Research on quantitative assessment model on vulnerability risk for information system

ZHOU Liang1; LI Jun-e2; LU Tian-bo3; LIU Kai-pei1

您当前的位置：

首页 >

文章列表页 >

Research on quantitative assessment model on vulnerability risk for information system

更新时间：2024-10-14

- Research on quantitative assessment model on vulnerability risk for information system
- Vol. 30, Issue 2, Pages: 71-76(2009)
- 作者机构：
  
  1. 武汉大学电气工程学院
  2. 中国电力科学研究院信息与安全技术研究所
  3. 武汉大学计算机中心
  4. 国家计算机网络应急技术处理协调中心
- 作者简介：
- 基金信息：
- DOI：
  CLC： TP393.08
- Published：2009
- 稿件说明：
移动端阅览
ZHOU Liang1, LI Jun-e2, LU Tian-bo3, et al. Research on quantitative assessment model on vulnerability risk for information system[J]. 2009, 30(2): 71-76.
DOI：

ZHOU Liang1, LI Jun-e2, LU Tian-bo3, et al. Research on quantitative assessment model on vulnerability risk for information system[J]. 2009, 30(2): 71-76. DOI：

摘要

为解决信息系统漏洞风险的科学定量问题

针对当前漏洞风险评估忽略漏洞之间关联性的现状

提出了一种信息系统漏洞风险评估的定量方法与实现步骤。首先

讨论了基于漏洞关联网络(VCN

vulnerability connection network)的漏洞风险评估模型

引入了路径风险与主体风险的概念;其次

提出了以层次分析法定量主体风险性中的主体重要性要素

结合主观分析与攻击重现定量转移风险中的关联后果值的具体方法;最后

对电力调度管理信息系统运用此漏洞风险定量方法进行评估

得出了客观的漏洞风险评估结果。评估示例表明

基于漏洞关联网络的漏洞风险定量评估模型实现了漏洞风险科学、客观的定量评估。

Abstract

A quantitative method of vulnerability assessment was put forward on the foundation of research on current assessment methods home and abroad in order to evaluate vulnerability risk objectively.Vulnerability connection network（VCN） was discussed firstly for the purpose of taking connection of vulnerability into account

which divides vulnerabil-ity risk into entity risk and path risk;Secondly

advanced methods of quantifying entity importance in entity risk and network node connection effects in path risk were proposed;Lastly

an evaluation example of vulnerability risk on dis-patching management information system in power system was given out.Corresponding results show that quantitative assessment model brings out scientific and credible evaluation on vulnerability risk.

关键词

Keywords

references

Views

1255

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Approach for information systems security situation evaluation using improved FAHP and Bayesian network

Architecture of vulnerability discovery technique for information systems

Related Author

FU Yu

WU Xiao-ping

YE Qing

ZHANG You-chun1

WEI Qiang2

LIU Zeng-liang3

ZHOU Ying4

Related Institution

Dept.of Information Security, Naval University of Engineering

College of Information Engineering,University of Science and Technology

College of Information Engineering,PLA Information Engineering University

Information Department,PLA National Defense University

Beijing Haidian District Environmental Protection Agency

AI问答

⁰