Abstract

Nowadays, computer networks are playing a more and more important role in people’s daily lives. Meanwhile, the security of computer networks has also attracted widespread concern. However, up to now, there is no universal and effective assessment approach for computer network security. Therefore, a novel network security risk assessment approach by combining subjective and objective weights under uncertainty is proposed. In the proposed evaluation approach, the uncertainty of evaluation data is taken into account, which is translated into objective weights through an uncertainty measure. By combining the subjective weights of evaluation criteria and the objective weights of evaluation data, the final weights can be obtained. Then, Dempster–Shafer (D-S) evidence theory and pignistic probability transformation (PPT) are employed to derive a consensus decision for the degree of the network security risk. Two illustrative examples are given to show the efficiency of the proposed approach. This approach of risk assessment, which combines subjective and objective weights, can not only effectively evaluate computer network security, but also be widely used in decision-making.