摘要
本文对网络安全风险评估提出了一种新的综合风险评估方法。采用AHP方法与模糊逻辑法相结合的方法进行风险评估,并根据网络安全风险评估的实际情况对AHP方法与模糊逻辑法进行了改造。应用模糊逻辑法对各因素的评判不是直接评价其重要度,而是将各风险因素从概率方面、从影响方面、从不可控制性方面分别进行评判。先用AHP方法将风险评估分为三层,在确定第三层各风险因素的排序权向量时采用模糊逻辑法。最后利用AHP方法求出各风险因素的综合风险权重。通过实例分析可知,该方法可以方便地用于网络安全风险评估,实验结果符合实际。
A new comprehensive risk assessment method is introduced to the estimation of the network security risk. The method,which combines AHP method and fuzzy logical method,is applied to the risk assessment. AHP method and Fuzzy logical method are altered according to the actual condition of the network security risk assessment. Applying fuzzy logical method,the important degree of each actor is judged in the aspects of the probability,the influence and uncontrollability,not judged immediately. The risk assessment is carved up 3 layers applying AHP method,the sort weight of the third layer is calculated by fuzzy logical method. Finally,the comprehensive risk weight is calculated by AHP method. The study of the case shows that the method can be easily used to the risk assessment of the network security. The results are in accord with the reality.
出处
《计算机科学》
CSCD
北大核心
2004年第7期66-69,共4页
Computer Science
基金
国家信息关防与网络安全保障持续发展计划
国家863高技术研究发展计划(2002AA142151)
中国科学院知识创新工程方向性项目(KGCX2-106)
北京市科技计划项目(H020120090530)