Analytic Hierarchy Process (AHP)-based Vulnerability Quantitative Assessment Method for Information Systems
一种基于层次分析法的信息系统漏洞量化评估方法

This paper proposed a practical vulnerabilities quantitative assessment method for information system based on the Analytic Hierarchy Process (AHP). According to the hierarchical thought,the system vulnerability that reflects the severity serious degree model was decomposed into four factors, such as factors layer, evaluation factors layer, characteristic layer and target layer. Some vulnerability risk factors were evaluated respectively by expert to determine the weight from several aspects, such as the risk probability, risk influence and uncontrollable character. Through calculating the value of each layer,we got the overall value of information system vulnerability severity assessment finally. The experimental results show that the Analytic Hierarchy Process (AHP)-based vulnerability assessment method can quantify and assess the seriousness of system vulnerability effectively.