Risk Propagation Model for Assessing Network Information Systems

微信服务号

微信订阅号

2025-5-16- 21

Home > Archive>Volume 18, Issue 1, 2007 >137-145

Risk Propagation Model for Assessing Network Information Systems
DOI:
                        
                    
Author:
                        ZHANG Yong-ZhengZHANG Yong-Zheng

Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
FANG Bin-XingFANG Bin-Xing

Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
CHI YueCHI Yue

Find this author on CNKI
Find this author on BaiDu
Search for this author on this site
YUN Xiao-ChunYUN Xiao-Chun

Find this author on CNKI
Find this author on BaiDu
Search for this author on this site

                    
Affiliation:
Clc Number:
Fund Project:

Article

Figures

Metrics

Reference [16]

Related [20]

Cited by [26]

Materials

Comments

Abstract:

To assess the security risk of network information systems, this paper proposes a risk propagation model including a risk network and a risk propagation algorithm. A representative example is given to illustrate the application of this model to network risk assessment and validate the correctness of the propagation algorithm. The analysis of the example indicates that the evaluating method using the risk propagation model is superior to the traditional methods in the accuracy of evaluating conclusions and making cost-effective security advices.

Key words:network security;network risk assessment;risk propagation;risk analysis

Reference

[1]Bruce L.Managed vulnerability assessment (MVA)-Mprove security by understanding your own vulnerabilities! Network Security,2002,(4):8-9.

[2]Bennett SP,Kailay MP.An application of qualitative risk analysis to computer security for the commercial sector.In:Proc.of the 8th IEEE Annual Computer Security Applications Conf.San Antonio:IEEE Computer Society Press,1992.64-73.

[3]Li T.An immunity based network security risk estimation.Science in China Series E-Information Sciences,2005,35(8):798-816 (in Chinese with English abstract).

[4]Ritchey R,Ammann P.Using model checking to analyze network vulnerabilities.In:Titsworth FM,ed.Proc.of the IEEE Symp.on Security and Privacy.Berkeley:IEEE Computer Society Press,2000.156-165.

[5]Jajodia S,Noel S,O'Berry B.Topological analysis of network attack vulnerability.In:Kumar V,Srivastava J,Lazarevic A,eds.Managing Cyber Threats:Issues,Approaches and Challenges.Springer-Verlag,2005.248-266.

[6]Wang Y,Jiang F,Chen GL.A network security analysis method research and application based on case-based reasoning.Mini-Micro Systems,2003,24(12):2082-2085 (in Chinese with English abstract).

[7]Skaggs B,Blackburn B,Manes G,Shenoi S.Network vulnerability analysis.In:Soderstrand MA,Yarlagadda R,eds.Proc.of the 45th IEEE Midwest Symp.on Circuits and Systems,Vol.3.Tulsa:IEEE Computer Society Press,2002.493-495.

[8]Wales E.Vulnerability assessment tools.Network Security,2003,(7):15-17.

[9]Yau SS,Zhang XY.Computer network intrusion detection,assessment and prevention based on security dependency relation.In:Baldwin T,ed.Proc.of the 23rd Annual Int'l Computer Software & Applications Conf.Phoenix:IEEE Computer Society Press,1999.86-91.

[10]Zhang YZ,Fang BX,Yun XC.A risk assessment approach for network information system.In:Yeung D,Wang XZ,eds.Proc.of the 3rd IEEE Int'l Conf.on Machine Learning and Cybernetics,Vol.5.Shanghai:IEEE Computer Society Press,2004.2949-2952.

[11]Biswas G,Debelak KA,Kawamura K.Applications of qualitative modeling to knowledge-based risk assessment studies.In:Ali M,ed.Proc.of the 2nd Int'l Conf.on Industrial and Engineering Applications of Artificial Intelligence and Expert Systems.Tullahoma:ACM Press,1989.92-101.

[12]Strutt JE,Patrick JD,Custance NDE.A risk assessment methodology for security advisors.In:Sanson LD,ed.Proc.of the 29th IEEE Annual Int'l Carnahan Conf.on Security Technology.Sanderstead:IEEE Computer Society Press,1995.225-229.

[13]Zhang YZ,Yun XC,Hu MZ.Research on privilege-escalating based vulnerability taxonomy with multidimensional quantitative attribute.Journal on Communications,2004,25(7):107-114 (in Chinese with English abstract).

[3]李涛.基于免疫的网络安全风险检测.中国科学(E辑-信息科学),2005,35(8):798-816.

[6]汪渊,蒋凡,陈国良.基于安全案例推理的网络安全分析方法研究与应用.小型微型计算机系统,2003,24(12):2082-2085.

[13]张永铮,云晓春,胡铭曾.基于特权提升的多维量化属性弱点分类法的研究.通信学报,2004,25(7):107-114.

Get Citation

张永铮,方滨兴,迟悦,云晓春.用于评估网络信息系统的风险传播模型.软件学报,2007,18(1):137-145

Copy

Article Metrics

Abstract:5892
PDF: 7535
HTML: 0
Cited by: 0

History

Received:December 29,2005
Revised:April 10,2006
Adopted:
Online:
Published:

You are the first2045009Visitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address：4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code：100190
Phone：010-62562563 Fax：010-62562533 Email：jos@iscas.ac.cn
Technical Support：Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063

微信服务号

微信订阅号

Get Citation

Share

微信扫一扫：分享

Article Metrics

History