Vol.38, No.1, 2021, pp.103-117, doi:10.32604/csse.2021.014680
OPEN ACCESS
ARTICLE
A Network Security Risk Assessment Method Based on a B_NAG Model
  • Hui Wang1, Chuanhan Zhu1, Zihao Shen1,*, Dengwei Lin2, Kun Liu1, MengYao Zhao3
1 School of Computer Science & Technology, Henan Polytechnic University, Jiaozuo, 454000, China
2 Office of Educational Administration, Jiaozuo University, Jiaozuo, 454000, China
3 Department of Computer Science, University College London, London, United Kingdom
* Corresponding Author: Zihao Shen. Email:
Received 08 October 2020; Accepted 09 January 2021; Issue published 01 April 2021
Abstract
Computer networks face a variety of cyberattacks. Most network attacks are contagious and destructive, and these types of attacks can be harmful to society and computer network security. Security evaluation is an effective method to solve network security problems. For accurate assessment of the vulnerabilities of computer networks, this paper proposes a network security risk assessment method based on a Bayesian network attack graph (B_NAG) model. First, a new resource attack graph (RAG) and the algorithm E-Loop, which is applied to eliminate loops in the B_NAG, are proposed. Second, to distinguish the confusing relationships between nodes of the attack graph in the conversion process, a related algorithm is proposed to generate the B_NAG model. Finally, to analyze the reachability of paths in B_NAG, the measuring indexs such as node attack complexity and node state transition are defined, and an iterative algorithm for obtaining the probability of reaching the target node is presented. On this basis, the posterior probability of related nodes can be calculated. A simulation environment is set up to evaluate the effectiveness of the B_NAG model. The experimental results indicate that the B_NAG model is realistic and effective in evaluating vulnerabilities of computer networks and can accurately highlight the degree of vulnerability in a chaotic relationship.
Keywords
Network attack graph; Bayesian network; state transition; reachability; risk assessment
Cite This Article
H. Wang, C. Zhu, Z. Shen, D. Lin, K. Liu et al., "A network security risk assessment method based on a b_nag model," Computer Systems Science and Engineering, vol. 38, no.1, pp. 103–117, 2021.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.