一种基于层次分析法的信息系统漏洞量化评估方法

根据层次分析法提出了一种具有可操作性的信息系统漏洞量化评估方法。按照分层思想,将系统漏洞严重程度的模型分解为因素层、评价层、特性层和目标层,分别从风险概率、风险影响和不可控制性等几方面对漏洞带来的风险因素进行专家评定,并依此来确定权重,通过计算其各层评估值,最后得到信息系统的整体漏洞严重性评估值。实验结果表明,基于层次分析法的信息系统漏洞评估方法能对系统漏洞的严重性程度进行有效量化和评估。

Analytic Hierarchy Process (AHP)-based Vulnerability Quantitative Assessment Method for Information Systems

This paper proposed a practical vulnerabilities quantitative assessment method for information system based on the Analytic Hierarchy Process (AHP). According to the hierarchical thought,the system vulnerability that reflects the severity serious degree model was decomposed into four factors, such as factors layer, evaluation factors layer, characteristic layer and target layer. Some vulnerability risk factors were evaluated respectively by expert to determine the weight from several aspects, such as the risk probability, risk influence and uncontrollable character. Through calculating the value of each layer,we got the overall value of information system vulnerability severity assessment finally. Theexperimental results show that the Analytic Hierarchy Process (AHP)-based vulnerability assessment method can quantify and assess the seriousness of system vulnerability effectively.