用于评估网络信息系统的风险传播模型

微信服务号

微信订阅号

2025年6月2日 6:05 星期一

首页 > 过刊浏览>2007年第18卷第1期 >137-145

用于评估网络信息系统的风险传播模型
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        张永铮张永铮
哈尔滨工业大学,计算机网络与信息安全技术研究中心,黑龙江,哈尔滨,150001
在期刊界中查找
在百度中查找
在本站中查找
方滨兴方滨兴
哈尔滨工业大学,计算机网络与信息安全技术研究中心,黑龙江,哈尔滨,150001
在期刊界中查找
在百度中查找
在本站中查找
迟悦迟悦
哈尔滨工业大学,计算机网络与信息安全技术研究中心,黑龙江,哈尔滨,150001
在期刊界中查找
在百度中查找
在本站中查找
云晓春云晓春
哈尔滨工业大学,计算机网络与信息安全技术研究中心,黑龙江,哈尔滨,150001
在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:Supported by the National Natural Science Foundation of China under Grant No.60403033 (国家自然科学基金); the Defense Pre-Research Project of the 'Tenth Five-Year-Plan' of China under Grant No.4131571 (国家"十五"国防预研基金)

Risk Propagation Model for Assessing Network Information Systems

Author:

ZHANG Yong-Zheng
ZHANG Yong-Zheng

在期刊界中查找
在百度中查找
在本站中查找
FANG Bin-Xing
FANG Bin-Xing

在期刊界中查找
在百度中查找
在本站中查找
CHI Yue
CHI Yue

在期刊界中查找
在百度中查找
在本站中查找
YUN Xiao-Chun
YUN Xiao-Chun

在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [16]

相似文献 [20]

引证文献

资源附件

文章评论

摘要:

为了评估网络信息系统的安全风险,提出了一个由风险网络和风险传播算法构成的风险传播模型,并以一个具有代表性的实例阐明了该模型在网络风险评估中的应用,验证了传播算法的正确性.实例分析表明,应用风险传播模型的评估方法较传统方法在评估结论的准确性和制定符合最优成本效应的安全建议等方面更具优势.

关键词:网络安全;网络风险评估;风险传播;风险分析

Abstract:

To assess the security risk of network information systems, this paper proposes a risk propagation model including a risk network and a risk propagation algorithm. A representative example is given to illustrate the application of this model to network risk assessment and validate the correctness of the propagation algorithm. The analysis of the example indicates that the evaluating method using the risk propagation model is superior to the traditional methods in the accuracy of evaluating conclusions and making cost-effective security advices.

Key words:network security;network risk assessment;risk propagation;risk analysis

参考文献

[1]Bruce L.Managed vulnerability assessment (MVA)-Mprove security by understanding your own vulnerabilities! Network Security,2002,(4):8-9.

[2]Bennett SP,Kailay MP.An application of qualitative risk analysis to computer security for the commercial sector.In:Proc.of the 8th IEEE Annual Computer Security Applications Conf.San Antonio:IEEE Computer Society Press,1992.64-73.

[3]Li T.An immunity based network security risk estimation.Science in China Series E-Information Sciences,2005,35(8):798-816 (in Chinese with English abstract).

[4]Ritchey R,Ammann P.Using model checking to analyze network vulnerabilities.In:Titsworth FM,ed.Proc.of the IEEE Symp.on Security and Privacy.Berkeley:IEEE Computer Society Press,2000.156-165.

[5]Jajodia S,Noel S,O'Berry B.Topological analysis of network attack vulnerability.In:Kumar V,Srivastava J,Lazarevic A,eds.Managing Cyber Threats:Issues,Approaches and Challenges.Springer-Verlag,2005.248-266.

[6]Wang Y,Jiang F,Chen GL.A network security analysis method research and application based on case-based reasoning.Mini-Micro Systems,2003,24(12):2082-2085 (in Chinese with English abstract).

[7]Skaggs B,Blackburn B,Manes G,Shenoi S.Network vulnerability analysis.In:Soderstrand MA,Yarlagadda R,eds.Proc.of the 45th IEEE Midwest Symp.on Circuits and Systems,Vol.3.Tulsa:IEEE Computer Society Press,2002.493-495.

[8]Wales E.Vulnerability assessment tools.Network Security,2003,(7):15-17.

[9]Yau SS,Zhang XY.Computer network intrusion detection,assessment and prevention based on security dependency relation.In:Baldwin T,ed.Proc.of the 23rd Annual Int'l Computer Software & Applications Conf.Phoenix:IEEE Computer Society Press,1999.86-91.

[10]Zhang YZ,Fang BX,Yun XC.A risk assessment approach for network information system.In:Yeung D,Wang XZ,eds.Proc.of the 3rd IEEE Int'l Conf.on Machine Learning and Cybernetics,Vol.5.Shanghai:IEEE Computer Society Press,2004.2949-2952.

[11]Biswas G,Debelak KA,Kawamura K.Applications of qualitative modeling to knowledge-based risk assessment studies.In:Ali M,ed.Proc.of the 2nd Int'l Conf.on Industrial and Engineering Applications of Artificial Intelligence and Expert Systems.Tullahoma:ACM Press,1989.92-101.

[12]Strutt JE,Patrick JD,Custance NDE.A risk assessment methodology for security advisors.In:Sanson LD,ed.Proc.of the 29th IEEE Annual Int'l Carnahan Conf.on Security Technology.Sanderstead:IEEE Computer Society Press,1995.225-229.

[13]Zhang YZ,Yun XC,Hu MZ.Research on privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute.Journal on Communications,2004,25(7):107-114 (in Chinese with English abstract).

[3]李涛.基于免疫的网络安全风险检测.中国科学(E辑-信息科学),2005,35(8):798-816.

[6]汪渊,蒋凡,陈国良.基于安全案例推理的网络安全分析方法研究与应用.小型微型计算机系统,2003,24(12):2082-2085.

[13]张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究.通信学报,2004,25(7):107-114.

引用本文

张永铮,方滨兴,迟悦,云晓春.用于评估网络信息系统的风险传播模型.软件学报,2007,18(1):137-145

复制

文章指标

点击次数:5896
下载次数: 7555
HTML阅读次数: 0
引用次数: 0

历史

收稿日期:2005-12-29
最后修改日期:2006-04-10
录用日期:
在线发布日期:
出版日期:

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码