
82何清,史忠植,任力安.基于超曲面的多类分类方法.系统工程理论与实践2003(3)
83宋如顺.基于SSE-CMM的信息系统安全风险评估.计算机应用研究,2000(11):12-14
84虞晓芬,王初牧资产评估.清华大学出版社,2004:144-151
85 余肖生,周宁,张芳芳.基于KNN的图像自动分类模型研究.中国图书馆学报,2007(1):74-76
86余肖生,周宁,张芳芳.高维数据可视化方法研究情报科学,2007(1):117-120
87杨峰.信息可视化系统框架与关键技术研究.武汉大学博士学位论文,2006
88 余肖生.可视化Web挖掘及其关键技术研究.武汉大学博士学位论文,2007
89 宏伟,张维.信用风险的动态测量方法.南开管理评论,2001(1):3641
90 李小满.面向对象的安全评估方法及若干评估技术指标的构建.中科院软件研究所硕士学位论文,2004
91 洪宏.CC标准及相关风险评价系统关键技术研究.西安电子科技大学硕士学位论文,2004
1 DA. Keim. Information visualization and visual data mining. IEEE Trans. Visualization and Computer Graphics,2002,8(1):1-8
2 Gregory T. Grocholski, and Anthony Noble. Top Business/Technology Issues Survey Results. ISACA, USA,2008
3 Intenrational Standards Organization, Common Criteria for Information Technology Security Evaluation (CC) version 2.1. International Standards Organization Intenrational Standard 15408,2000-1-31
4 SSE-CMM Model Descirption Document Version 2.0. http://www.sse-emm.org,1999
5 International Organization for Standardization. Code of Practice for Information Secuirty Management. ISO/IEC 17799:2000.2000(12)
6 Intenrational Organization for Standardization. ISO/IEC TR 13335. Guidelines for the Management of IT Secuirty (GMITS).1996-2001
7 Federal Agency for Security in Information Technology, IT-Baseline Protection Manual Standard Security Measures Version:October 2000. London:BSI,2000
8 Ron R, Marianne S. NIST Special Publication 800-37:Guide for the Security Certificaiton and Accreditation. Washington:U.S. Department of Commerce,2000(5)
9 Mehmed Kantardzic. Data Mining:Concepts, Models, Methods, and Algorithms. IEEE Press,2002:308
10 Swain A D, Guttmann H E. Handbook of Human Reliability Analysis with Emphasiso on Nuclear Power Plant Appilcaiton. Nuclear Regulatory Commission, Washington D C,1983
11 Stoneburner, G., A. Goguen, et al. Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, Special Publication 800-30,2001
12 Marios. Information System and it and Control Association. CISA Review Manual 2005
13 Marianne S. NIST Special Publication 800-26:Security Self-Assessment Guide for Information Technology Systems. Washington:U.S. Department of Commerce,2001(11)
14 Pauline B, Joan H, Marianne S. NIST Special Publication 800-18:Guide for Developing Security Plans for Federal Information Systems, Revision 1. Washington:U.S. Department of Commerce,2005(8)
15 Information technology-Security technique-Gruidelines for the managment of IT secuirty (GMITS)-Part3:Techniques for the management of IT security. ISO JEC1TC1/SC27 N1845,1997(12)
16 Hannaman G W. Human Congnitive Reliabiilty Model for PRA Analysis. NUS4531, NUS Corp., San Diego, CA.1984
17 The National Institute of Standards and Technology (NIST), http://www.nist.gov
18 C&A Systems Secuirty:The COBRA Risk Consultant MethodologyTM,1999(7)
19 CCRARiskAnalysis and Management Method (CRAMM). http://www.cramm.com,1985
20 Cost-of-Risk Analysis (CORA), International Security Technology Inc, http://www.ist-usa.com
21 Ketil Stolen. Model-based risk assessment-the COBAS approach. In Proc. the 1st iTrust Workshop, G lasgow,2002(9)
22 NIST. Federal Information Processing Standards Publication 65:Guidelines for Automatic Data Processing Risk Analysis,1975
23 United States General Accounting Office. Information Security Risk Assessment-Practices of Leading Organizations-Case Study 3. GAO/AIMD-00-33,1999
24 Gary S, Ailce G, Alexis F. Risk Management Guide for Information Technology Systems. NIST SP-800-30,2001
25 United States General Accounting Office. Information Security Risk Assessment-Practices of Leading Organizations, Exposure Draft,1999(8)
26 British Standards Institute. BS 7799:Code of Practice for Information Security Management,1999
27 David B.Risk Assessment Models and Evolving Approaches.http://www.gammassl.co.uk
28 COBRA Risk Consultant. The New Era in Security Risk Management. http://www.securitypolicy.co.uk/riskanalysis/risk.htm
29 Thomas R P. Information Security Risk Analysis. New York:Auerbach Publications,1997
30 Will O. Information Risk Analysis, Assessment and Management. http://www.theiia.org/itauid
31 Palisade Asia-Pacific. Risk analysis in@ RISK, http://www.palisade.com/btmUrisk.asp
32 Verd'u S. Fifty years of Shannon theory. IEEE Transaction on Information Theory,1998,44(6): 2057-2078
33 Shannon C.E. A mathematical theory of communication. Bell Syst. Tech. J,1998,27:379-423,623-656
34 Shannon C.E. Communication in the presence of noise. Proc. IRE,1999,37:10-21
35 Moitra S D, Konda S L.A simulation model for managing survivability of networked information systems, CMU/SEI-2000-TR-020
36 Jha S, Wing J, linger R, et al. Survivability analysis of network specifications. International Conference on Dependable Systems and Networks (DSN 2000). New York,2000(6)
37 Krings A W, Azadmanesh M H. A graph based model for survivability analys. UI-CS-TR-02-D24,2004
38 Gao Zhi-xing, Ong C H, Tan W K. Survivability assessment:modeling dependencies in information systems. Proceeding of 4th IEEE/CMU/SEI Information Survivability Workshop (ISW-2001/2002). Vancouver, BC Canada.2001:15-17
39 linger R, Hevner A, Walton G, et al. Semantic foundations for survivable system analysis and design. Proceedings of the International Conference on Dependable Systems and Networks (DSN-2001). Goteberg. Sweden.2001(7)
40 McDermott J. Attack-potential-based survivability modeling for high-consequence systems. Proceeding of Third IEEE International Workshop on Information Assurance (IWIA05). College Park, 2005:23-24
41 Ellison R, Fisher D, et al. Survivable network systems:an emerging discipline. Technical Report CMU/SE1-97-153,1997(11)
42 Ellison R J, Linger R C, et al., A case study in survivable network system analysis. Technical Report CMU/SE1-98-TR-014,1998(9)
43 Dougherty E M.Human Teliability Analysis. New York, Wiley-Interscience,1988
44 Hannaman G W. Human Congnitive Reliabiilty M odel for PRA Analysis. NUS4531, NUS Corp., San Diego, CA. 1984
45 Krings A W. Azadmanesh M H. A graph based model for survivability analysis. Technical Report UI-CS-TR-02-024,2004
46 Jha S, Wing J, Linger R, Longstaf T. Survivability analysis of network specifications. Proceeding of International Conference on Dependable Systems and Networks, New York,2000(6):613-622
47 Du Junping, Guo Wensheng. The Study on Multi-Agent Cooperation in An E-business Intermediation Platform. Wuhan, China,2005 International Workshop on SCILJB and Open Source Software Engineering,2005(10):27-29
48 Pawlak Z. Rough sets. International Journal of Information and Computer Science,1982,11(5):314-356
49 Szladow A, Ziarko Z, Rough sets. Working with imperfect data. Al Expert,1993(7)
50 Pawlak Z, Grzymala-Busse J, Slowinski R. Rough sets. Communications of the ACM
51 Jared Jackson, Jussi Myllymaki. Web-based data mining. http://ibm.com,2006-11-2
52 Logging Control in W3C http. http://www.w3.org/Daemon/User/Config/Logging.html#common-logfile-format,2007-3-9
53 W3C Extended Log File Format. http://www.microsoft.com/technet/prodtechnol/windowsserver2003/zh-chs/library/iis/96af216b-e2c0-428 e-9880-95cbd85d90al.mspx?mfr=true,2007-3-9
54 Joiron P. Risk:measuring the risk in Value at Risk. Fi nancial Analysts Jounral,1996(11/12)
55 Frederick H, Gerald L. Introduction to Operations Research. New York:McGraw-Hill. Intenrational Book Company,1990
56 Kim TH, Kim HK A relationship between security engineering and security evaluation. Lecture Notes In Computer Science,2004,3046:717-724
57 Shawn A. Butler. Security Attribute Evaluation Method. Carnegie Mellon University. Doctoral Thesis, 2003(5)
58 Wanner PCH, Weber RE Fault injection tool for network security evaluation. Lecture Notes In Computer Science,2003,2847:127-136
59 Une M, Matsumoto T. A framework to evaluate security and cost of time stamping schemes. IEICE transactions on fundamentals of electronics communications and computer sciences E85A,2002(1): 125-139
60 Powell AM, Jr. SH, Greene G, Miranda J, Kennedy R, Zuzolo PA, et al. INSPECT:A New Tool for Emergency and Consequence Management.Symposium on the F-Scale and Severe-Weather Damage Assessment,2003 Feb 10
61 Kohonen, T. Self-Organized formation of topologically correct feature maps, Biological Cybernetics, 1982,43:59-69
62 Tree mapping. http://en.wikipedia.org/wiki/Treemap 2006-9-20
63 OLIVE, On-line Library of Information Visualization Environments, http://otal.umd.edu/Olive/
64 Samtaney R, Silver D. Visualizing features and tracking their evolution. Computer,1997,27(7):20-27
65 Mackinlay J. Automating the Design of Graphical Presentations of Relational Information. ACM Trans on Graphics,1986,5(2):161-182
66 Card, S.K. and J. Mackinlay. The Structure of the Information Visualization Design Space. Proc. of the IEEE Symposium on Information Visualization,1997
67 Burkhard. R. Towards a Framework and a Model for Knowledge Visualization:Synergies between Information and Knowledge Visualization. Knowledge and information visualization:searching for synergies, Heidelberg, Springer Lecture Notes in Computer Science,2005:238-255
68 Fisher, K. M. Semantic Networking:The New Kid on the Block. Journal of Research in Science Teaching, 2001,27(10):1001-1018
69 Shafer J C, A grawal R, Mehta M. A scalable parallel classifier for data mining. Proc of the 22nd Int.Confon Very Large Databases, Mumbai(Bombay), India,2004
70 Friedman N, Geiger D, Goldszm M. Bayesian network classifier. Machine Learning,1997(1):131-163
71 Powell M J D. Radial basis functions for multivariable interpolation. IMG Conference on Algronthms for the Approximation of Function and Data, UK:shrivenham,1985:143-167
72 Broomhead D S, Lowe D. Multivariate functional interpolation and adaptive networks. Complex Systems, 1988(2):321-355
73 Moody J, Darken C. Fast leanring in networks of locally-tunred processing units. Neural Computation, 1989(1):281-294
74 Johnson P. C, Jackson R. Frictional-collisional constitutive relations for granular material with application to plane shearing. J. Fluid Mech,176(1987):67-93
75 E. Brvnjolfsson, Lorin M Hit:Beyond computation:information technology, organization transformation and business performance. Jounral of Economic Perspectives,2000,14 (4):23-48
76 Enrst & Young. Global Informations ecurity survey.2003
77 Farbey, Barbara, Land, Frank, and Target David:Matching an IT project with an appropriate method of evaluation:A research note on Evaluating investments in IT. Jounral of Information Technology,1994(9): 239-243
78 Finne T. A Conceptual Framework for Information Security Management. Computers and Security,1997, 16(6):469-479
79 Finne T. Information Security Implemented in:the Theory on Stock Market Eficiency. Markowitz Portfolio Theory and Porter's Value Chain, Computers and Security,1998,17(4):303-307
80 Flatto J. The application of real options to the information technology valuation process:A bench mark study. PhD Dissertation, New Haven:Department of Management Systems, University of New Haven, 1996
81 GAO Report. Information Security Risk Assessment-Practices of Leading Organizations. Report 1999, No.AIMD-99-139,1999
82 Michel Benaroch. Option-Based Management of Technology Investment Risk. IEEE Transactions on Engineering Management,2001,48 (4):428-444
83 M. Crouhy, D. Galai, R. Mark. A comparative analysis of current credit risk models. Journal of Banking & Finance 2000(24):59-117
84 J. Semper, I. M. Clemente. Value at Risk calculation through ARCH factor methodology:Proposal and comparative analysis, European Jounral of operational Research,2003,50(3):516-528
85 Kent D. Miller, H. Gregory Waller. Scenarios, Real Options and Integrated Risk Management, Long Range Planning,2003(36):93-107
86 Frank J G, Carol S, Ali M. QRAS-The Quantitative Risk Assessment System. Porceedings Annual Reilability and MaintainabilitySymposium,2002
87 Christopher A, Audrey D. Managing Information Security Risks:The OCTAVE Approach. Pearson Education Inc,2003
88 Aslam T. Use of a Taxonomy of Security Faults. Proceedings of the Nineteenth NIST-NCSC National Information Systems Security Conference,1996:551-560
89 Howard J. An Analysis of Security Incidents on the Internet.1989-1995:PhD thesis, Department of Engineering and Public Policy, Camegie Mellon University, Pittsburgh, Pennsylvania,1997
90 Kumar S. Classification and Detection of Computer Intrusions. PhD thesis, Department of Computer Science, Purdue University, West Lafayette, Indiana,1995
91 lackey R. Penetration of computer systems:An overview. Honeywell Computing Journal,1974,8(2): 81-85
92 Landwehr C. ATaxonomy of Computer Program Security Flaws. ACM Computing Surveys,1994,26(3): 211-254
93 Lindgvist U, Jonsson E. How to Systematically Classify Computer Security. Proceedings of the IEEE Symposium on Security and Privacy,1997:154-163
94 Michael H, David L. Writing Secure Code. Microsoft Press, One Microsoft Way, WA:Redmond,2002
95 mi2g. Technical report:Windows regains mantle of most vulnerable OS. mi2g.com,2002(8)
96 John M, Robert V. Technical report, Software Engineering Baselines. Data and Analysis Center for Software,1996(7)
97 Reasoning. How Open Source and Commercial Software Compare. Technical report, Reasoning Inc., 2003(2)
98 John M, Robert V. Software Engineering Baselines. Technical report, Data and Analysis Center for Software, NY:Rome Laboratory,1996(7)
99 Reasoning. How Open Source and Commercial Software Compare. Technical report, Reasoning Inc., 2003(2)
100 John D M, Anthony I, Kazuhira O. Software reliability:measurement, prediction, application. McGraw Hill Softwaer Engineering Series, Professional edition,1990
101 Intenret Security Strategies. X-Force database. http://www.iss.net/security_center,2002
102 National Institute of Standards and Technology(NIST). ICAT Metabase. http://icat.nist.gov,2002
103 Security Focus. Security Focus Online Vulnerability Database. http://online.securityfocus.com
104 Carl E L, Alan R B, John P M, William S C. A Taxonomy of Computer Program Security. ACM Computing Surveys (CSUR).1994,26(3):211-254
105 Matt B. How Attackers Break Programs and How to Write Programs More Securely System Administration. Networking and Security (SANS). Baltimore,2000(5)
106 Jason I. Hong, Jennifer D. Ng, Scot Lederer, James A. Landay. Privacy Risk Models for Designing Pirvacy-Sensitive Ubiquitous Computing Systems. DIS2004, August 1-4,2004, Cambridge, Massachusetts, USA, ACM 1-58113-787-7/04/0008
107 Takenaka M, Shimoyama T, Koshiba T. Theoertical analysis of (2) (X) attack on RC6. IEICE Transactions on fundamentals of electronics communications and computer sciences 2004, e87a(1): 28-36
108 Unlocking Value:An Executive Primer on the Critical Role of IT Governance.2008 IT Governance Institute,2008(9)
109 Understanding How Business Goals Drive IT Goals.2008 IT Governance Institute,2008(9)