CN107832621B - AHP-based weight calculation method for behavior trust evidence - Google Patents

AHP-based weight calculation method for behavior trust evidence Download PDF

Info

Publication number
CN107832621B
CN107832621B CN201711136107.9A CN201711136107A CN107832621B CN 107832621 B CN107832621 B CN 107832621B CN 201711136107 A CN201711136107 A CN 201711136107A CN 107832621 B CN107832621 B CN 107832621B
Authority
CN
China
Prior art keywords
hierarchical
information security
security environment
ahp
current information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201711136107.9A
Other languages
Chinese (zh)
Other versions
CN107832621A (en
Inventor
屈立笳
彭光辉
陶磊
代琪怡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Alp Technology Co ltd
Original Assignee
Chengdu Alp Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Alp Technology Co ltd filed Critical Chengdu Alp Technology Co ltd
Priority to CN201711136107.9A priority Critical patent/CN107832621B/en
Publication of CN107832621A publication Critical patent/CN107832621A/en
Application granted granted Critical
Publication of CN107832621B publication Critical patent/CN107832621B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a weight calculation method of an AHP-based behavior trust evidence, which selects a proper weight calculation method according to the grade of the current information security environment, accelerates the processing speed as much as possible under the condition of meeting the actual requirement, reduces the occupied operation space and better constructs a network user behavior characteristic model based on the AHP.

Description

AHP-based weight calculation method for behavior trust evidence
Technical Field
The invention relates to the field of IDC/ISP information security, in particular to a weight calculation method of behavior trust evidence based on AHP.
Background
With the entrance of the internet in China into a broadband development express way, the network brings convenience to people's life, meanwhile, the low-custom and bad information is increasingly abused, and negative effects are brought to the society and the public. The problems of network and information security are more and more prominent, and the increase of network illegal criminal events violates the main melody of building a harmonious society and strengthens the monitoring of internet information, so that the situation is imperative. The IDC is used as a center of internet information transmission and mainly takes the acquisition and transmission of internet information, relevant supervision departments urgently want to establish an internet monitoring information basic database, carry out statistical analysis on violation information, provide high-efficiency technical means such as internet information monitoring, management and control and the like, and under the requirement, IDC/ISP suppliers begin to actively construct an IDC/ISP information safety management system.
In the actual monitoring and auditing process, the objective objects faced by the safety management system are various operation behaviors of multiple users (natural people) to the multi-service system, and the safety management system has the characteristics of various combinations, complex flow and the like. The problems that the extraction is difficult, the model is difficult to establish and the like exist when the characteristics of the complex and various user behaviors are extracted and the fingerprint databases corresponding to one another are established.
Analytic Hierarchy Process (AHP) is a systematic analysis method proposed by professor a.l. of the university of pittsburgh in the united states in the 70 th 20 th century. AHP is a systematic analysis method that combines qualitative analysis with quantitative analysis. AHP is a powerful tool to analyze complex large systems for multiple targets, criteria. The method has the characteristics of clear thought, simple and convenient method, wide application range, strong systematicness and the like, is most suitable for solving the decision problem that the analysis is difficult to be completely carried out by a quantitative method, is convenient to popularize and popularize, and can become a method for thinking and solving the problem in the work and life of people.
The AHP algorithm can solve the problems of difficult extraction, difficult model establishment and the like in the application of actual monitoring and auditing, but how to better realize the AHP algorithm by combining with actual needs is still a problem to be solved.
Disclosure of Invention
In order to solve the above problems, the present invention provides a weight calculation method for an AHP-based behavioral trust evidence, which is characterized in that the weight calculation method is used for constructing an AHP-based network user behavioral characteristic model, the constructing of the AHP-based network user behavioral characteristic model includes constructing a judgment matrix, a hierarchical single rank and a hierarchical total rank, the weight calculation method provides the behavioral trust evidence by using a database mining technology, evaluates the rank of the current information security environment, and selects a weight calculation method in the hierarchical single rank and the hierarchical total rank based on the rank of the current information security environment.
Further, the method for providing the behavioral trust evidence by using the database mining technology and evaluating the level of the current information security environment specifically comprises the steps of carrying out data mining analysis on internet surfing contents of a large number of users, detecting bad information or improper access, detecting various information carriers, combining auxiliary information generated by user operation, analyzing the current main information security problem by using the database mining technology, taking a conclusion obtained by analysis as the behavioral trust evidence with the highest important level and evaluating the level of the current information security environment.
Further, the bad information or improper access comprises yellow gambling poison related information, false advertisements, garbage harassment information, reverse publicity and illegal business access records, the various information carriers comprise characters, pictures, videos and streaming media, and auxiliary information generated by user operation comprises business codes, enterprise codes, access addresses, access time and user numbers.
Further, the information security environment may be of a class including very good, normal, severe and very severe.
Further, the selecting of the weight calculation method in the hierarchical single ranking and the hierarchical total ranking based on the level of the current information security environment specifically includes:
if the evaluation level of the current information security environment is very good, calculating the characteristic vector in the hierarchical single sorting and the hierarchical total sorting by adopting a standard column average method;
if the evaluation level of the current information security environment is good or normal, calculating the characteristic vector by adopting a standard column average method or a geometric average method in the hierarchical single ordering and the hierarchical total ordering;
if the evaluation level of the current information security environment is serious, only a geometric mean method can be selected to calculate the feature vectors in the hierarchical single ordering, and a normative column mean method or a geometric mean method is selected to calculate the feature vectors in the hierarchical total ordering;
if the evaluation level of the current information security environment is very serious, calculating the feature vector by adopting a geometric mean method in both the hierarchical single ordering and the hierarchical total ordering.
Detailed Description
In order to more clearly understand the technical features, objects and effects of the present invention, embodiments of the present invention will now be described in detail.
The idea of solving the problem by applying AHP is as follows: firstly, the problem to be solved is hierarchically serialized, namely the problem is decomposed into different composition factors according to the property of the problem and the target to be achieved, and the factors are hierarchically clustered and combined according to the mutual influence and membership relationship among the factors to form a hierarchical and ordered hierarchical structure model; then, the relative importance of each layer of factors in the model is quantitatively expressed according to the judgment of people on objective reality, and the weight of the relative importance sequence of all the factors in each layer is determined by a mathematical method; and finally, comprehensively calculating the relative importance weight of each layer of factors to obtain the combined weight of the relative importance sequence of the lowest layer (scheme layer) relative to the highest layer (total target) which is used as the basis for evaluating and selecting the decision scheme.
According to the guidance of the above thought, the method for constructing the AHP-based network user behavior feature model mainly comprises the following steps:
1) building a hierarchical model
After the researched problem is deeply analyzed, the factors contained in the problem are divided into different levels (such as forbidden behaviors, abnormal behaviors, non-employment behaviors and the like), and the hierarchical structure represented by the hierarchical structure diagram and the subordination relation of the factors of the two adjacent layers are drawn.
2) Structural judgment matrix
The values of the matrix elements represent the decision maker's knowledge of the relative importance of the factors with respect to the target. Of the two adjacent levels, the upper level is the target and the lower level is the factor. The decision maker compares the importance of a plurality of evidences by using a pairwise comparison method.
3) Hierarchical single ordering and consistency check
And normalizing the eigenvector W of the judgment matrix to obtain the ranking weight value of the relative importance of each factor. And carrying out corresponding consistency check according to specific conditions.
4) Hierarchical gross ordering and consistency check
The ranking weight value that calculates the relative importance of each factor of a certain level to all factors of the previous level is called the total ranking of the levels. Since the total hierarchical ranking process is performed from the highest layer to the lowest layer, and the highest layer is the total target, the total hierarchical ranking is also a relative importance ranking weight for calculating each factor relative to the highest layer (total target). And carrying out corresponding consistency check according to specific conditions.
As can be seen from the step of solving the problem by AHP, the fundamental problem of the analytic hierarchy process is to find the eigenvector corresponding to the judgment matrix, i.e., the ranking weight value of the relative importance of each factor.
The method for calculating the weight value in the embodiment comprises the following steps:
(1) and adjusting the judgment matrix constructed by the decision maker by adopting a database mining technology. The method comprises the steps of carrying out data mining analysis on the internet surfing contents of a large number of users, detecting bad information or improper access, such as yellow gambling virus related information, false advertisements, rubbish harassment information, reverse publicity, illegal service access records and the like, wherein information carriers for detection comprise characters, pictures, videos, streaming media and the like, and combining auxiliary information such as service codes, enterprise codes, access addresses, access time, user numbers and the like, the database mining technology can be used for analyzing the main information security problem mainly faced at present. And submitting the analyzed conclusion as a behavior trust evidence with the highest importance level to a decision maker, so that the decision maker can optimize and adjust a judgment matrix conveniently, and meanwhile, evaluating the current information security environment as very good, normal, severe or very severe based on the analyzed conclusion.
(2) The calculation of the feature vector can adopt a geometric mean method which is accurate in calculation but needs more space resources and has lower calculation speed, or a standard column mean method which is approximate in calculation and needs less space resources and has higher calculation speed. And (3) selecting a specific algorithm according to the rating of the current information security environment, wherein the selection rule is as follows:
if the evaluation level of the current information security environment is very good, considering that the security coefficient is very high at the moment, the calculation error can not cause a decision maker to ignore the serious security problem, the calculation can be simplified, the processing speed is accelerated, and the feature vectors are calculated by adopting a standard column average method in the single-level sorting and the total-level sorting;
if the evaluation level of the current information security environment is good or normal, considering that the security coefficient is in a general level at the moment, the calculation error may cause a decision maker to ignore a more serious security problem, but the possibility is relatively low, and the decision maker can choose to adopt a canonical column average method or a geometric average method to calculate the feature vector in the hierarchical single ordering and the hierarchical total ordering according to the risk consideration of the decision maker;
if the evaluation level of the current information security environment is serious, considering that the security coefficient is in a less optimistic level at the moment, the calculation error may cause a decision maker to ignore serious security problems, and the probability is relatively high, only a geometric mean method can be selected to calculate the feature vector in the hierarchical single ordering, and a normative column mean method or a geometric mean method can be selected to calculate the feature vector in the hierarchical total ordering according to the self consideration of the decision maker;
if the evaluation level of the current information security environment is very serious, considering that the security coefficient is at a very severe level at the moment, the calculation error is likely to cause a decision maker to ignore a more serious security problem, and a geometric mean method is selected to calculate the feature vector in both the hierarchical single ordering and the hierarchical total ordering.
Let the judgment matrix be n-order positive and negative matrix A ═ aij)n×nThen, the method for solving the maximum feature vector and the feature root by using the canonical column average method is as follows:
for A by column specification
Figure GDA0002722413150000041
Adding the normalized judgment matrix according to rows
Figure GDA0002722413150000042
For vector
Figure GDA0002722413150000043
Normalization
Figure GDA0002722413150000044
Then W is equal to (W)1,w2,...,wn)TWhich is an approximation of the maximum eigenvector.
The judgment matrix is obtained by comparing the importance degrees of a plurality of evidences by a decision maker through a pairwise comparison method, and when the evidences of the behavior trust of the user are more, the judgment is possibly inconsistent. Since the judgment matrix is subjective judgment given according to expert experience, inconsistency is inevitable, and consistency inspection is a method for judging the inconsistency degree.
The AHP algorithm gives the following relevant consistency indicators:
the consistency index is defined as
Figure GDA0002722413150000051
Wherein λmaxIs the largest feature root of the largest feature vector. When they are completely identical, CI0. When not uniform, C is generallyIThe larger the index is, the worse the consistency is, so the average random consistency index R is introducedIAnd random consistency index rate
Figure GDA0002722413150000052
Average consistency index RI: for a specific n, randomly constructing an n-order positive-negative matrix A, wherein aijAre randomly drawn from 1, 2, …, 9, 1/2, 1/3, …, 1/9, and thus the resulting a may not be uniform. A sufficiently large subsample (e.g., 1000 samples) is taken to obtain the average of the largest characteristic roots of A. Defining an average random consistency index
Figure GDA0002722413150000053
RIThe introduction of (A) overcomes the consistency check index C to a certain extentIThe defect that the matrix order is obviously increased along with the increase of the matrix order.
In performing a consistency check of the hierarchical overall ordering, CrThe calculation methods of (A) are different, and a single-order consistency check index C of a plurality of factors of the B level to a certain factor Aj of the previous level is assumedIThe corresponding random consistency index is RIThen the random consistency ratio of the total ordering of the B level is
Figure GDA0002722413150000054
Considering the index rate C of passing random consistencyrThe consistency is relatively strict in detection, the requirement can be met after multiple adjustments, the consistency is relatively loose through the detection of the significance level a, the requirement under a specific condition can be met, and the random consistency index rate C is used in the schemerAnd the significance level a is combined to realize flexible judgment of consistency, and the specific judgment rule is as follows:
if the evaluation level of the current information security environment is very good, considering that the security coefficient is very high at the moment, the defect caused by inconsistency can not cause a decision maker to ignore the serious security problem, the processing process can be carried out, the processing speed is accelerated, and the consistency check is abandoned after the single-level sorting and the total-level sorting;
if the evaluation level of the current information security environment is good or normal, considering that the security coefficient is in a general level at the moment, the defect caused by inconsistency can cause a decision maker to ignore a serious security problem, but the possibility is relatively low, the decision maker can consider according to the risk of the decision maker, and can choose to adopt the consistency index rate C after the hierarchical single sorting and the hierarchical total sortingrPerforming consistency check or adopting consistency index rate CrPerforming consistency check in combination with the significance level a; if the current information security environment is seriously rated, considering that the security coefficient is at a less optimistic level, the defect caused by inconsistency can cause a decision maker to ignore serious security problems, and the possibility is relatively high, and only the consistency index rate C can be adopted after the hierarchical single orderingrCarrying out consistency check, and selecting and adopting consistency index rate C according to self consideration of a decision maker after the hierarchical total sortingrPerforming consistency check or adopting consistency index rate CrPerforming consistency check in combination with the significance level a;
if the evaluation level of the current information security environment is very serious, considering that the security coefficient is at a very severe level at the moment, the calculation error possibly causes a decision maker to ignore the serious security problem, and the consistency index rate C is selected to be adopted after the single-level sorting and the total-level sortingrAnd (5) carrying out consistency check.
So-called usage consistency index rate CrThe consistency check is carried out in such a way that when the consistency determination is carried out, if the correction value C isr<0.1, the inconsistency is considered acceptable, if CrAnd if the inconsistency is more than or equal to 0.1, the judgment matrix is required to be modified.
So-called usage consistency index rate CrThe consistency check is carried out in combination with the significance level a in that, when the consistency determination is carried out, if the correction value C isr<0.1, the inconsistency is considered acceptable, if CrNot less than 0.1, and continuing to carry out remarkable waterFlat a test, if a<0.1, the inconsistency is considered acceptable, and if a ≧ 0.1, C is presentrAnd if the sum a is more than or equal to 0.1, the inconsistency is considered to be unacceptable, and the judgment matrix needs to be modified.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a ROM, a RAM, etc.
The above disclosure is only for the purpose of illustrating the preferred embodiments of the present invention, and it is therefore to be understood that the invention is not limited by the scope of the appended claims.

Claims (2)

1. The weight calculation method of the behavior trust evidence based on the AHP is characterized in that the weight calculation method is used for constructing a network user behavior feature model based on the AHP, the construction of the network user behavior feature model based on the AHP comprises the construction of a judgment matrix, hierarchical single sequencing and hierarchical total sequencing, the weight calculation method provides the behavior trust evidence by utilizing a database mining technology, the grade of the current information security environment is evaluated, and the weight calculation method is selected from the hierarchical single sequencing and the hierarchical total sequencing based on the grade of the current information security environment;
the method comprises the steps of providing behavior trust evidence by utilizing a database mining technology, evaluating the grade of the current information security environment, specifically carrying out data mining analysis on the internet surfing content of a large number of users, detecting bad information or improper access, detecting various information carriers, combining auxiliary information generated by user operation, analyzing the current main information security problem by utilizing the database mining technology, taking a conclusion obtained by analysis as the behavior trust evidence with the highest important grade, and evaluating the grade of the current information security environment;
the grades of the information security environment include very good, normal, severe, and very severe;
the selecting of the weight calculation method in the hierarchical single ranking and the hierarchical total ranking based on the level of the current information security environment specifically includes:
if the evaluation level of the current information security environment is very good, calculating the characteristic vector in the hierarchical single sorting and the hierarchical total sorting by adopting a standard column average method;
if the evaluation level of the current information security environment is good or normal, calculating the characteristic vector by adopting a standard column average method or a geometric average method in the hierarchical single ordering and the hierarchical total ordering;
if the evaluation level of the current information security environment is serious, only a geometric mean method can be selected to calculate the feature vectors in the hierarchical single ordering, and a normative column mean method or a geometric mean method is selected to calculate the feature vectors in the hierarchical total ordering;
if the evaluation level of the current information security environment is very serious, calculating the feature vector by adopting a geometric mean method in both the hierarchical single ordering and the hierarchical total ordering.
2. The AHP-based behavioral trust evidence weight calculation method according to claim 1, wherein the bad information or improper access includes yellow gambling poison related information, false advertisements, spam information, reverse promotions, and illegal business access records, the various information carriers include words, pictures, videos, and streaming media, and the auxiliary information generated by the user operation includes a business code, an enterprise code, an access address, an access time, and a user number.
CN201711136107.9A 2017-11-16 2017-11-16 AHP-based weight calculation method for behavior trust evidence Expired - Fee Related CN107832621B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711136107.9A CN107832621B (en) 2017-11-16 2017-11-16 AHP-based weight calculation method for behavior trust evidence

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711136107.9A CN107832621B (en) 2017-11-16 2017-11-16 AHP-based weight calculation method for behavior trust evidence

Publications (2)

Publication Number Publication Date
CN107832621A CN107832621A (en) 2018-03-23
CN107832621B true CN107832621B (en) 2021-01-05

Family

ID=61651892

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711136107.9A Expired - Fee Related CN107832621B (en) 2017-11-16 2017-11-16 AHP-based weight calculation method for behavior trust evidence

Country Status (1)

Country Link
CN (1) CN107832621B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111654855B (en) * 2020-06-04 2023-05-16 河海大学常州校区 Trust updating method in underwater wireless sensor network based on AHP
CN111859377B (en) * 2020-07-27 2022-09-02 成都安恒信息技术有限公司 In-business safety auditing method based on user behavior analysis

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268450B (en) * 2013-06-06 2016-06-29 成都浩博依科技有限公司 Mobile intelligent terminal system security assessment system model and appraisal procedure based on test
CN104243478A (en) * 2014-09-19 2014-12-24 中国联合网络通信集团有限公司 Safety protection capability assessment method and equipment of network equipment
US20170279692A1 (en) * 2016-03-24 2017-09-28 Ca, Inc. Deploying a service from a selected cloud service provider based on an evaluation of migration ability using graph analytics
CN106850613B (en) * 2017-01-24 2019-10-25 中国科学院信息工程研究所 A kind of user behavior method for evaluating trust and system based on advanced AHP
CN107231345A (en) * 2017-05-03 2017-10-03 成都国腾实业集团有限公司 Networks congestion control methods of risk assessment based on AHP

Also Published As

Publication number Publication date
CN107832621A (en) 2018-03-23

Similar Documents

Publication Publication Date Title
CN111614491B (en) Power monitoring system oriented safety situation assessment index selection method and system
CN110781406B (en) Social network user multi-attribute inference method based on variational automatic encoder
CN111783442A (en) Intrusion detection method, device, server and storage medium
CN108833139B (en) OSSEC alarm data aggregation method based on category attribute division
JP6783002B2 (en) Corporate default forecasting system and how it works
CN105512465B (en) Based on the cloud platform safety quantitative estimation method for improving VIKOR methods
CN116228021A (en) Mine ecological restoration evaluation analysis method and system based on environment monitoring
Yin et al. Towards accurate intrusion detection based on improved clonal selection algorithm
CN111695597A (en) Credit fraud group recognition method and system based on improved isolated forest algorithm
CN107231345A (en) Networks congestion control methods of risk assessment based on AHP
CN107832621B (en) AHP-based weight calculation method for behavior trust evidence
CN116846565A (en) SAA-SSA-BPNN-based network security situation assessment method
CN115329338A (en) Information security risk analysis method and analysis system based on cloud computing service
CN115225336A (en) Vulnerability availability calculation method and device for network environment
Ghafori et al. Best cloud provider selection using integrated ANP-DEMATEL and prioritizing SMI attributes
CN114638498A (en) ESG evaluation method, ESG evaluation system, electronic equipment and storage equipment
CN116091206B (en) Credit evaluation method, credit evaluation device, electronic equipment and storage medium
GB2583176A (en) Prediction device, prediction program, and prediction method for predicting human judgments
CN109871711B (en) Ocean big data sharing and distributing risk control model and method
CN111683107A (en) Internet-oriented security audit method and system
CN114511022B (en) Feature screening, behavior recognition model training and abnormal behavior recognition method and device
CN114124456B (en) Safety detection method and device for comprehensive energy system, electronic equipment and storage medium
Chertov et al. DETECTION OF FIXED FOOTBALL MATCHES BASED ON THE THEORY OF CONFORMAL PREDICTORS USING THE MODIFIED STEPANETS INDICATOR FUNCTION.
CN107992754A (en) The consistency check method of Behavior trustworthiness evidence weight based on AHP
CN116228484B (en) Course combination method and device based on quantum clustering algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210105

Termination date: 20211116

CF01 Termination of patent right due to non-payment of annual fee