Techniques Based On Fuzzy Theory Rating Loopholes Harm

The information technology has been widely used in every aspect of our lives. But network security events have occurred frequently in recent years. Safety problem has become the key factor which restricts the development of the network.Research shows that the security vulnerability is one of the main causes of information security risk. Vulnerability is inevitable,and often cause serious accidents. So it is significant to study security vulnerability and related technology. The vulnerability severity assessment is an important part of security vulnerability research. It is also the basis of vulnerability analysis and system security assessment. It is important to study the vulnerability severity assessment.The paper combined the achievements and development trends of security vulnerability assessment. Focusing on how to make the quantitative assessment more accurate and comprehensive, we carried out our research as follows:1) Introduce the development of vulnerability assessment and related theories. Summary and analyze the technologies and theories of assessment methods such as CVSS, CVRS.2) Analysis the influencing factors of vulnerability security. In order to achieve a more comprehensive assessment, we discuss the vulnerability exploitation principles and techniques of the most common vulnerabilities such as stack-based buffer overflow and XSS. By analyzing the influence factors of vulnerability security and the existed evaluation factors, We chose the exploitability and safety influence attributes to evaluate the vulnerabilities. It can get a more accurate and comprehensive assessment.3) The establishment of vulnerability severity quantitative assessment model based on fuzzy theory. We discuss how to use the fuzzy theory to quantify the vulnerability security assessment.Assign weights to each factor by analytic hierarchy process. Then we use Fuzzy comprehensive evaluation to get vulnerability hazard ranking. So the assessment is more objective.Finally,some experiments are given. The analysis of the experiment results suggests that our method is more reasonable and effective than other similar methods.4) The realization of the assessment system. In order to realize automatic vulnerability severity assessment, assessment system is designed and implemented.