TY - GEN
T1 - Network risk assessment method based on asset correlation graph
AU - Shan, Chun
AU - Gao, Jie
AU - Hu, Changzhen
AU - Guan, Fang
AU - Zhao, Xiaolin
N1 - Publisher Copyright:
© 2019, Springer Nature Singapore Pte Ltd.
PY - 2019
Y1 - 2019
N2 - In order to enhance the security of network operations, establish effective security measures, prevent the destruction of security incidents, and reduce or eliminate the losses caused by threats through network risk assessment is of important practical significance. However, most risk assessment methods focus on the research of threats and vulnerabilities. There are relatively few researches on risk based on network assets and there is a lack of accuracy in risk assessment. Therefore, this paper proposes a network risk assessment method based on asset association graphs. The method first describes the network from the perspective of asset interconnection and builds an asset association graph; secondly, it builds a threat scenario based on the asset association graph, identifies a threat event, and uses the probability of a threat event and the loss caused by the asset to obtain a quantitative description of the risk assessment; Different network risk levels and make decisions. Experiments show that the method of network risk assessment based on asset association proposed in this paper can realize the risk assessment of all assets, hosts and entire network system in the network, and provide effective guidance for network security protection.
AB - In order to enhance the security of network operations, establish effective security measures, prevent the destruction of security incidents, and reduce or eliminate the losses caused by threats through network risk assessment is of important practical significance. However, most risk assessment methods focus on the research of threats and vulnerabilities. There are relatively few researches on risk based on network assets and there is a lack of accuracy in risk assessment. Therefore, this paper proposes a network risk assessment method based on asset association graphs. The method first describes the network from the perspective of asset interconnection and builds an asset association graph; secondly, it builds a threat scenario based on the asset association graph, identifies a threat event, and uses the probability of a threat event and the loss caused by the asset to obtain a quantitative description of the risk assessment; Different network risk levels and make decisions. Experiments show that the method of network risk assessment based on asset association proposed in this paper can realize the risk assessment of all assets, hosts and entire network system in the network, and provide effective guidance for network security protection.
KW - Asset association diagram
KW - Network security
KW - Probabilistic risk analysis
KW - Risk assessment
KW - Vulnerability
UR - http://www.scopus.com/inward/record.url?scp=85060253081&partnerID=8YFLogxK
U2 - 10.1007/978-981-13-5913-2_5
DO - 10.1007/978-981-13-5913-2_5
M3 - Conference contribution
AN - SCOPUS:85060253081
SN - 9789811359125
T3 - Communications in Computer and Information Science
SP - 65
EP - 83
BT - Trusted Computing and Information Security - 12th Chinese Conference, CTCIS 2018, Revised Selected Papers
A2 - Zhang, Huanguo
A2 - Zhao, Bo
A2 - Yan, Fei
PB - Springer Verlag
T2 - 12th Chinese Conference on Trusted Computing and Information Security, CTCIS 2018
Y2 - 18 October 2018 through 18 October 2018
ER -