Research On Security Evaluation Method Of Cloud Platform Based On AHP And Bayesian Feedback Cloud Model

Currently from government agencies to private companies have deployed their own information systems to the cloud.Because of cloud platform management permissions and cloud platform configuration vulnerabilities,cloud platform were attacked frequently.The security of cloud platform has become the basis for national security construction.How to ensure the safe and stable operation of the cloud platform that is an important part of the national security.At the same time,it has become the focus of current discussions.It Information system security level protection refers to as level protection,which is one of the effective measures,but the traditional level protection method has many deficiencies.In particular,the security assessment of the cloud platform is not completely based on the traditional requirements.How to put forward a more reasonable and accurate assessment method is very important to safeguard national network space security and improve the security of cloud platform and better implement the evaluation work of the security.This paper focuses on the problems occur in the process of information system security level protection cloud platform assessment,like differences in the understanding of security indicators,the ambiguity of evaluation,the uncertainty of the evaluation range after the quantification and the unreasonable division of the weights of the assessment indicators in the traditional evaluation method.For this reasons,I propose a new security assessment method.Firstly,using AHP to divide the weights of the cloud platform's security index and the security level of the cloud platform is divided based on expert experience.Secondly,through the construction of Bayesian feedback cloud model,which is used to process the ambiguity and randomness of the assessment results,as well as test,correct and display the result.Finally,compared the evaluation correction cloud constructed based on the actual cloud platform assessment data with its own unmodified cloud.After a reference comparison is made with the former and the security assessment modified cloud which based on expert experience above the cloud,the final evaluation conclusion is given.The main works are as below:(1)Presented the current research status of information system security assessment,and listed the weaknesses of each security assessment method.At the same time,it introduced the definition,evaluation content of information system security level protection,and related concepts of cloud computing.The characteristics of the cloud computing platform and the rating of the cloud computing platform were studied and the theoretical knowledge to be used in this paper was thoroughly studied.(2)Combined with the characteristics of cloud platform and the requirements of equal protection 2.0,AHP is used to divide the weight of cloud platform security indicators.The specific construction process of Bayesian feedback cloud model is given in detail,as well as the specific construction methods for evaluating the reference cloud,and the evaluation and determination of the security level of the cloud platform.(3)Extract the corresponding cloud platform evaluation data from the actual information system security assessment and preprocessing the data,test and modify the data and build a cloud platform evaluation correction cloud based on instance and the cloud platform evaluation correction cloud based on expert experience.The correction cloud is compared and analyzed,effectively eliminated the difference of the evaluation results.Then,by extracting the mathematical expectation and entropy from the cloud platform evaluation modified cloud based on the expert experience,and then giving the evaluation interval of each security assessment level.Simultaneously,the cloud computing expectation of the actual cloud platform is mapped to the evaluation interval,and the final judgement conclusion is given.Compared with the traditional method,the evaluation method proposed in this paper can effectively modify the difference of evaluation results given by the evaluator,achieve a reasonable division of judgment,and give an objective and accurate evaluation results.It has practical application value for the evaluation work under the background of emerging technology.