| 网络安全风险的模糊层次综合评估模型 |
| |
| 引用本文: | 汪楚娇,林果园.网络安全风险的模糊层次综合评估模型[J].武汉大学学报(理学版),2006,52(5):622-626. |
| |
| 作者姓名: | 汪楚娇 林果园 |
| |
| 作者单位: | 中国矿业大学,计算机学院,江苏,徐州,221008 |
| |
| 基金项目: | 国家自然科学基金;国家重点实验室基金;中国矿业大学校科研和教改项目 |
| |
| 摘 要: | 针对网络安全风险评估中人为因素多、指标难以量化的问题,在分析网络安全要素的基础上,将模糊数学的方法运用于网络安全风险评估中,并结合层次分析方法,建立了网络安全风险的模糊层次综合评估模型.该模型首先建立逻辑的3级网络层次,即服务层、主机层和网络层.在服务层通过对资产、威胁和漏洞各因子的量化计算后得出各自的风险值,然后利用模糊评价方法逐级计算各层风险指数.实验数据测试表明:通过3个层次自下而上地递阶评价各安全要素,利用先局部后整体的评估策略能直观地给出系统的安全态势,并且能准确评估网络系统3个层次的安全状况.
|
| 关 键 词: | 风险评估 威胁 脆弱性 资产 模糊 层次 |
| 文章编号: | 1671-8836(2006)05-0622-05 |
| 修稿时间: | 2006年3月24日 |
The Model of Network Security Risk Assess Based on Fuzzy Algorithm and Hierarchy |
| |
| WANG Chujiao,LIN Guoyuan.The Model of Network Security Risk Assess Based on Fuzzy Algorithm and Hierarchy[J].JOurnal of Wuhan University:Natural Science Edition,2006,52(5):622-626. |
| |
| Authors: | WANG Chujiao LIN Guoyuan |
| |
| Abstract: | Aiming at the weakness of being unable to provide numerical value of risk and avoid jamming encountered in the current security evaluation system,this paper presents a quantitative model of network security risk assess system,which is based on fuzzy algorithm and hierarchy.This model firstly establishes logical hierarchy of network,viz.service,host and whole network system,and calculates the risk value of service by putting forward the corresponding computation method of asset,threat and vulnerability,then adopts fuzzy algorithm to educe the risk value of every layer.This model evaluates security factors from bottom to top and gives the intuitionistic security situation from local to global.The experiments on the historical dataset show that applying this model can accurately describe network security status in three hierarchies. |
| |
| Keywords: | risk assess threat vulnerability asset fuzzy hierarchy |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
