基于模糊理论的漏洞危害等级评估
针对安全漏洞危害难以量化评估的问题,提出一种基于模糊理论的漏洞危害等级评估方法。使用层次分析法建立漏洞等级评估体系并计算漏洞评估影响因素的权重。利用模糊综合判断法对漏洞危害等级进行定量评价,综合可利用性和安全影响两方面因素实现对漏洞危害的评估。实验结果表明该方法对于漏洞危害能够得到更加准确的评估结果。...
Saved in:
| Published in | 计算机应用研究 Vol. 31; no. 3; pp. 815 - 818 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | Chinese |
| Published |
Modern Education Technology Center,Northwest University,Xi'an 710127,China
2014
School of Information Science & Technology,Northwest University,Xi'an 710127,China%School of Information Science & Technology,Northwest University,Xi'an 710127,China |
| Subjects | |
| Online Access | Get full text |
| ISSN | 1001-3695 |
| DOI | 10.3969/j.issn.1001-3695.2014.03.043 |
Cover
| Summary: | 针对安全漏洞危害难以量化评估的问题,提出一种基于模糊理论的漏洞危害等级评估方法。使用层次分析法建立漏洞等级评估体系并计算漏洞评估影响因素的权重。利用模糊综合判断法对漏洞危害等级进行定量评价,综合可利用性和安全影响两方面因素实现对漏洞危害的评估。实验结果表明该方法对于漏洞危害能够得到更加准确的评估结果。 |
|---|---|
| Bibliography: | 51-1196/TP vulnerability; vulnerability evaluation; analytic hierarchy process; fuzzy comprehensive evaluation MA Chia, GAO Linga, SUN Qiana'b, HE Lina, GAO Xue-ling" (a. School of Information Science & Technology, b. Modem Education Technology Center, Northwest University, Xi'an 710127, China) This paper proposed a hierarchical evaluation method to quantitative evaluate vulnerability attributes to improve vulnerability risk evaluation process. It developed a evaluation system based on the analytic hierarchy process to obtain the fac- tor weights. And it quantified the vulnerability severity based on the fuzzy comprehensive evaluation to give the severity rank, evaluated vulnerability by the combining of exploitability attributes and safety influence attributes. Experimental results show that this method can evaluate the vulnerability severity more accurately. |
| ISSN: | 1001-3695 |
| DOI: | 10.3969/j.issn.1001-3695.2014.03.043 |