摘要：

针对当前主机安全风险评估指标不够全面、实际操作困难和评估结果可理解性差等问题,提出一种基于云模型的多层次主机安全风险评估方法。结合国家信息系统等级保护测评要求,采用层次分析法构建风险评估指标体系,在多层次指标体系基础上,引入云模型理论,实现主机安全风险的模糊量化评估。实验结果表明,该方法能对复杂主机系统进行合理评价,有效提高评估结果的准确性和科学性。

关键词: 主机安全, 安全风险评估, 等级保护, 层次分析法, 云模型

Abstract:

Aiming at the problem that the existed host Security Risk Assessment(SRA) index is not complete,difficult to operate and the result is hard to understand,this paper proposes a method for host SRA based on Analytic Hierarchy Process(AHP) and cloud model.It integrates the national information security classified protection policy,designs a multi-level index system using AHP and cloud model to assess the risk of host security fuzzily and quantifiably.Experimental results show that the proposed method achieves a satisfactory result in quantitative evaluation of complex host system,and effectively improves the accuracy and scientificity of the detection results.

Key words: host security, Security Risk Assessment(SRA), classified protection, Analytic Hierarchy Process(AHP), cloud model

中图分类号: 

• TP309