【摘要】 文章提出了一种新的软件安全评测方法。通过对软件安全的实际研究和分析提取出典型的评测指标,并将层次分析法AHP(AnalyticHierarchyProcess),主成分分析法PCA(PrincipalComponentAnalysis)和聚类分析法CA(ClusterAnalysis)三者结合进行评测。首先采用AHP通过定量分析确定指标权重;之后采用PCA,通过线性变换,在保留大部分原始信息的前提下,把加权后的指标重新组合成一组无关的综合指标并进行分析;最后采用CA对PCA的分析结果进一步研究并根据用户需求将软件分为指定数目的类别从而使结果更加直观。实际的评测结果表明这一方法可以对软件的安全性进行正确有效的评测。更多还原

【Abstract】 A new solution to evaluate software security is proposed.Typical indices are extracted through practical study and analysis of software security.And AHP(Analytic Hierarchy Process),PCA(Principal Component Analysis) and CA(Cluster Analysis) are combined to make evaluation.Firstly AHP is adopted to determine index weight by means of quantitative analysis.Then in PCA,through the linear transformation,the weighted indices are combined into an independent set which represents the main initial information.Finally CA explores the results of PCA further to group them into specified grades according to user’s requirements and make them more direct.The practical evaluation results show that the proposed solution could evaluate and rank security of softwares with multiple indices correctly and effectively.更多还原