Research On Web Server Security Evaluation Based On Fuzzy Integrated Estimation

With the fast development of information technology, the Internet security is becoming more and more important because it plays a huge role in people's life.Web service is one of the most popular service in Internet application. Web server is a key factor as a core of the web service which restricts the success of web site content and basic function.Therefore, research on what's a secure web server and how to evauluate its security has agreate deal of meanings and theoretic value.Overseas, assessment of information system security already has a solid foundation in the studying stage, but in the country it is only at initial stage.At present, most of information system security evaluation is compensatoryly by company.Meanwhile, the evaluation is limited to security vulnerability scanner instead of comprehensive security analysis.Under the big background, this thesis in order to build a more effective and objective evaluation model which aims at the full characters of web server. First, this paper describes an information system security evaluation status currently. Study a lot of international security evalution standards such as ITSEC,CC carefully.Then security management technology for IIS,Apache have been carried out deeply.In addition, there are many securiy methods which can imrove web server security, such as firewall,IDS and many network attacks,malicious links and so on.What's more, web server secutiy has much bussiness with operating system,application programs.On this basis, a web server security evaluation index system has been built up successfully in combination with all the study before.Fuzzy math has a clear advantage in competition when handling fuzzy data. Web server security evaluation is characterized by complex giant system, large number of security factors and inter-dependence among factors.As a result, from the point of fuzzy math,it is suitable to use fuzzy integrated estimation in this field.First of all, the paper constructs a set of index and performance according to the indicators system.second, calculate the weights of index by AHP, and then use triangle membership function in fuzzy processing, at last, the evaluation result can be calculated through fuzzy integrated estimation.Finally, the feasibility of the model validates and proves the maneuverability and applicability of the model by way of a case study of a web server evaluation.It will play a positive role in further improvement and exploration for web server security evaluation.