2017 2nd International Conference on Computer Science and Technology (CST 2017) ISBN: 978-1-60595-461-5
Network Security Evaluation Based on Variable
Weight Fuzzy Cloud Model
Yang JIANG
a*, Cheng-hai LI, Zhi-peng LI
and Ming-cai SUN
College of Air and Missile Defense, Air Force Engineering University, Xi’an 710051, China
*Corresponding author
Keywords: Network security, Assessment, Cloud model, Fuzzy comprehensive evaluation, Variable weight
Abstract. In order to solve the problem that the evaluation index is difficult to be accurately quantified in the network security assessment, fuzzy comprehensive evaluation method is used to evaluate it. Using cloud model to construct the membership function expresses fuzzy and stochastic characterization of the evaluation index. Then combine the two characters to make up a mapping between quantitative and qualitative indexes for the transformation between precise values and qualitative assessment values. Next, the weight value of the evaluation index is adjusted by using the variable weight principle. This method can reflect the utility value of the data, which makes it more objective to distribute weight value.
Introduction
With the rapid development of computer and network technology, efficiency of work and learning has greatly improved, but due to the openness and sharing of the Internet [1], the risk of computer network also increased. Part of the computer network is lack of scientific management mechanism, even hardware and software configuration cannot meet the safety standards, often facing the risk of internal and external threats. Network security assessment mainly estimates the vulnerability of information assets, hardware equipment, physical environment, safety management, and external threats of computer network to infer the security risk of target network through the analysis of qualitative and quantitative methods [2]. And then, according to the risk level, develop appropriate response plans to construct a set of scientific risk defense system. At present, in the research of network security evaluation, the index system is weighted by analytic hierarchy process (AHP) [3, 4, 5]. However, the traditional AHP mainly depends on human judgment, because the relative importance of each factor in the actual environment is not so exact, the degree of importance is difficult to determine by the numerical value measured by the subjective experience.
membership function, and then fuzzy comprehensive evaluation method is applied to evaluate network security, with fuzzy and random characterization of the evaluation index fused. At the same time, variable weight method [14] is used to adjust the weight of the index, and then evaluate network in this new way. Through the comparison of the two methods, highlight the advantages of variable weight method.
Cloud Fuzzy Comprehensive Evaluation Method
Fuzzy Comprehensive Evaluation
The mathematical model of the fuzzy comprehensive evaluation method is composed of the index set U , the comment field P and the judgment matrix V . The index set is a set of elements which influence the various factors of the evaluation object:
1 2
{ , , , }n
U = u u u , where ui denotes the first level evaluation indicators in the evaluation index system, n denotes the total number of evaluation indicators. These evaluation indexes have certain fuzziness, and their values are determined by membership function.
The comment field is a collection of elements that the evaluation body may make for the evaluation object: P={ ,p p1 2,pm}, where pi denotes the various possible
assessment results, a total of m. On the basis of the evaluation index set, fuzzy comprehensive evaluation is used to evaluate the result of the evaluation object by using fuzzy rules.
The judgment matrix is made up of the evaluation results of the evaluation objects by n evaluation subjects.
Assume that (u ii =1, 2, , ) n denotes the ith index, pj(j=1, 2, , ) m denotes the th
j element in the comment field, r iij( =1, 2, , ; n j=1, 2, , ) m denotes the membership of pj, the evaluation result can be expressed as Ri=( , , , )r ri1 i2 ri3 .
The evaluation result of the n evaluation indicators are integrated into the evaluation matrix R, which is as follows:
1 11 12 1
2 21 22 2
1 2
m
m
n n n nm
R r r r
R r r r
R
R r r r
= =
(1)
The th
i line in the evaluation matrix reflects the extent to which the ith evaluation
index affects the extent to which the assessment object is subordinate to each of the comments, and the jth column reflects the extent to which all of the evaluation
indicators affect the evaluation of the subject to the th
j comment.
The weight of the evaluation index u ii( =1, 2, , ) n is expressed as:
( 1, 2, , )
i
w i= n , which should be satisfied: 1
1
n
i i
w =
=
and1 1
n
i i
w =
=
. Thus, the weight set is constructed as W =( ,w w1 2, , wn) , which contains weight values of all11 12 1
21 22 2
1 2 1 2
1 2
( , , , ) ( , , , )
m m
n n
n n nm
r r r
r r r
B W R w w w b b b
r r r
= = = (2)
where “” denotes some fuzzy synthetic operation; Bdenotes fuzzy comprehensive
evaluation set; and (bj j=1, 2, , ) n denotes the membership of the comprehensive evaluation result to the th
j reviews. In accordance with the principle of maximum membership, comment in correspondence with the maximum value in bj is the final assessment result.
Cloud Fuzzy Comprehensive Evaluation
In the comment field P={ ,p p1 2,pm}, assume that there are k experts evaluating network security, and k comment cloud models need to give for impact factor i. So,
1 2 { , k}
i i i i
P = C C C realizes the evaluation set of impact factor i, where Cij denotes the comment cloud model experts give for evaluation index i , that is
(i=1, 2, , ; m j=1, 2, , ) k . Through the integrated cloud method j, a comprehensive
comment cloud model for i is described as follows:
1 1 2 2
1 2
1 2
1 1 2 2
1 2
k k
i i i i i i
i k
i i i
k
i i i i
k k
i i i i i i
i k
i i i
Ex En Ex En Ex En Ex
En En En
En En En En
He En He En He En He
En En En
= + + + + + + = + + + + + + = + + + (3)
So, comment cloud model of i can be expressed as ( , , )
i i i i
C = Ex En He . For mimpact factors, the evaluation matrix can be obtained as follows:
1 1 1
2 2 2
( , , )
( , , )
( , , )
T
m m m
Ex En He
Ex En He V
Ex En He
= (4)
Then the evaluation matrix V and the weight set W are multiplied to obtain the comprehensive evaluation value of the network security:
( , , )
R= × = =V W C Ex En He (5)
For the evaluation result R, compare its expected value Ex with each expected value of the comment cloud model, and the most similar assessment is the evaluation conclusion.
Variable Weight Method
When the overall function is complete, weights of Ai are called basic weight, as equals
to: ωmi =ωi( ,u um m, , um),i=1, 2, , n,where ωmi∈(0,1),
When Ai lose function, while other factors possess overall function, weights of Ai equal to: ω0i =ωi( , ,um um,0,um, , um) , i=1, 2, , n , where ω0i∈(0,1) . When
3 n≥ ,
0i
ω can be obtained as follows:
0i i/ (min1 j n j max1 j) ( 1, 2, , )
j n k n
ω ω ω ω
≤ ≤ ≤ ≤
= + = (6)
1 2
1 ( , , , ) ( ) / n ( )
k k n k k j j
j
v v v v v
ω ω λ λ
=
′ = ′ =
(7)where vk represent degree value of corresponding first-rank evaluation indexes; ( )
k vk
λ represent functions whose domain is [0, ]vm . For given v v1, , ,2 vn, assume
i
v ≥v, then
0 ( )
( ) ( 1, 2, , ) ( )
k k
k
v
w v k n
v λ λ λ
= =
+ (8)
where 0 j( )j i j
u
λ λ
≠
=
, and 10
( ) / { exp[( / ) mk / (1 (1 ))]}
k v k k v vm mk
λ =λ λ∗ λ∗ − −
(9)
where 0k ( 0k j) / (1 0k)
j k
λ ω ω ω
≠
=
− (10)0
k j
j k
λ∗ λ
≠
=
(11)
0 1
n
j j
λ∗ λ =
=
(12)0
1 1/ ln{[ ( )] / ( )}
k k k k k
m = − λ λ∗ +ω λ ω∗ ( , ,i j k=1, 2, , ) n (13)
Case Analysis
Testing Environment
Build a network security testing environment as shown in Fig.1. Use Kali Linux system as the attack platform, Nmap as the network scanning tool, Nessus as the vulnerability assessment tool, and test hosts are equipped with Win XP/7 operating system.
Internet Host1 Host2
Switch
Firewall
Attacker
Router Server1
[image:4.612.228.393.490.632.2]Server2 Server2
Figure 1. Network testing environment.
1. MS08-067: An attacker can exploit this vulnerability to run arbitrary code without authentication, and it is likely to be used to create worms for mass attacks.
2. MS09-001: Vulnerability in SMB, remote operation of the code is allowed on the affected host. The attacker can exploit the vulnerability to achieve program installation, data manipulation and the creation of new users, making himself a higher authority.
Fuzzy Cloud Comprehensive Evaluation
According to the simulation results and the practical environment, four experts give evaluation value of each evaluation index, as shown in Table 1.
[image:5.612.123.489.273.474.2]Combining with each expert's comments in Table 1 for single factor aggregation by integrated cloud method, we can get the single factor comprehensive evaluation cloud model as shown in Table 2.
Table 1. Evaluation value of index by experts.
Table 2. Comprehensive comment cloud model of single factor evaluation index.
[image:5.612.123.493.496.622.2]( 0 .1 3 2 , 0 .1 5 , 0 .0 0 2 8 ) ( 0 .3 5 9 6 , 0 .1 5 7 , 0 .0 0 4 4 ) ( 0 .3 5 9 6 , 0 .1 5 7 , 0 .0 0 4 4 ) ( 0 .3 5 2 6 , 0 .1 2 4 , 0 .0 0 4 2 ) ( 0 .4 4 4 7 , 0 .1 4 1, 0 .0 0 3 9 ) ( 0 .1 0 6 5 , 0 .1 4 9 , 0 .0 0 4 3 ) ( 0 .3 5 2 6 , 0 .1 2 4 , 0 .0 0 4 2 ) ( 0 .4 5 0 8 , 0 .1 4 9 , 0 .0 0 4 3 ) ( 0 .2 5 , 0 .1 3 2 , 0 .0 0 4 2 ) ( 0 .6 0 1 7 , 0 .1 3 3 R =
( )
(
, 0 .0 0 4 6 ) ( 0 .5 5 8 8 , 0 .1 7 4 , 0 .0 0 5 ) ( 0 .3 5 9 6 , 0 .1 5 7 , 0 .0 0 4 4 ) ( 0 .4 5 0 8 , 0 .1 4 9 , 0 .0 0 4 3 ) ( 0 .3 1 7 5 , 0 .1 5 7 , 0 .0 0 3 7 )
( 0 .4 7 5 3 , 0 .
0 .0 0 4 7 , 0 .0 0 3 7 , 0 .0 0 4 8 0 .0 2 5 0 , 0 .0
1 8 2 , 0 .
2 6 1, 0 .
)
0
0 0 5
×
3 3 6 0 .0 1 8 3 , 0 .0 2 8 5 , 0 .0 4 1 2 0 .0 3 9 8 , 0 .0 3 9 4 , 0 .0 3 6 5 0 .1 2 6 5 , 0 .1 2 4 7 , 0 .1 2 3 9 0 .1 1 3 6 , 0 .1 1 4 6 , 0 .1 2 3 9 0 .0 4 1 7 , 0 .0 4 2 6 , 0 .0 4 2 2 0 .2 3 0 7 , 0 .2 1 9 8 , 0 .2 4 6 0 0 .0 9 0 3 , 0 .0 8 8 4 , 0 .0 9 2 4 0 .0 7 9 1, 0 .0 7 9 1, 0 .0
) ( ) ( ) ( ) ( ) ( ) ( ) ( ) ( ) (
8 3 0 0 .1 6 0 8 , 0 .1 5 6 0 , 0 .1 2 2
( )
5 0 .0 3 0 4 , 0 .0 3 1 1, 0 .0 2 5 0 0 .0 2 1 5 , 0 .0 2 1 6 , 0 .0 1 7 0 0 .0 0 8 0 , 0 .0 1 4 0 , 0 .0 1 2 1 0 .0 0 9 6 , 0 .0 1
0 .4 8 9 2 , 0 .1 0 1 3 , 0 .0 0 4 4
)
( )
( )
( )
( 0 5 , 0 .0 0 5 8 )
=
[image:6.612.229.394.257.390.2]The result of the cloud model is shown in Fig.2:
Figure 2. Result of network security evaluation based on fuzzy cloud model.
As can be seen from Fig.3, the assessment result by fuzzy comprehensive evaluation method based on cloud model is general risk, and tends to moderate risk.
Fuzzy Comprehensive Evaluation Based on Variable Weight Cloud Model
The constant weight method is a reflection of the relative importance between assessment indicators of each index in the index under ideal condition, which cannot fully reflect the actual engineering. In order to reduce the subjectivity of the evaluation and make the evaluation result more reasonable, variable weight method is used to adjust the weight of the index according to the evaluation value of the index.
Using variable weight method to adjust the weights of the evaluation indexes, The calculation results of λ0k, *
k
Table 3. Calculation results of each index.
Evaluaon
Indexes λ0k
*
k
λ mk
C1 0.0203 43.3631 0.3158
C2 0.1159 43.2675 0.3470
C3 0.0828 43.3006 0.3366
C4 0.1954 43.1880 0.3701
C5 1.0147 42.3687 0.5149
C6 0.8267 42.5566 0.4919
C7 0.2063 43.1770 0.3731
C8 37.7612 5.6222 0.6769
C9 0.5661 42.8172 0.4520
C10 0.4660 42.9173 0.4333
C11 1.8089 41.5745 0.5801
C12 0.1438 43.2396 0.3554
C13 0.0984 43.2850 0.3416
C14 0.0349 43.3484 0.3208
C15 0.0421 43.3412 0.3233
[image:7.612.129.479.316.430.2]There are variable weight cloud models shown in Table 4.
Table 4. Variable weight cloud model of indexs.
Evaluaon
Indexes Variable Weight Cloud Model Evaluaon Indexes Variable Weight Cloud Model
C1 (0.0071,0.0037,0.0048) C9 (0.1205,0.0884,0.0924)
C2 (0.0267,0.0261,0.0336) C10 (0.0621,0.0791,0.0830)
C3 (0.0195,0.0285,0.0412) C11 (0.1359,0.1560,0.1225)
C4 (0.0432,0.0394,0.0365) C12 (0.0325,0.0311,0.0250)
C5 (0.1248,0.1247,0.1239) C13 (0.0202,0.0216,0.0170)
C6 (0.1181,0.1146,0.1239) C14 (0.009,0.0140,0.0121)
C7 (0.0453,0.0426,0.0422) C15 (0.0087,0.0105,0.0058)
C8 (0.2264,0.2198,0.2460)
The weights of low-value evaluation indicators C1~C4, C6, C7, C9, C12 and C14 have improved in the use of variable weight method. And the result R can be
obtained by R= ×V W :(0.563,0.102,0.0064).
The evaluation results of the network security before and after using the variable weight method are shown in Fig. 3:
Figure 3. Comparison of evaluation results of variable weight method and constant weight method.
[image:7.612.215.391.511.661.2]improved, which highlights the effect of low-value indexes. As can be seen from the Fig.3, the overall evaluation value of the network security has increased, that is, to enhance the risk degree of the assessment results.
Conclusions
In this paper, firstly, the security of the network is evaluated by using the fuzzy evaluation method based on cloud model, and membership cloud is used as the membership function, so stochastic characterization of evaluation is enhanced, making the results close to actual better. Then, the weights of the network security evaluation indexes are adjusted by using the variable weight method. By comparing the evaluation results obtained by the two methods, the variable weight method can highlight the factors of low scores, and can be used in different stages of the system. And in above example, the degree of the security threat of the comprehensive evaluation result is improved by the variable weight method, which can remind the decision-makers to strengthen the prevention.
References
[1] Xiang H, Fy L, Zhan B. Information security evaluation and risk assessment[M]. Beijing: Publishing House of Electronics Industry, 2008:3-10. In Chinese.
[2] Ma Y L, Shao Q F, Sun M. Evaluation theory and method and its military application [M]. Beijing: National Defense Industry Press, 2013:15-19,105-120 In Chinese.
[3] Wang C. Study of Effectiveness Evaluation of C4ISR Communication Network System based on Gray Hierarchy Model [D]. Hebei University, 2015:24-27. In Chinese.
[4] SAATY T L, VARGAS L G. Models, methods, concepts & applications of the analytic hierarchy process [M]. New York: Kluwer Academic, 2001: 22-73.
[5] Nitin K. Mandavgade, S.B. Jaju, R.R. Lakhe. Assessment of qualitative factors affecting uncertainty measurement using AHP [J]. International Journal of Industrial and Systems Engineering, 2015, 21(3):277-301.
[6] Deng X F, Yao Y Y. Decision-theoretic three-way approximations of fuzzy sets [J]. Information Sciences. 2014, 279: 702-715.
[7] Joseph Giarratano, Gary Riley. Expert Systems Principles and Programming. [8] Sun B, Xiao R C. Bridge Fire Risk Assessment System Based on Analytic Hierarchy Process-Fuzzy Comprehensive Evaluation Method [J]. Journal of Tongji University (Natural Science), 2015, 43(11):1619-1625. In Chinese.
[9] Song R J, Chen Y M. Fuzzy synthetic evaluation of relay protection based on variable weight value [J]. Power System Protection and Control, 201644(3):46-50. In Chinese.
[11] Feng W Q, Zhang Y J. Object-oriented Change Detection for Remote Sensing Images Based on Fuzzy Comprehensive Evaluation [J]. Geomatics and Information Science of Wuhan University, 2016, 41(7):857-881. In Chinese.
[12] AN Min, CHEN Yao, BAKER Chris J. A Fuzzy Reasoning and Fuzzy-analytical Hierarchy Process Based Approach to the Process of Railway Risk Information: A Railway Risk Management System [J]. Information Science, 2011, 181(18): 3946-3966.
[13] Zhang S B, Xu C X. Study on the trust evaluation approach based on cloud model [J]. Chinese Journal of Computers, 2013, 36(2):422-431. In Chinese.
