FRAMB: A man-machine cooperation risk assessment method for intelligent network information systems

Abstract

The intelligent network information systems, such as smart grid systems, face many security problems in the aspects of sensing, communication and computing. Information security risk assessment is an important way to assess the threats faced by information systems before risk events occur and ensure the security of assets. However, a comprehensive risk assessment of the system is a very resource-consuming process. Many existing risk assessment methods rely on a large number of experts and computing resources. Their assessment results are vulnerable to the differences in experts’ subjective judgments. Therefore, we propose FRAMB, a novel man-machine collaborative risk assessment method based on fitting upper and lower bounds. Firstly, we present a risk assessment criterion including four categories and sixteen risk factors following the ISO/IEC 27005:2018 standard. On this basis, we present the DFAHP and CM-NN assessment models to obtain the upper and lower bounds of the risk assessment value, which provides a reference for expert assessment. FRAMB integrates the experts’ assessment value and the values of upper and lower bounds, and adjusts the weights of these values to give the final risk assessment value. We introduce the risk assessment process of FRAMB in detail through a case study of the smart grid system risk assessment. We evaluate the effectiveness and accuracy of FRAMB through experiments. The experimental results show that FRAMB can effectively and accurately assess the security risks of the intelligent network information systems.