In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesi...In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.展开更多
Purpose:With the rapid development of Internet technology,cybersecurity threats such as security loopholes,data leaks,network fraud,and ransomware have become increasingly prominent,and organized and purposeful cybera...Purpose:With the rapid development of Internet technology,cybersecurity threats such as security loopholes,data leaks,network fraud,and ransomware have become increasingly prominent,and organized and purposeful cyberattacks have increased,posing more challenges to cybersecurity protection.Therefore,reliable network risk assessment methods and effective network security protection schemes are urgently needed.Design/methodology/approach:Based on the dynamic behavior patterns of attackers and defenders,a Bayesian network attack graph is constructed,and a multitarget risk dynamic assessment model is proposed based on network availability,network utilization impact and vulnerability attack possibility.Then,the selforganizing multiobjective evolutionary algorithm based on grey wolf optimization is proposed.And the authors use this algorithm to solve the multiobjective risk assessment model,and a variety of different attack strategies are obtained.Findings:The experimental results demonstrate that the method yields 29 distinct attack strategies,and then attacker’s preferences can be obtained according to these attack strategies.Furthermore,the method efficiently addresses the security assessment problem involving multiple decision variables,thereby providing constructive guidance for the construction of security network,security reinforcement and active defense.Originality/value:A method for network risk assessment methods is given.And this study proposed a multiobjective risk dynamic assessment model based on network availability,network utilization impact and the possibility of vulnerability attacks.The example demonstrates the effectiveness of the method in addressing network security risks.展开更多
基金supported by the project of the State Key Program of National Natural Science Foundation of China (No. 90818021)supported by a grant from the national high technology research and development program of China (863program) (No.2012AA012903)
文摘In order to protect the website and assess the security risk of website, a novel website security risk assessment method is proposed based on the improved Bayesian attack graph(I-BAG) model. First, the Improved Bayesian attack graph model is established, which takes attack benefits and threat factors into consideration. Compared with the existing attack graph models, it can better describe the website's security risk. Then, the improved Bayesian attack graph is constructed with optimized website attack graph, attack benefit nodes, threat factor nodes and the local conditional probability distribution of each node, which is calculated accordingly. Finally, website's attack probability and risk value are calculated on the level of nodes, hosts and the whole website separately. The experimental results demonstrate that the risk evaluating method based on I-BAG model proposed is a effective way for assessing the website security risk.
基金supported in part by the National Natural Science Foundation of China(Nos.12271211,12071179)the National Natural Science Foundation of Fujian Province(Nos.2021J01861)+2 种基金the Project of Education Department of Fujian Province(No.JT180263)the Youth Innovation Fund of Xiamen City(3502Z20206020)the Open Fund of Digital Fujian Big Data Modeling and Intelligent Computing Institute,Pre-Research Fund of Jimei University.
文摘Purpose:With the rapid development of Internet technology,cybersecurity threats such as security loopholes,data leaks,network fraud,and ransomware have become increasingly prominent,and organized and purposeful cyberattacks have increased,posing more challenges to cybersecurity protection.Therefore,reliable network risk assessment methods and effective network security protection schemes are urgently needed.Design/methodology/approach:Based on the dynamic behavior patterns of attackers and defenders,a Bayesian network attack graph is constructed,and a multitarget risk dynamic assessment model is proposed based on network availability,network utilization impact and vulnerability attack possibility.Then,the selforganizing multiobjective evolutionary algorithm based on grey wolf optimization is proposed.And the authors use this algorithm to solve the multiobjective risk assessment model,and a variety of different attack strategies are obtained.Findings:The experimental results demonstrate that the method yields 29 distinct attack strategies,and then attacker’s preferences can be obtained according to these attack strategies.Furthermore,the method efficiently addresses the security assessment problem involving multiple decision variables,thereby providing constructive guidance for the construction of security network,security reinforcement and active defense.Originality/value:A method for network risk assessment methods is given.And this study proposed a multiobjective risk dynamic assessment model based on network availability,network utilization impact and the possibility of vulnerability attacks.The example demonstrates the effectiveness of the method in addressing network security risks.
