Abstract: In order to reduce the evaluation error caused by fuzzy data in information security assessment, an improved double fuzzy safety evaluation algorithm is proposed, which is based on triangular fuzzy number and improved evidence reasoning. This algorithm considers the uncertainty of information security system and experts’ subjective. Firstly, The performance of the information security system can cause on the evaluation of experts. The consequences are calculated with improved DS theory method. Secondly, the experts’ opinions are polymerized with the method of triangular fuzzy number. On the basis of risk calculation formula, the severity of threats is calculated. The results calculated by the improved double fuzzy evaluation, considering the uncertainty of the information security system and subjective uncertainty, are more subjective than which by the single fuzzy evaluation method. The necessity and effectiveness of the method are verified through examples.

Key words: improved evidence reasoning, triangular fuzzy number, information security, double fuzzy, threat degree

摘要： 针对信息安全评估的模糊性，考虑之前算法的单一方面模糊问题，分析信息安全系统不同时间段内的表现，提出一种基于改进DS理论的双重模糊信息安全评估算法。不仅利用三角模糊数方法把专家观点进行聚合，还用改进的DS理论充分体现出不同时间段内系统的表现会造成的对专家评价结果的影响，根据风险计算公式，最终得到威胁严重程度排序。与单一决策算法相比，综合考虑了信息安全系统的不确定性和主观人为的不确定性，避免了单一时间段内的笼统决定，通过实验，验证了该方法的必需性及有效性。

关键词: 改进DS理论, 三角模糊数, 信息安全, 双重模糊, 威胁程度