摘要
针对网络安全风险评估过程中存在的复杂性,以资产、脆弱性和威胁为安全评估的关键因素,建立安全分析的层次化评估指标体系。引入可信度概念,提出了一种基于模糊Petri网的安全风险评估模型以及模糊推理算法,同时结合层次分析法,采取定性与定量分析相结合的方法进行安全评估。实例分析表明:与传统的综合风险评估方法相比,基于模糊Petri网的风险评估方法给出的结果更加准确和科学。因此,该方法更适合应用于实际的网络系统风险评估中。
Aiming at the complex in the process of network security risk assessment, the asset, vulnerability and threat were used as the major factors in security assessment to establish the hierarchical index system for security assessment. The concept of credibility was introduced, and the security risk assessment model and fuzzy reasoning algorithm based on fuzzy Petri net were also proposed, making use of fuzzy Petri nets method joined together with the AHP to analyze the question, and combining qualitative analysis and quantitative analysis together. The example analysis shows that the obtained results are more accurate and scientific compared with traditional assessment methods. Therefore, this method is an effective network system risk assessment method.
出处
《通信学报》
EI
CSCD
北大核心
2013年第S1期126-132,共7页
Journal on Communications
基金
国家自然科学基金资助项目(60902102)
郑州市科技创新团队基金资助项目(10CXTD150)~~
关键词
安全风险评估
模糊PETRI网
建模
层次分析法
security risk assessment
fuzzy Petri net
modeling
analytic hierarchy process