刘芳,戴葵,王志英,吴丹

DOI: https://doi.org/10.3969/j.issn.1000-3428.2004.18.007

2004-01-01

Abstract:In this paper, the necessity and feasibility of quantitative security evaluation are analyzed, in particular with regard to nowadays security requirements. Based on the probability and statistics, the quantitative security model is brought forward. And then a complete quantitative evaluating system is introduced, which is based on the modularization and the quantitative security model. Finally, the rationality and validity of this system are verified through experiments.

SHEN Jin-chang,DU Shu-xin,LUO Yi,LUO Ji-yang,YANG Qian,CHEN Zhi-feng

DOI: https://doi.org/10.3969/j.issn.1001-7402.2012.06.017

2012-01-01

Abstract:Instead of fuzzy membership function,by the theory of backward cloud generator and the algorithm of cloud we evaluate the fuzzy comprehensive system with the cloud model,which has the quality of fuzzy,random and statistic.Finally,with the supervision and testing data of food safety,we compare the method of cloud model with the normal method of fuzzy membership function,which proves that the cloud model has more advantages than the normal method.

Liu Qi,Xiong Jia,Deng Yong

DOI: https://doi.org/10.1080/03081070701189341

2008-01-01

International Journal of General Systems

Abstract:Uncertain information and domain experts' knowledge are inevitable in risk analysis of complex systems. Fuzzy reasoning is one of the ways to handle uncertainty. In addition, in order to represent the confidence degree of experts' subjective assessment, generalized fuzzy numbers are used for risk quantification in this paper. Based on the generalized fuzzy numbers arithmetic operation, a simple algorithm is developed to obtain final risk, which is also represented as generalized fuzzy number. A new similarity measure is proposed to determine the risk level. Compared with the previous works, our method is more reasonable. A numerical example is used to show the efficiency of the proposed method.

Wei-Guo Zhang,Qin Mei,Qian Lu,Wei-Lin Xiao

DOI: https://doi.org/10.1016/j.cie.2011.05.003

IF: 7.18

2011-01-01

Computers & Industrial Engineering

Abstract:This paper deals with the problems of both project valuation and portfolio selection under the assumption that the investment capitals and the net cash flows of the projects are fuzzy variables. Using the credibilistic expected value and the credibilistic lower semivariance of fuzzy variables, this paper proposes both the credibilistic return index and the credibilistic risk index, which are measures of investment return and investment risk with annuity form for evaluating single project. Moreover, a composite risk-return index for selecting the optimal investment strategy is also presented. Then, we set up a general project portfolio optimization model with fuzzy returns and two specific models: triangle and interval fuzzy returns. Furthermore, we provide two algorithms: the improved heuristic rules based on genetic algorithm and the traversal algorithm. Finally, two numerical examples are presented to illustrate the efficiency and the effectiveness of these proposed optimization methods.

Wen Jiang,Chunhe Xie,Yu Luo,Yongchuan Tang

DOI: https://doi.org/10.3233/JIFS-16139

2017-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:Z-number, a new concept describes both the restriction and the reliability of evaluation, is more applicable than fuzzy numbers in the fields of decision making, risk assessment etc. However, how to deal with the restriction and the reliability properly is still a problem which is discussed few and inadequately in the existing literatures. In this paper, firstly, a new improved method for ranking generalized fuzzy numbers where the weight of centroid points, degrees of fuzziness and the spreads of fuzzy numbers are taken into consideration is proposed, which can overcome some drawbacks of exiting methods and is very efficient for evaluating symmetric fuzzy numbers and crisp numbers. Then, a procedure for evaluating Znumbers with the method for ranking generalized fuzzy numbers is presented, which considers the status of two parts (((A) over tilde,(B) under tilde)) of Z-numbers and gives the principles of ranking Z-numbers. The main advantage of the proposed method is utilization of Z-numbers which can express more vague information compared with the fuzzy number. In addition, instead of converting (B) over tilde to a crisp number as the existing methods of ranking Z-numbers did, the proposed method retains the fuzzy information of (B) over tilde which can reduce the loss of information. Finally, several numerical examples are provided to illustrate the superiority and the rationality of the proposed procedure.

LI Hetian,LIU Yun,HE Dequan

DOI: https://doi.org/10.3321/j.issn:1001-4632.2007.01.023

2007-01-01

Abstract:A security risk evaluation method based on fuzzy-set comprehensive evaluation theory is demonstrated in this paper to obtain the aim of quantitatively assessing security risk.The security risk is evaluated by making the fuzzy matrix for security risk and addressing risk factor set,security risk indicator sets and the weigh coefficient of security risk factors and applied to the railway passenger ticket system.The security targets provided by the railway passenger ticket system consist of system security,availability,identification authenticity and transaction reliability in order to protect the physical assets and information assets in face of the threats which come from system itself,personnel, environmental and natural disasters.The proposed model for security risk evaluation is used to calculate the security severity of Web server for the system.The numeric results for security risk also provide a method to decide the most critical component of the system which should arouse the system administrator enough attention to take the appropriate technical or administrative security measure or controls to enhance the security of the system.

Chen-lu WANG,Min HU,Chun-yang LIU,Zhi XUE,Yong SHI

DOI: https://doi.org/10.3969/j.issn.1002-0802.2017.12.030

2017-01-01

Abstract:The existing threat intelligence cannot be well applied to the financial industry, while the domestic and foreign security standards lack computability. Therefore, it is an important issue to propose a quantifiable security index for the financial system. By referring to the security standards both at home and abroad, the hierarchical security index system based on threat intelligence for the financial industry is proposed. According to the different methods of quantification, the collected indexes may be divided into five categories including time index, frequency index, expert experience index, positive correlation index and trend index. Then, the expert ranking method is used to assign the weights subjectively, and the weights are adjusted objectively through the significance test. Finally, by referring to analytic hierarchy process (AHP), the quantification of superior indicators is aggregated and acquired through indicators of all levels.

刘新东,江全元,曹一家,陈为化

DOI: https://doi.org/10.3969/j.issn.1006-6047.2009.02.004

2009-01-01

Abstract:Based on probability theory,risk theory and fuzzy reasoning are applied to the transient security risk assessment of power system.Quantified risk indices are achieved by using specified severity function to quantify the maximal offsets of frequency and voltage and the margins of angle rotor stability and fault clearing time.The quantified frequency and voltage risk index are used to calculate the steady index by the steady fuzzy controller while the quantified margins of angle rotor stability and fault clearing time are used to calculate the transient index by the transient fuzzy controller.The system transient stability index is calculated by the weighted integration of steady index and transient index.Based on it,the software of transient security risk assessment is developed.Case study of risk indices calculation for a permanent three-phase grounding fault of New England 39-bus test system shows its effectiveness and rationality.

LI Zhi-guo,ZENG Qing-kai

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.02.035

2008-01-01

Abstract:This paper proposes a quantitative security evaluation model,BFN,which reflects the probability relationship between functional components and threats in a system,based on risk analysis approach. By this model it can quantitatively evaluate the deficiency in functional components of a system as well as its impact on the system. The experiments demonstrate that the model can compare different systems in security,and optimize a system by analyzing its weakness.

Deng Yong,Shen Cheng

DOI: https://doi.org/10.14429/dsj.56.1887

IF: 0.667

2006-01-01

Defence Science Journal

Abstract:Since the descriptions and judgements on weapon systems are usually linguistic and-fuzzy, it is more realistic to evaluate weapon systems in the framework of fuzzy sets theory. In this paper, a new method to evaluate the best main battle tank is proposed. It can be seen that the proposed method is more efficient due to the fact that, by canonical representation of arithmetic operation on fuzzy numbers, simple arithmetic operations on crisp numbers are used, instead of complicated fuzzy numbers operations. In addition, the final scores of each alternative can be represented as crisp numbers. As a result, the order of alternatives can be determined without the procedure of ranking fuzzy numbers. Finally, a numerical example to evaluate the best main battle tanks is used to illustrate the efficiency of the proposed method.

Fa-Chao Li,Meng Yang

DOI: https://doi.org/10.1109/icmlc.2014.7009697

2014-01-01

Abstract:Fuzzy number, as the extension of quantity and set, is a common tool for describing uncertain information in practical problems. How to construct measure system reflecting the size characteristics of fuzzy number has important theoretical significance. In this paper, by analyzing the deficiency, and combining with the balance theory of particle system, we establish a measure method for fuzzy equilibrium value based on cut set (CFEV for short), and give the calculation methods for triangular fuzzy number and trapezoidal fuzzy number. Finally, we apply CFEV to a programming example. The result shows that CFEV has good interpretability and easy analysis, it can easily deal with the algebraic operation problems of fuzzy number. All these discussions can provide useful theoretical foundation for fuzzy decision making under complex environment.

Li Hetian,Liu Yun,He Dequan

DOI: https://doi.org/10.1007/bf02831895

2006-01-01

Wuhan University Journal of Natural Sciences

Abstract:A fuzzy set-based evaluation approach is demonstrated to assess the security risks for Internet-banking System. The Internet-banking system is semi-formally described using Unified Modeling Language (UML) to specify the behavior and state of the system on the base of analyzing the existing qualitative risk assessment methods. And a quantitative method based on fuzzy set is used to measure security risks of the system. A case study was performed on the WEB server of the Internet-banking System using fuzzy-set based assessment algorithm to quantitatively compute the security risk severity. The numeric result also provides a method to decide the most critical component which should arouse the system administrator enough attention to take the appropriate security measure or controls to alleviate the risk severity. The experiments show this method can be used to quantify the security properties for the Internet-banking System in practice.

JIANG Rui,LI Jianhua,PAN Li

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.14.051

2005-01-01

Abstract:This paper establishes a new security model of information network system in the way of systematically analyzing the security threatsto the information network system, and determines the relative independent fundamental factors and corresponding sub-factors on security functionsfor information network system. Then it makes a new mathematical model and the method of fuzzy similarity selection on evaluation of securitywith the fuzzy theory. It applies the model quantitatively in evaluating security functions for five example systems, and obtains the quantitativesecurity grades and sequences of the five information network systems. In this way the availability and the novelty of the system security model andthe mathematical evaluation theory are verified.

Jian Cao,Gengui Zhou,Xiaojuan Wu,Ping Li

DOI: https://doi.org/10.1109/wcica.2004.1341947

2004-01-01

Abstract:In view of uncertainty degree of judgment in group-evaluation problem, a new method combined the analytic hierarchy process (AHP) with the basic theory of triangular fuzzy number was given in this paper. A real case study of personnel selection in Matlab environment demonstrated its application and examined its effectiveness. The use of this proposed method indicates that it is easier for the evaluation team not only to obtain impartial and reasonable resulting value, but also to arrive at a consensus decision. Moreover, the consistent degree of decision or opinion of each decision element from different expert can be showed clearly.

程晋芳,张淑媛,刘立民,李法朝,刘阳

2008-01-01

Abstract:In view of the shortcomings of poor structure features and systematicness of current fuzziness metric,by combining fuzziness characteristic function with fuzziness-synthesizing operator,we establish F+S fuzziness metric model,and give tectonic models of the fuzziness characteristic function based on quasi-linear function and synthesizing operator model based on measure theory.Further,we apply F+S fuzziness measure into comprehensive evaluation.The results show that F+S fuzziness measure system has good operability,and can effectively merge the decision consciousness into the information processing,so it can be widely used in many fields such as artificial intelligence,optimizations in complex manufacturing systems.

张鑫,顾庆,陈道蓄

DOI: https://doi.org/10.3969/j.issn.1002-137x.2009.09.032

2009-01-01

Computer Science

Abstract:Quality of protection can be seen as the security target of security modules when doing their security treatments,which can be judged by quantitative criteria.The question of how to evaluate whether the current software system has fulfills the quality of protection target objectively and effectively has become one of the hotspots of research.Currently,however,most security professionals use the qualitative method for security evaluation,which is highly subjective and makes the evaluation result dependent on the individual experience and thus unreliable.So what needed are substantive and quantitative security metrics.Because of the complexity and the difficulty of implementing the security metrics,a novel security evaluation model was presented in this paper,which analyzed the relative security level of given systems from the views of attack surface,denial of service and attack graph.At last,a general discussion for the process and the result of the evaluation were given.

Jin Weiliang,Liu Xin,Lu Z,Chen Tianmin

DOI: https://doi.org/10.3321/j.issn:1001-0505.2006.04.027

2006-01-01

Abstract:To study comprehensive evaluation problems in which criteria values and marks are fuzzy numbers,fuzzy numbers are introduced into grey relational comprehensive evaluation field,then a new multi-level and multi-attribute grey relational comprehensive evaluation method based on plane distance between fuzzy numbers is proposed.To evaluate the safety of fastener-style tubular steel formwork-support(FTSF) in project management,a safety assessment of multi-level and multi-attribute system was established on the basis of consultation with a number of FTSF experts.After investigation in 10 construction sites in terms of questionnaire,the weight and mark of each index in the system was brought out.Utilizing the new method,a system of construction safety appraisal for FTSF is presented.Finally an application shows the correctness and effectiveness of the proposed method and the assessment system for FTSF.

Xiu-Zhen Chen,Qing-Hua Zheng,Xiao-Hong Guan,Chen-Guang Lin,Jie Sun

DOI: https://doi.org/10.1016/j.cose.2004.08.009

IF: 5.105

2005-01-01

Computers & Security

Abstract:How to evaluate network security threat quantitatively is one of key issues in the field of network security, which is vital for administrators to make decision on the security of computer networks. A novel model of security threat evaluation with a series of quantitative indices is proposed on the analysis of prevalent network intrusions. This model is based on multiple behavior information fusion and two indices of privilege validity and service availability that are proposed to evaluate the impact of prevalent network intrusions on system security, so as to provide security evolution over time, i.e., monitor security changes with respect to modification of security factors. The Markov model and the algorithm of D-S evidence reasoning are proposed to measure these two indices, respectively. Compared with other methods, this method mitigates the impact of unsuccessful intrusions on threat evaluation. It evaluates the impact of important intrusions on system security comprehensively and helps administrators to insight into intrusion steps, determine security state and identify dangerous intrusion traces. Testing in a real network environment shows that this method is reasonable and feasible in alleviating the tremendous task of data analysis and facilitating the understanding of the security evolution of the system for its administrators.

Yonghao Wang,Guangping Zeng,Qi Wang,Qingchuan Zhang

DOI: https://doi.org/10.4304/jsw.8.12.3214-3221

2013-01-01

Journal of Software

Abstract:With the increasing demands on software functions, the software systems are becoming larger and more difficult to be managed. The damages caused by system failures are more serious, so the software trustworthiness has become a focus that the international experts and scholars pay close attention to. In the paper, the intension of software trustworthiness has been discussed, and an evaluation method based on fuzzy sets is presented. Finally, a case study is made and the result shows that the designed evaluation method helps to solve the problem about trust evaluation of software resources in open and dynamic environment.

Dehua Kong,Huyuan li,Hongyan dong

DOI: https://doi.org/10.1088/1742-6596/1883/1/012108

2021-04-01

Journal of Physics: Conference Series

Abstract:Abstract With the development of Internet technology and the continuous improvement of social informatization, the network has gradually become an indispensable part of people’s production and life. The importance of network security has received more and more attention. A variety of security products have been applied to the network to strengthen and maintain the safe operation of the network. However, these security means can only play a specific role in a certain range, and lack of effective data fusion and collaborative management mechanism. In the face of many scattered information, network security managers cannot respond to security incidents in time. For the purpose of grasping the current situation and changes of network security, network security situation awareness technology came into being, it has become a new hotspot in network security research. This paper proposes a fuzzy comprehensive evaluation model which combines AHP and fuzzy evaluation method to evaluate network security situation.