Advertisement

Network Risk Assessment Method Based on Asset Correlation Graph

  • Chun Shan
  • Jie Gao
  • Changzhen Hu
  • Fang Guan
  • Xiaolin Zhao
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 960)

Abstract

In order to enhance the security of network operations, establish effective security measures, prevent the destruction of security incidents, and reduce or eliminate the losses caused by threats through network risk assessment is of important practical significance. However, most risk assessment methods focus on the research of threats and vulnerabilities. There are relatively few researches on risk based on network assets and there is a lack of accuracy in risk assessment. Therefore, this paper proposes a network risk assessment method based on asset association graphs. The method first describes the network from the perspective of asset interconnection and builds an asset association graph; secondly, it builds a threat scenario based on the asset association graph, identifies a threat event, and uses the probability of a threat event and the loss caused by the asset to obtain a quantitative description of the risk assessment; Different network risk levels and make decisions. Experiments show that the method of network risk assessment based on asset association proposed in this paper can realize the risk assessment of all assets, hosts and entire network system in the network, and provide effective guidance for network security protection.

Keywords

Network security Risk assessment Asset association diagram Vulnerability Probabilistic risk analysis 

Notes

Acknowledgments

This article is supported by National Key R&D Program of China (Grant no. 2016YFB0800700) and National Natural Science Foundation of China (Grant no. U1636115).

References

  1. 1.
    Dai, F.: Research on Network Security Risk Assessment Technology Based on Attack Graph Theory. Beijing University of Posts and Telecommunications, Beijing (2015)Google Scholar
  2. 2.
    He, Y., Di, G., Wang, B., Yang, G.: Quantitative evaluation method of grade protection based on Delphi method assignment. In: National Information Security Level Protection Technology Conference (2014)Google Scholar
  3. 3.
    Schnerier, B.: Attack trees-modeling security threats. Dr Dobb’S J. 12(24), 21–29 (1999)Google Scholar
  4. 4.
    Phillips, C., Swiler, L.P.: A graph-based system for network vulnerability analysis. Sandia National Laboratories Albuquerque, NM, pp. 71–79 (1998)Google Scholar
  5. 5.
    Sheyner, O., Haines, J., Jha, J., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, CA, vol. 5, pp. 254–265 (2002)Google Scholar
  6. 6.
    Ammann, P., Pamula, J., Ritchey, R., Street, J.: A host-based approach to network attack chaining analysis. In: Computer Security Applications Conference, pp. 72–84 (2005)Google Scholar
  7. 7.
    Hirschberg, S.: Human reliability analysis in probabilistic safety assessment for nuclear power plants. Saf. Reliab. 25(2), 13–20 (2005)CrossRefGoogle Scholar
  8. 8.
    Saaty, T.L.: The Analytic Hierarchy Process: Planning, Priority Setting. Resource Allocation. McGraw-Hill, New York (1980)zbMATHGoogle Scholar
  9. 9.
    Shi, C.: Research on cyber risk assessment methods. Comput. Appl. 10(10), 2471–2477 (2008)zbMATHGoogle Scholar
  10. 10.
    Xiao, X.: Research on Cybersecurity Risk Assessment Based on Model. Fudan University, Shanghai (2008)Google Scholar
  11. 11.
    Thacker, B.H., Riha, D.S., Fitch, S.H.K.: Probabilistic engineering analysis using the NESSUS software. Struct. Saf. 28(1), 83–107 (2006)CrossRefGoogle Scholar
  12. 12.
    Di, W., et al.: Evaluation model of security measures effectiveness in a given vulnerability environment. J. Softw. 23(7), 1880–1898 (2012)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Chun Shan
    • 1
  • Jie Gao
    • 1
  • Changzhen Hu
    • 1
  • Fang Guan
    • 1
  • Xiaolin Zhao
    • 1
  1. 1.Beijing Key Laboratory of Software Security Engineering Technique, School of Computer Science and TechnologyBeijing Institute of TechnologyBeijingChina

Personalised recommendations