CN102457411B - Network security situation fuzzy evaluation method based on uncertain data - Google Patents

Abstract

The invention provides a fuzzy evaluation method used for evaluating a network security situation value of a hierarchical model, and the method comprises the steps that: an evaluation factor set and a judgment set used for evaluating network security situation indexes of a top-level node of the hierarchical model are determined; a membership function is established, and the probability that attribute data of each child node in the evaluation factor set belong to different judgment ranks in the judgment set is determined according to the membership function; a fuzzy evaluation matrix is established on the basis of the determined probability that each child node belongs to different judgment ranks; the importance weight of each child node over the top-level node of the hierarchical model is determined; and the network security situation indexes of the top-level node is calculated according to the established fuzzy evaluation matrix and the determined importance weight of each child node over the top-level node of the hierarchical model, and thereby the network security situation value of the hierarchical model is finally calculated. The fuzzy evaluation method has the advantages that the security situation of a network is evaluated through introducing fuzzy mathematics and a fuzzy analytical hierarchy process (FAHP) into the fuzzy evaluation method, and thereby the problem of data uncertainty during the evaluation of the network security situation is well solved.

Description

Network safety situation fuzzy evaluation method based on uncertain data

Technical field

The present invention relates to a kind of network safety situation fuzzy evaluation method, particularly a kind of network safety situation fuzzy evaluation method based on uncertain data.

Background technology

Along with the generally popularization of network application, various security incidents emerge in an endless stream, and network is caused harm in various degree.Common network security facility such as fire compartment wall, intruding detection system etc., the network information that obtains can only be reported to the police with the form of daily record, can only explain some main frame and has met with what network attack, and it is difficult to describe whole network of network security postures.Network safety situation is meant current state and the variation tendency by the safety of the whole networks that factor constituted such as various network device operation conditions, network behavior and user behavior.It should be noted that situation stresses the relation of environment, dynamic and inter-entity, is a kind of state, a kind of trend, and the notion of integral body and macroscopic view, any single circumstance or state all can not be referred to as situation.In order to help the network management personnel that the network security situation of being supervised is had clear, a comprehensive understanding, need assess the security postures of network.

The unification that index system is made up of some indexs that interknit, complement each other is whole, is used for estimating and reacting certain situation in certain field.The application of index system very extensively, in the respond sustainable development overall national strength assessment indicator system of national overall national strength of national aspect, the stock price index of the current prices of stocks that responds in financial service field change etc.In network safety filed; The network security index system is used to weigh the security postures of a network; Coming the safe condition of reaction network, network safety situation index through the variation of the value of network situation index in the network security index system is numerical value or the vector that the various factors that influences its security postures in certain network area in certain time cycle is adopted the reflection network general safety situation that certain method carries out obtaining after comprehensive assessment quantizes.Do like this, from the log analysis of magnanimity, free the keeper on the one hand, be convenient to the safe condition that administrative staff can get information about network; On the other hand, be convenient to the staple that the keeper in time finds to influence network security, accomplish to shoot the arrow at the target, carry out safety prevention measure.

In the existing network security situation evaluating method, the more representational hierarchical network threat situation appraisal procedure that comprises people's propositions such as Chen Xiuzhen etc.Fig. 1 is that the true hierarchical network system safety that proposes of Chen Xiu threatens situation quantitative evaluation model.As shown in Figure 1, this assessment models is divided into network system, main frame, service and 4 levels of attack/leak from top to bottom.The network security situation evaluating method that is used for this assessment models is taked the assessment strategy of " from bottom to top, earlier local back is whole ", reports to the police and leak information is initial data with IDS, in conjunction with the Internet resources consumption, finds the threat situation of service that each main frame provides; Then, attack layer statistical analysis and attack the order of severity, frequency and network bandwidth occupancy, the security threat situation of assessment respective services; On this basis, the safe condition of each main frame in the comprehensive assessment network system; Assess the security threat situation of whole local area network system at last according to network architecture.In the method; The system manager is to being carried out quantitative assignment by the normal average access amount of different periods of protecting network system; Represent that with 1,2,3,4,5 visit capacity is very low, basic, normal, high, very high respectively, its value is big more, and expression average access amount is big more.Then this being carried out normalization handles.

But, the assessment of network situation is similar to the multiple attribute decision making (MADM) problem of complication system, relate to a large amount of uncertain factors.Model with Fig. 1 is that example is explained the uncertain problem in the existing network safety situation evaluation system now.Cause that probabilistic reason is mainly from the following aspects:

◆ the uncertainty of attribute data.Such as in this model; Utilize the normal average access amount of different periods of network system to weigh distributed denial of service attack (Distributed Denial of service; Be designated hereinafter simply as DDos) harm; But lacking very clear and definite corresponding relation between the normal average access amount of different periods of network system and the order of severity of attack, can only be a kind of judgement of ambiguity.The evaluation conclusion of network safe state is that will to draw network be the conclusion that is in " safety " or is in " danger " state.In essence, do not have tangible line of demarcation between " safety " and " danger ", promptly exist a kind of state of middle transition between safety and the danger, this state has certain fuzziness.

◆ some factor that influences network security receives the influence of external environment bigger, has contingency, like hacker attacks etc., does not often have regularity, is difficult to prediction.Owing to these reasons, make people be difficult to grasp and carry out the needed accurate information of security evaluation, thereby the result and the live network situation that cause obtaining sometimes are very not identical.

◆ the uncertainty of importance between the attribute.Also there is uncertainty to the importance between the various services in this model.Be difficult to the weight of all properties is directly provided a rational value.

Because the network safety situation appraisement system based on model shown in Figure 1 relates to a large amount of uncertainties, therefore only directly attribute is carried out quantitative assignment based on detected attribute data and is mapped to making subjective factor bigger on the corresponding level of security to the influence that said method calculates by the system manager.That is to say; Threaten in the situation appraisal procedure at this hierarchical network; Between mapping between each property value and the network safety situation and each attribute importance confirm a kind of dynamically, the assessment that plays a major role of multivariable, human factor, so its uncertain factor is many, logical relation is complicated.And though in said method, combine objective statistical information and subjective experience knowledge to provide a concrete importance measures, it has ignored ambiguity and the uncertainty between the network security attribute importance between attribute data and the network safe state.

Summary of the invention

The technical problem that the present invention will solve provides a kind of network safety situation fuzzy evaluation method based on uncertain data, and it assesses the security postures of network through introducing fuzzy mathematics and fuzzy stratification.

For this reason; The present invention provides a kind of fuzzy evaluation method that is used to assess the network safety situation value of hierarchy type model; This hierarchy type model comprises top layer indicator layer and bottom indicator layer at least; Wherein the top layer indicator layer is made up of the top mode of expression network safety situation value, and this method may further comprise the steps:

(a), confirm to be used to assess the assessment factor collection U={u of the network safety situation index of its upper layer node according to the bottom child node in this bottom indicator layer ₁, u ₂..., u _nAnd pass judgment on collection V={v ₁, v ₂..., v _m;

(b) make up membership function, and confirm that based on this membership function the attribute data of each child node that this assessment factor is concentrated belongs to this judge and concentrates the different probability of passing judgment on grade;

(c) belong to the different probability of passing judgment on grade based on each definite child node of step (b), make up the fuzzy evaluation matrix;

(d) confirm the weights of importance of each child node to its upper layer node;

(e) according to the fuzzy evaluation matrix that makes up in step (c) with in the weights of importance of definite each child node of step (d), calculate the network safety situation index of this upper layer node to its upper layer node; And

(f) judge whether this upper layer node is the top mode of this hierarchy type model; If the top mode of this hierarchy type model, the network safety situation index of this upper layer node that then in step (e), calculates is the network safety situation value of this hierarchy type model; If not top mode; Then with the network safety situation index of this upper layer node of calculating in the step (e) attribute data as this upper layer node; Confirm to be used to assess the assessment factor level and judge collection of its network safety situation index to the upper layer node of this upper layer node; And continue execution in step (b), (c), (d), (e), up to calculating this network safety situation value.

The fuzzy evaluation method of aforesaid network safety situation value, wherein this bottom layer node is for can directly collecting the node of attribute data.

The fuzzy evaluation method of described as stated network safety situation value, wherein this hierarchy type model also comprises the Medium Counter layer, wherein the intermediate layer child node of this Medium Counter layer is that DDOS attacks index and/or wooden horse is attacked index.

The fuzzy evaluation method of aforesaid network safety situation value, wherein the bottom child node of each intermediate layer child node is that event number, growth rate and source address distribute.

The fuzzy evaluation method of aforesaid network safety situation value, wherein this judge collection comprises that four are passed judgment on grade.

The fuzzy evaluation method of aforesaid network safety situation value, wherein step (d) comprising:

(i) compare in twos through importance, set up the importance degree comparator matrix all child nodes of upper layer node;

(ii) convert this importance degree comparator matrix into fuzzy consensus property matrix; And

(iii), confirm the weights of importance of each child node to its upper layer node according to the relation between this fuzzy consensus property matrix and the weights of importance.

The fuzzy evaluation method of aforesaid network safety situation value, wherein step (ii) comprises:

All elements to each row in this importance degree comparator matrix is sued for peace; And

Calculate each element in this fuzzy consensus property matrix according to following formula:

${\stackrel{\‾}{r}}_{\mathrm{ij}}=(r_i-r_j)/2n+0.5$

R wherein _i, r _jBe respectively i, j in this importance degree comparator matrix all elements in capable and; N is the number that belongs to the child node of assessment factor collection.

The fuzzy evaluation method of aforesaid network safety situation value, wherein step (iii) comprises according to the weights of importance of following each child node of formula calculating to its upper layer node:

${\mathrm{\ω}}_{\mathrm{ki}}=\frac{2*\underset{j=1}{\overset{n}{\mathrm{\Σ}}}{\stackrel{\‾}{r}}_{\mathrm{ij}}-1}{n*(n-1)}$

Wherein

is each element in the fuzzy consensus property matrix.

The fuzzy evaluation method of aforesaid network safety situation value, wherein step (e) comprising:

(1) according to the fuzzy evaluation matrix that makes up in step (c) with in the weights of importance of definite each child node of step (d), calculates the fuzzy index vector of this upper layer node to its upper layer node; And

(2) according to should fuzzy this upper layer node of index vector sum belonging to the concentrated probability of respectively passing judgment on grade of judge, calculate the network safety situation index of this upper layer node.

The fuzzy evaluation method of aforesaid network safety situation value, wherein the fuzzy index of this upper layer node vector is through will be in definite each child node of step (d) with respect to the weights of importance of its upper layer node and obtain at the definite fuzzy evaluation matrix multiple of step (c).

The fuzzy evaluation method of aforesaid network safety situation value wherein calculates the network safety situation index of this upper layer node according to following formula:

$\mathrm{Value}=\underset{k=1}{\overset{m}{\mathrm{\Σ}}}{z}_k\×{\stackrel{\‾}{v}}_k$

Wherein zk is the element in the fuzzy index vector, and vk passes judgment on the interval mean value of value of grade for each, and m concentrates the number of passing judgment on grade for passing judgment on.

The present invention lies among the appraisal procedure through the expression with uncertain information; The situation of using natural language to explain to qualitative index; Use fuzzy set theory to be converted into the mathematic(al) representation that is easy to machine processing to the information of index, well solved the probabilistic problem of data in the network safety situation assessment.

Description of drawings

Fig. 1 is the hierarchical network system safety threat situation quantitative evaluation model according to prior art;

Fig. 2 is the network security index system hierarchy type model according to the embodiment of the invention;

Fig. 3 is the flow chart based on the network safety situation fuzzy evaluation method of uncertain data according to the embodiment of the invention.

Embodiment

Below in conjunction with accompanying drawing and embodiment the present invention is explained.

Fig. 2 is the hierarchy type model according to the network security index system of the embodiment of the invention.As shown in Figure 2, this model comprises three indicator layers, is respectively: comprise top mode the top indicator layer, comprise the middle part indicator layer of intermediate layer child node and comprise the bottom indicator layer of bottom child node.Wherein, each node is represented an attribute of this network security index system, and is as shown in Figure 2, and top mode is the situation that network that the network security management person is concerned about is attacked, and weighs with the threat index; The intermediate layer child node is to be used to assess the distributed denial of service attack exponential sum wooden horse that threatens index to attack index; The attribute data that the bottom child node normally can directly collect for example is used to assess event number, growth rate, source address distribution and the event number that is used to assess wooden horse attack index, growth rate and the source address distribution that DDOS attacks index.

Above-mentioned hierarchy type model is merely exemplary, and it is not limited to three-decker, can also be to comprise hierarchy type models for example two-layer, four layers etc.Those skilled in the art also are appreciated that; Network security situation evaluating method of the present invention can also be used to assess the network safety situation of hierarchy type model of other network security index system, and for example Chen Xiu really waits the hierarchy type model of attack/leak that the people proposes, service, main frame, four levels of network.

Below, specify the fuzzy evaluation method of network safety situation of the present invention.

Fig. 3 is the flow chart based on the network safety situation fuzzy evaluation method of uncertain data according to the embodiment of the invention.As shown in Figure 3, this method comprises following step:

Step 1: according to the bottom child node of hierarchy type model, confirm to be used to assess its upper layer node the network safety situation index set of factors with pass judgment on grade.

If U={u ₁, u ₂..., u _nThe fuzzy set formed of each lower level node of a certain upper layer node of expression influence, for example the bottom child node among Fig. 2: attributes such as event number, growth rate, source address distribution.

If V={v ₁, v ₂..., v _mRepresent the judge collection of these attributes.Pass judgment on grade vi through the interval of 0-1 being divided and is assigned to each that pass judgment on collection V, the value of choosing after the normalization for each grade is interval.For example choose the fuzzy expression mode V={v of four grades in the present invention ₁, v ₂, v ₃, v ₄, pass judgment on collection V={v ₁, v ₂, v ₃, v ₄Corresponding on the quantity key element respectively the implication of expression be: v ₁Represent quantity " seldom ", the value interval after the quantity normalization of its representative is (0-0.1), and mean value does

v ₂Represent quantity " to lack ", the value interval after the quantity normalization of its representative is (0.1-0.5), and mean value does

v ₃Represent quantity " many ", the value interval after the quantity normalization of its representative is (0.5-0.9), and mean value does

v ₄Represent quantity " a lot ", the value interval after the quantity normalization of its representative is (0.9-1.0), and mean value does

The number of the opinion rating among the above-mentioned evaluation set V also can be for other be worth, and for example three, five etc., for example passing judgment on collection V can be V={v ₁, v ₂, v ₃, v ₄, v ₅, each grade v wherein ₁, v ₂, v ₃, v ₄, v ₅For example represent quantity " seldom ", " lacking ", " generally ", " many ", " a lot " respectively.

Though above-mentioned judge collection V respectively passes judgment on grade v ₁, v ₂, v ₃, v ₄The value interval be divided into (0-0.1), (0.1-0.5), (0.5-0.9) and (0.9-1.0); But it will be appreciated by those skilled in the art that; Also can pass judgment on grade to each and in the 0-1 interval, make other interval division, for example will pass judgment on grade v according to expertise according to certain expertise ₁, v ₂, v ₃, v ₄The value interval division be (0-0.2), (0.2-0.5), (0.5-0.8) and (0.8-1.0).

Step 2: make up the degree of membership evaluation function.

How does this step pass judgment on the result after the normalization if mainly solving? Because the judge that different expert is worth after to normalization has very big uncertainty, thus the present invention confirms each attribute through being introduced in the membership function that uses in the fuzzy control field to uncertain system, be that value after each child node normalization belongs to pass judgment on and collects V={v ₁, v ₂..., v _mIn respectively pass judgment on grade v _iProbability in, thereby the security postures of network is assessed, to overcome the uncertainty of expert's subjective assessment.

This membership function can define according to expertise, and main effect is the expertise obfuscation, but must meets the following conditions: two membership functions of passing judgment on grade of (1) head and the tail should be dull; (2) membership function of adjacent two grades must intersect, and embodies the notion of the fuzzy set of " being this or that ", and membership function should not intersect between non-conterminous two grades; (3) a certain index of any one unit should be 1 to the subjection degree sum of difference judge grade.

Calculate each child node through membership function and belong to the different probability of passing judgment on grade.Such as v _iMembership function f _i(x), wherein x representes the value after certain attribute quantification normalization:

$f_1\left(x\right)=\&GreaterEqual;\left\{\begin{array}{cc}1& x\&le;0.05\\ 4*(0.3-x)& 0.05<x<0.3\\ 0& x\&GreaterEqual;0.3\end{array}\right.$ $f_2\left(x\right)=\&GreaterEqual;\left\{\begin{array}{cc}0& x\&GreaterEqual;0.7,x\&le;0.05\\ 4*(x-0.05)& 0.05<x<0.3\\ 2.5*(0.7-x)& 0.3<x<0.7\end{array}\right.$

$f_3\left(x\right)=\&GreaterEqual;\left\{\begin{array}{cc}0& x\&GreaterEqual;0.95,\&le;0.3\\ \frac{5*(x-0.3)}{2}& 0.3<x\&le;0.7\\ 4*(0.95-x)& 0.7<x<0.95\end{array}\right.$ $f_4\left(x\right)=\&GreaterEqual;\left\{\begin{array}{cc}1& x\&GreaterEqual;0.95\\ 4*(x-0.7)& 0.7<x<0.95\\ 0& x\&le;0.7\end{array}\right.$

For example the value after attribute quantification normalization is 0.5, utilizes above-mentioned membership function so, can calculate it and belong to v ₁Probability be f ₁=0, belong to v ₂Probability f ₂=0.5, belong to v ₃Probability f ₃=0.5, belong to V ₄Probability f ₄=0.

Step 3: make up the fuzzy evaluation matrix.

Each child node that calculates according to the membership function of step 2 belongs to different probability and the hierarchy type network security index systems of passing judgment on grades, the fuzzy evaluation matrix A=(a of each attribute in the building network safety index system _Ij) _{N * m}, a wherein _i={ a _I1, a _I2..., a _IjRepresent that a certain attribute i (like event number among Fig. 2) belongs to judge class set V={v ₁, v ₂..., v _jIn the probability of each element.This probability is mainly according to the normalized value of this attribute, through the opinion rating v that makes up in step 2 _jMembership function f _j(x) calculate.Be a _Ij=f _j(i), it representes that a certain attribute i belongs to judge grade V _jProbability.

Step 4: confirm different attribute, be the weight of each lower floor's child node to the importance of its upper layer node.

This step mainly is used for assessing the contribution degree of different attribute to upper layer node, promptly belongs to each contribution degree to this upper layer node in all lower floor's child nodes of same upper layer node.

Certainly, method of the present invention can directly utilize expert's knowledge experience to specify the weight of different sub node, such as there being some upper layer node that three attribute A, B, C are arranged.The manager can directly specify its weight, such as being 0.5,0.3,0.2, as long as guarantee and be 1.

More preferably, the present invention also provides a kind of and comes rationally to assess objectively in the network security index system hierarchy type model each child node to the contribution degree of its upper layer node through introducing the relative importance judgment matrix.It is divided into following several stages:

◆ set up the significance level comparator matrix, promptly the importance to all child nodes under some upper layer node compares in twos, obtains it about the fuzzy complementary matrix R=(r of relative importance _Ij) _{N * n}, r wherein _IjExpression child node i and child node j compare the relative significance level of node layer k on it.The present invention can carry out scale with the quantity between 0.1～0.9, if r _IjBig more, show that child node i is bigger to the contribution degree of last layer node k than child node j, establishes r _Ii=0.5 and r _Ij=1-r _Ji

◆ it comprises following two steps to convert matrix R into fuzzy consensus property matrix

:

At first all elements summation to each row of matrix R is designated as r _k(k=1,2 ..., n);

Secondly, according to formula

Calculate fuzzy consensus property matrix

r _i, r _jFor the i of the matrix R that tries to achieve in the last step the capable and capable all elements of j with.

◆ according to the relation of fuzzy consensus property matrix element and weight, confirm the weight of indicator layer node with respect to upper layer node.Suppose that certain upper layer node k has the n node, child node j to the weights of importance

of upper layer node k wherein

be the element in the fuzzy consensus property matrix

that obtains in the last step.

Step 5: Fuzzy Calculation and interpretation of result.

At above-mentioned structure fuzzy evaluation matrix with on the basis of the weights of importance of the different attribute of having confirmed, the result is carried out Fuzzy Calculation, obtain final network safety situation value.Suppose that node k has the n node, the weight of each child node is respectively ω _K1, ω _K2... ω _Kn, this n node is A=(a according to the fuzzy evaluation matrix that step 3 makes up _Ij) _{N * m}Thereby, through Z=(ω _K1, ω _K2... ω _Kn) A=(z ₁, z ₂... Z _m) calculate the fuzzy index vector of node k.Z _iRepresent that this node k belongs to judge collection V={v in the step 1 ₁, v ₂..., v _mThe probability of different elements, through Calculate the security postures index of upper layer node k.

Step 6 judges whether the upper layer node k that has calculated its security postures index is top mode.If this security postures index that then calculates is final network safety situation value; If this node k is not a top mode; Then to the upper layer node of node k confirm to comprise this upper layer node indicator layer the factor level with pass judgment on grade; And continue execution in step 2,3,4,5, and up to the network safety situation index that calculates top mode, promptly final whole network safety situation value.

This shows that method of the present invention has reduced the influence that uncertain factor causes assessment result through the following aspects:

1, the evaluation index in the indicator layer of bottom is quantized normalization.Because event number, the problem of great disparity may make that assessment result is uncertain if directly use it for assessment, thereby lose meaning of estimation between the disunity of type such as growth rate and unit and numbered magnitude; Therefore the present invention's data to evaluation index before assessment are carried out standardization, are to assess after the normalization again, avoid the generation of un-reasonable phenomenon.

2, the result after the normalization is passed judgment on.Because the property value after the normalization possibly be distributed in [0,1] scope, how these results further to be passed judgment on and have very big uncertainly, the knowledge that different experts possibly provide there are differences; Therefore the present invention makes to form mapping between each property value and the network safety situation, thereby uncertain data is provided fuzzy evaluation through introducing membership function, on the basis of fuzzy evaluation, improves the accuracy that network safety situation is analyzed.

3, the assessment different attribute promptly solves the importance degree of each attribute in the network security index system model to the contribution degree of its upper layer node.The present invention is through introducing the contribution degree that the relative importance judgment matrix rationally assesses objectively each node in the network security index system hierarchy type model, thinks the factor uncertainty that assessment brings to attribute importance thereby overcome.

In general; The present invention has broken through the subjectivity of traditional network safety situation assessment; Through introducing the technology of fuzzy evaluation and uncertain data processing; Introduce the computable method of a cover and come the security postures index of computing network, made network security index system further practicability aspect the assessment network safety situation, also made the knowledge and experience of in the network safety situation assessment, effectively having taked most of expert; And handle with relativity through fuzzy on this basis, make the result of assessment to accept more widely.

It should be noted last that above embodiment is only unrestricted in order to technical scheme of the present invention to be described.Although the present invention is specified with reference to embodiment; Those of ordinary skill in the art is to be understood that; Technical scheme of the present invention is made amendment or is equal to replacement, do not break away from the spirit and the scope of technical scheme of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.

Claims (6)

1. fuzzy evaluation method that is used to assess the network safety situation value of hierarchy type model; This hierarchy type model comprises top layer indicator layer and bottom indicator layer at least; Wherein the top layer indicator layer is made up of the top mode of expression network safety situation value, and this method may further comprise the steps:

(a), confirm to be used to assess the assessment factor collection U={u of the network safety situation index of its upper layer node according to the bottom child node in this bottom indicator layer ₁, u ₂..., u _nAnd pass judgment on collection V={v ₁, v ₂..., v _m, wherein, u _nIndicate to assess n attribute, m representes the number of the concentrated judge grade that comprises of said judge;

(b) make up membership function, and confirm that according to this membership function the attribute data of each child node that this assessment factor is concentrated belongs to this judge and concentrates the different probability of passing judgment on grade; Wherein, this membership function meets the following conditions: two membership functions of passing judgment on grade of (1) head and the tail should be dull; (2) membership function of adjacent two grades must intersect, and membership function should not intersect between non-conterminous two grades; (3) concentrated each child node of assessment factor should be 1 to the subjection degree sum of difference judge grade;

(c) belong to the different probability of passing judgment on grade based on each definite child node of step (b), make up fuzzy evaluation matrix A=(a _Ij) _{N * m}, a wherein _Ji=f _j(i), f _j(i) expression child node i belongs to judge grade v _jProbability;

(d) confirm the weights of importance ω of each child node to its upper layer node ₁, ω ₂ω _n

(e) according to the fuzzy evaluation matrix that makes up in step (c) with in the weights of importance of definite each child node of step (d), calculate the fuzzy index vector Z=(ω of this upper layer node to its upper layer node ₁, ω ₂ω _n) A=(z ₁, z ₂Z _m), calculate the network safety situation index of this upper layer node then:

Z wherein _kBe the element in the fuzzy index vector, For each passes judgment on the interval mean value of value of grade; And

(f) judge whether this upper layer node is the top mode of this hierarchy type model; If the top mode of this hierarchy type model, the network safety situation index of this upper layer node that then in step (e), calculates is the network safety situation value of this hierarchy type model; If not top mode; Then with the network safety situation index of this upper layer node of calculating in the step (e) attribute data as this upper layer node; Confirm to be used to assess the assessment factor level and judge collection of its network safety situation index to the upper layer node of this upper layer node; And continue execution in step (b), (c), (d), (e), up to calculating this network safety situation value.

2. the fuzzy evaluation method of network safety situation value as claimed in claim 1, wherein this bottom layer node is for can directly collecting the node of attribute data.

3. according to claim 1 or claim 2 the fuzzy evaluation method of network safety situation value, wherein this hierarchy type model also comprises the Medium Counter layer, wherein the intermediate layer child node of this Medium Counter layer is that DDOS attacks index and/or wooden horse is attacked index.

4. the fuzzy evaluation method of network safety situation value as claimed in claim 3, wherein the bottom child node of each intermediate layer child node is that event number, growth rate and source address distribute.

5. according to claim 1 or claim 2 the fuzzy evaluation method of network safety situation value, wherein this judge collection comprises that four are passed judgment on grades.

6. according to claim 1 or claim 2 the fuzzy evaluation method of network safety situation value, wherein step (d) comprising:

(i) compare in twos through importance, obtain importance degree comparator matrix R=(r all child nodes of upper layer node _Ij) _{N * n}, r wherein _IjExpression child node i and child node j compare the relative significance level of node layer on it;

(ii) convert this importance degree comparator matrix into fuzzy consensus property matrix; Said step (ii) may further comprise the steps: all elements to each row in this importance degree comparator matrix is sued for peace; And calculate each element in this fuzzy consensus property matrix according to following formula:

${\stackrel{\&OverBar;}{r}}_{\mathrm{ij}}=(r_i-r_j)/2n+0.5$

R wherein _i, r _jBe respectively i, j in this importance degree comparator matrix all elements in capable and; N is the number that belongs to the child node of assessment factor collection; And

(iii), calculate the weights of importance of each child node to its upper layer node according to following formula according to the relation between this fuzzy consensus property matrix and the weights of importance:

${\mathrm{\&omega;}}_i=\frac{2*\underset{j=1}{\overset{n}{\mathrm{\&Sigma;}}}{\stackrel{\&OverBar;}{r}}_{\mathrm{ij}}-1}{n*(n-1)}.$

Images