Aimed at the problem that the maximum exposure time of the server in the dynamic defense platform is hard to determine, this paper utilizes the fuzzy controlrelated theories and technologies for designing a fuzzy controller, determining the maximum exposure time of the virtual server and minimizing defense costs due to change. Thepaper assumes that the defender knows the attack surface and the attacker cannot complete the attack within a certain period of time. Firstly, Starting from the platformlevel moving target defense principle, the mathematical expectation of the system attack surface is measured. Secondly, the system vulnerability of each virtual server is quantitatively analyzed, and these two indicators are used as inputs to the fuzzy controller to ensure the security of the system. Finally, the maximum exposure time of the virtual server is calculated, providing an important reference for determining the time point during the virtual server switching process.