ENGINEERING
and TECHNOLOGY RESEARCH

To deal with the uncertainty of information system security risk evaluation, a risk evaluation model combining Dempster-Shafer evidence theory and grey relational analysis is proposed. In this model, an evaluation index system is established. The risk evaluation rate of information system security is educed by using improved Dempster-Shafer theory. For each risk rating, the Basic Probability Assignment(BPA) function in Dempster-Shafer theory is get by calculating the grey relational grades, so the difficult issue of determining the BPA with Dempster-Shafer theory is solved. The Dempster-Shafer fusion strategy was applied to fuse the evaluation ratings in different data sources for evaluation conclusion. Finally, a case proves that the method is feasible and effective.

Information system security risk evaluation, Dempster-Shafer evidence theory, Grey relational grade, Risk evaluation rating