I-HMM-Based Multidimensional Network Security Risk Assessment

Cyber-physical systems (CPS) are vulnerable to network attacks because communication relies on the network that links the various components in the CPS. The importance of network security is self-evident. In this study, we conduct a network security risk assessment from the perspectives of the host and the network, and we propose a new framework for a multidimensional network security risk assessment that includes two stages, i.e., risk identification and risk calculation. For the risk identification stage, we propose a multidimensional hierarchical index system for assessing cybersecurity risk; the system's security status is determined in three dimensions, i.e., basic operation, vulnerabilities, and threats, and these dimensions guide the data collection. In the risk calculation stage, we use a hidden Markov model (HMM) to assess the network security risk. We provide a new definition of the quality of alert and optimize the observation sequence of the HMM. The model uses a learning algorithm instead of setting the parameters manually. We introduce the concept of network node association to increase the reliability and accuracy of the risk assessment. The simulation results show that the proposed index system provides quantitative data that reflect the security status of the network. The proposed network security risk assessment method based on the improved HMM (I-HMM) reflects the security risk status in a timely and intuitive manner and detects the degree of risk that different hosts pose to the network.