Title: Application of Combined Evaluation Method Based on Comprehensive Weight and Gray-fuzzy Theory in Network Security Risk Assessment

Year of Publication: March - 2016
Page Numbers: 38-46
Authors: Zhipeng Li , Zhijie Li, Yongjun Shen and Guidong Zhang
Conference Name: The International Conference on Computing Technology, Information Security and Risk Management (CTISRM2016)
- United Arab Emirates


With the rapid development of network information technology, the corresponding security problem is increasingly serious. It is the primary issue to carry out network security risk assessment that the weight coefficient for the risk factor is reasonably determined. When the fuzzy APH method or entropy method is adopted alone, the corresponding weight coefficient is with subjectivity or with the deviation from the actual in some condition, leading to unscientific evaluation conclusions. On the basis of the two methods above, the comprehensive weight method adopts the subjective-objective preference coefficient and the linear weight method to determine the comprehensive weight coefficient, which is more realistic and scientific. On the other hand, the gray-fuzzy theory has unique advantages over carrying out security assessments on the network information system. Therefore, the combined evaluation theory, based on the comprehensive weight method and gray-fuzzy theory,is proposed in this paper to carry out network security risk assessment. Combination between the weight coefficient above and the gray-fuzzy theory can make the evaluation conclusion for network information systems more scientific. At the same time, network security risk assessment for an actual network information system is performed by the combined evaluation method in this paper, and the evaluation result justify the validity and applicability of this method.