Computer Science ›› 2015, Vol. 42 ›› Issue (9): 134-138.doi: 10.11896/j.issn.1002-137X.2015.09.025

Previous Articles     Next Articles

Risk Assessment of Software Vulnerability Based on GA-FAHP

TANG Cheng-hua, TIAN Ji-long, TANG Shen-sheng, ZHANG Xin and WANG Lu   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Aiming at the problem of the vulnerability risk level determination in the software system,a genetic fuzzy ana-lytic hierarchy process(GA-FAHP) approach was proposed to evaluate the risk of software vulnerability.Firstly,the improved FAHP is used to calculate the weight of each risk factor,and the fuzzy judgment matrix are established.Se-condly,the consistency checking and correcting process of the fuzzy judgment matrix are transformed into an optimization problem for nonlinear constrained system,and the genetic algorithm is used to solve it.Finally,the risk degree of the vulnerability is calculated by GA-FAHP algorithm.Experimental results show that this method has good accuracy and validity,and provides a feasible way for the software vulnerability risk assessment.

Key words: Software vulnerability,Risk assessment,Genetic algorithm,Fuzzy judgment matrix

[1] Sedaghat S,Adibniya F,Sarram M A.The investigation of vulnerability test in application software[C]∥Proceeding of the 2009 International Conference on the Current Trends in Information Technology.2009:1-5
[2] Martin B,Remi B,Olivier F.Vulnerability assessment in autonomic networks and services:a Survey[J].IEEE Communications Surveys & Tutorials,2014,16(2):988-1004
[3] Jason L W,Jason W L,Miles A M.Estimating software vulnerabilities a case study based on the misclassification of bugs in MySQL server[C]∥Proceeding of the 2013 Eighth InternationalConference on Availability,Reliability and Security.Regensburg,Germany,2013:72-81
[4] 陈波,师惠忠.一种新型Web应用安全漏洞统一描述语言[J].小型微型计算机系统,2011,32(10):1994-2001 Chen Bo,Shi Hui-zhong.Novel uniform vulnerability description language of Web application[J].Journal of Chinese Computer System,2011,32(10):1994-2001
[5] Jiang F,Dong Dao-yi,Cao Long-bing,et al.Agent-based self-adaptable context-aware network vulnerability assessment[J].IEEE Transaction on Network and Service Management,2013,10(3):255-270
[6] 陆余良,夏阳.主机安全量化融合模型研究[J].计算机学报,2005,28(5):914-920 Lu Yu-liang,Xia Yang.Research on target-computer secure quantitative fusion model[J].Chinese Journal of Computers,2005,28(5):914-920
[7] 周亮,李俊娥,陆天波,等.信息系统漏洞风险定量评估模型研究[J].通信学报,2009,30(2):71-76 Zhou Liang,Li Jun-e,Lu Tian-bo,et al.Research on quantitative assessment model on vulnerability risk for information system[J].Journal of Communications,2009,30(2):71-76
[8] 杨宏宇,朱丹,谢丽霞.网络信息系统漏洞可利用性量化评估研究[J].清华大学学报(自然科学版),2009,49(S2):2157-2163 Yang Hong-yu,Zhu Dan,Xie Li-xia.Quantitative evaluation of vulnerability exploitability in network information systems[J].Journal of Tsinghua University(Science and Technology),2009,49(S2):2157-2163
[9] 宋舜宏,陆余良,杨国正,等.一种应用主机访问图的网络漏洞评估模型[J].小型微型计算机系统,2011,32(3):483-488 Song Shun-hong,Lu Yu-liang,Yang Guo-zheng,et al.Network vulnerability assessment model applying host-based access graphs [J].Journal of Chinese Computer Systems,2011,32(3):483-488
[10] 李鑫,李京春,郑雪峰,等.一种基于层次分析法的信息系统漏洞量化评估方法[J].计算机科学,2012,39(7):58-63 Li Xin,Li Jing-chun,Zheng Xue-feng,et al.Analytic hierarchy process(AHP)-based vulnerability quantitative assessment method for information systems[J].Computer Science,2012,39(7):58-63
[11] 王新喆,许榕生.基于CVE漏洞库的生存性量化分析数据库和量化算法的设计[J].计算机应用,2008,28(2):415-417,1 Wang Xin-zhe,Xu Rong-sheng.Design of survivability quantum analysis database and quantum algorithm based on CVE database[J].Computer Applications,2008,28(2):415-417,1
[12] Liu Qi-xu,Zhang Yu-qing.VRSS:A new system for rating and scoring vulnerabilities[J].Computer Communications,2011,34(3):264-273
[13] Martin R A.Making security measurable and manageable[C]∥Proceeding of the 2008 IEEE Military Communications Confe-rence.San Diego,CA,2008:1-9
[14] Microsoft security response center security bulletin severity ra-tingsystem[EB/OL]. bulletin/rating.mspx,2012
[15] Vupen security[EB/OL].,2012
[16] US-CERT.Vulnerability notes database field descriptions[EB/OL].,2012
[17] IBM IIS X-Force[EB/OL].,2012
[18] China National Vulnerability Database of Information Security[DB/OL].,2014

No related articles found!
Full text



No Suggested Reading articles found!