检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:郭锡泉[1,2] 陈香锡 Guo Xiquan;Chen Xiangxi(Network Center,Qingyuan Polytechnic,Qingyuan 511510,Guangdong,China;Qingyuan Research and Development Center of Cybersecurity,Qingyuan 511510,Guangdong,China)
机构地区:[1]清远职业技术学院网络中心,广东清远511510 [2]清远市网络空间安全工程技术研究开发中心,广东清远511510
出 处:《计算机应用与软件》2023年第4期311-317,323,共8页Computer Applications and Software
基 金:广东省科技计划项目(2019A141405002);广东省普通高校重点科研项目(2018GKTSCX099);清远市科技计划项目(2019A006,2019A046)。
摘 要:针对Web应用的安全风险,提出模糊综合评价与信息熵相结合的集成风险评估方法。对于Web应用的技术维度,采用层次分析法确定评估指标的权重;为更好地反映安全漏洞的潜在风险,在多级模糊评价的过程中引入峰值评判的准则。对于Web应用的管理维度,采用信息熵挖掘评估指标的权重和专家意见的权重,获取专家群体的一致性评判意见。通过应用实例证明了评估方法的可行性和有效性。该集成评估方法吸收了当前网络安全众测的理念,体现了网络安全等级保护和信息安全体系建设的要求,有利于组织快速评估Web应用安全风险并进行持续的改进。Aimed at the security risk of Web application,an integrated risk assessment method combining fuzzy comprehensive assessment and information entropy is proposed.For the technical dimension of Web application,AHP was used to determine the weight of evaluation index.In order to better reflect the potential risk of security vulnerability,the peak value evaluation criterion was introduced in the process of multi-level fuzzy evaluation.For the management dimension of Web application,information entropy was used to mine the weight of evaluation index and expert opinion to obtain the consensus judgment of expert group.The feasibility and effectiveness of the evaluation method were proved by an application example.This integrated evaluation method absorbed the current concept of network security crowd testing,reflected the requirements of network security hierarchical protection and information security system construction,and was conducive to the organization of rapid assessment of Web application security risks and continuous improvement.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7