Abstract
In order to enhance the security of network operations, establish effective security measures, prevent the destruction of security incidents, and reduce or eliminate the losses caused by threats through network risk assessment is of important practical significance. However, most risk assessment methods focus on the research of threats and vulnerabilities. There are relatively few researches on risk based on network assets and there is a lack of accuracy in risk assessment. Therefore, this paper proposes a network risk assessment method based on asset association graphs. The method first describes the network from the perspective of asset interconnection and builds an asset association graph; secondly, it builds a threat scenario based on the asset association graph, identifies a threat event, and uses the probability of a threat event and the loss caused by the asset to obtain a quantitative description of the risk assessment; Different network risk levels and make decisions. Experiments show that the method of network risk assessment based on asset association proposed in this paper can realize the risk assessment of all assets, hosts and entire network system in the network, and provide effective guidance for network security protection.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dai, F.: Research on Network Security Risk Assessment Technology Based on Attack Graph Theory. Beijing University of Posts and Telecommunications, Beijing (2015)
He, Y., Di, G., Wang, B., Yang, G.: Quantitative evaluation method of grade protection based on Delphi method assignment. In: National Information Security Level Protection Technology Conference (2014)
Schnerier, B.: Attack trees-modeling security threats. Dr Dobb’S J. 12(24), 21–29 (1999)
Phillips, C., Swiler, L.P.: A graph-based system for network vulnerability analysis. Sandia National Laboratories Albuquerque, NM, pp. 71–79 (1998)
Sheyner, O., Haines, J., Jha, J., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, CA, vol. 5, pp. 254–265 (2002)
Ammann, P., Pamula, J., Ritchey, R., Street, J.: A host-based approach to network attack chaining analysis. In: Computer Security Applications Conference, pp. 72–84 (2005)
Hirschberg, S.: Human reliability analysis in probabilistic safety assessment for nuclear power plants. Saf. Reliab. 25(2), 13–20 (2005)
Saaty, T.L.: The Analytic Hierarchy Process: Planning, Priority Setting. Resource Allocation. McGraw-Hill, New York (1980)
Shi, C.: Research on cyber risk assessment methods. Comput. Appl. 10(10), 2471–2477 (2008)
Xiao, X.: Research on Cybersecurity Risk Assessment Based on Model. Fudan University, Shanghai (2008)
Thacker, B.H., Riha, D.S., Fitch, S.H.K.: Probabilistic engineering analysis using the NESSUS software. Struct. Saf. 28(1), 83–107 (2006)
Di, W., et al.: Evaluation model of security measures effectiveness in a given vulnerability environment. J. Softw. 23(7), 1880–1898 (2012)
Acknowledgments
This article is supported by National Key R&D Program of China (Grant no. 2016YFB0800700) and National Natural Science Foundation of China (Grant no. U1636115).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Shan, C., Gao, J., Hu, C., Guan, F., Zhao, X. (2019). Network Risk Assessment Method Based on Asset Correlation Graph. In: Zhang, H., Zhao, B., Yan, F. (eds) Trusted Computing and Information Security. CTCIS 2018. Communications in Computer and Information Science, vol 960. Springer, Singapore. https://doi.org/10.1007/978-981-13-5913-2_5
Download citation
DOI: https://doi.org/10.1007/978-981-13-5913-2_5
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-5912-5
Online ISBN: 978-981-13-5913-2
eBook Packages: Computer ScienceComputer Science (R0)