孫雪巖 吳俊華 劉效武 張淑雯
摘要:傳統(tǒng)的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法中,存在評(píng)估結(jié)果單一性和過(guò)分主觀依賴(lài)性等問(wèn)題。為使評(píng)估結(jié)果更切合實(shí)際及解決不確定性因素難以定量評(píng)估的問(wèn)題,設(shè)計(jì)一個(gè)用來(lái)衡量安全防御措施能力與節(jié)點(diǎn)脆弱性對(duì)攻擊結(jié)果影響的成功率算法;采用攻擊威脅嚴(yán)重度算法,通過(guò)安全漏洞評(píng)分對(duì)脆弱性進(jìn)行評(píng)估。最后,提出基于熵權(quán)理論的模糊綜合評(píng)判分析方法計(jì)算系統(tǒng)整體的風(fēng)險(xiǎn)態(tài)勢(shì)值,從而更好地輔助網(wǎng)絡(luò)分析人員及時(shí)掌握系統(tǒng)實(shí)時(shí)風(fēng)險(xiǎn)態(tài)勢(shì)。針對(duì)該方法進(jìn)行仿真實(shí)驗(yàn)分析,結(jié)果表明該方法可以準(zhǔn)確并客觀地評(píng)估網(wǎng)絡(luò)風(fēng)險(xiǎn),進(jìn)而避免傳統(tǒng)方法存在的主觀性和片面性,證明了該方法的合理性。
關(guān)鍵詞:網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估; 模糊綜合評(píng)判(FCE) ; 熵權(quán)理論
DOIDOI:10.11907/rjdk.161039
中圖分類(lèi)號(hào):TP309文獻(xiàn)標(biāo)識(shí)碼:A文章編號(hào):1672-7800(2016)006-0192-04
參考文獻(xiàn):
[1]ELSHOUSH H T,SWMAN I M.Alert correlation in collaborative intelligent intrusion detection systems-a suvey[J].Applied Soft Computing,2011,11(7):4349-4365.
[2]CHEN X Z,ZHENG Q H,GUAN X H,et al.Quantitative hierarchical threat evaluation model for network security[J].Journal of Software,2006,17(4):885-897.
[3]CHEN FENG,LIU DEHUI,ZHANG YI,et al.A hierarchical evaluation approach for network security based on threat spread model[J].Journal of Computer Research and Development,2011,48(6):945-954.
[4]DU S,LI X,DU J,et al.An attack-and-defense game for security assessment in vehicular ad hoc networks[J].Peer-to-Peer Networking and Applications,2014,7(3): 215-228.
[5]葛?;?,肖達(dá),陳天平,楊義先.基于動(dòng)態(tài)關(guān)聯(lián)分析的網(wǎng)絡(luò)安全風(fēng)險(xiǎn)評(píng)估方法[J].電子與信息學(xué),2013,35(11):2630-2636.
[6]LYU H,PENG W,WANG R,et al. A real-time network threat recognition and assessment method based on association analysis of time and apace[J].Journal of Computer Research and Development,2014,51(5):1039-1049.
[7]梁吉業(yè),錢(qián)宇華.信息系統(tǒng)中的信息粒與熵理論[J].中國(guó)科學(xué)E輯:信息科學(xué),2008,38(12):2048-2065.
[8]FU S,LIU Z,ZHOU H,et al.A security risk analysis method for information system based on information entroy[J].Open Cybernetics& Systemics Journal,2015,9(1):23-27.
[9]M SOLEIMANI DAMANEH,M ZAREPISHEH.Shannon's entropy for combining the efficiency results of different DEAmodels:Method and application[J].Expert Systems with Applications,2009,36:5146-5150.
[10]WANG TONG.The research of electronic banking risk evaluation based on comprehensive assessment AHP-entropy[J]. International Journal of U-& E-Service,Science & Technology,2014,7(6):413-422.
[11]TSAI H Y,HUANG Y L.An analytic hierarchy process-based risk assessment method for wireless netorks[J]. Reliabity, IEEE Transactions on,2011,60(4):801-816.