Information Security Risk Assessment Based on Improved Bayesian Network Model

doi:10.3969/j.issn.10062475.2018.04.018

Abstract

Abstract: With the advent of the information age, information security issues become increasingly complex and diverse, so a costeffective solution should be badly in need. Based on the previous research, this paper further improves the application of Bayesian network model in information security risk assessment. Firstly, it analyzes the types of risk elements of information system, and puts forward a new method to determine the risk factors, that is, the common relationship between factors. Then, the information system index system is determined according to the factor relation. Combined with the conditional probability of experience accumulation, the Matlab Bayesian network toolbox (BNT) is used to construct a complete Bayesian network risk assessment model, which includes the analysis of the assessment process, the use of methods and the determination of risk levels. Finally, by analyzing the improved Bayesian assessment model, the probability of each level of risk is deduced according to experimental data. The simulation results are consistent with the actual results, which show that the improved evaluation method is effective and reasonable.

Key words: information security, risk assessment, Bayesian network, risk factors, risk grades

CLC Number:

TP309

HUANG Yujie, TANG Zuoqi. Information Security Risk Assessment Based on Improved Bayesian Network Model[J]. Computer and Modernization, doi: 10.3969/j.issn.10062475.2018.04.018.

References

［1］ GB/T 209842007, 信息安全技术——信息安全风险评估规范［S］.
［2］ GB/Z 243642009, 信息安全技术——信息安全风险管理指南［S］.
［3］ GB/T 315092015, 信息安全技术——信息安全风险评估实施指南［S］.
［4］ GB/T 317222015, 信息技术——安全技术——信息安全风险管理［S］.
［5］ ISO/IEC 27001:2005, Information Technology—Security Techniques—Information Security Management Systems—Requirements［S］.
［6］ ISO/IEC 27002:2005, Information Technology—Security Techniques—Code of Practice for Information Security Managements［S］.
［7］ ISO/IEC 27005:2011, Information Technology—Security Techniques—Information Security Risk Management［S］.
［8］ Solic K, Ocevcic H, Golub M. The information systems’ security level assessment model based on an ontology and evidential reasoning approach［J］. Computers and Security, 2015,55:100112.
［9］ Zhao Xiangmo, Dai Ming, Ren Shuai, et al. Risk assessment model of information security for transportation industry system based on risk matrix［J］. Applied Mathematics and Information Sciences, 2014,8(3):13011306.
［10］Wu Kehe, Ye Shichao. An information security threat assessment model based on Bayesian network and OWA operator［J］. Applied Mathematics and Information Sciences, 2014,8(2):833838.
［11］付钰,吴晓平,严承华. 基于贝叶斯网络的信息安全风险评估方法［J］. 武汉大学学报(理学版), 2006,52(5):631634.
［12］张鸣天. 基于贝叶斯网络的信息安全风险评估研究［D］. 北京:北京化工大学, 2016.
［13］吴晓平,付钰. 信息系统安全风险评估理论与方法［M］. 北京:科学出版社, 2016:185194.

[1]	MO Yan, TANG Rong-chuan, JU Hao, SUN Shao-fei, WANG An. Commercial Cryptographic Upgrade for Industrial Internet Platform [J]. Computer and Modernization, 2023, 0(06): 118-126.
[2]	WU Yang１, WU Guo-wen１, ZHANG Hong１, SHEN Shi-gen２, CAO Qi-ying. Rumor Source Detection Based on Extended Epidemic Model [J]. Computer and Modernization, 2022, 0(01): 113-119.
[3]	LU Sai, ZHUANG Yi. Information System Risk Assessment Model Based on Self-Adaptive Expert Weight [J]. Computer and Modernization, 2021, 0(08): 85-93.
[4]	GE Bin, CHEN Gang, FANG Rui, LIAO Zhong-zhi. A Novel Hyper Chaotic Image Encryption Algorithm Using Four Directional Diffusion Based on Matrix [J]. Computer and Modernization, 2021, 0(06): 113-119.
[5]	CUI Wen-di, DUAN Peng-fei, ZHU Hong-qiang, LIU Na. Security Risk Assessmenton of Attack Graph and HMM Industrial Control Network [J]. Computer and Modernization, 2020, 0(07): 32-37.
[6]	CHEN Hai-yang1, HUAN Xiao-min1, CHEN Xin-zhan2, LIU Xi-qing1. Intelligent Dynamic Estimation of Traffic Light Time Based on TAN Classifier [J]. Computer and Modernization, 2019, 0(11): 81-.
[7]	ZHANG Su-ning, WANG Yue-juan, WU Shui-ming, JING Dong-sheng. Network Intrusion Data Clustering Algorithm Based on Krylov Subspace [J]. Computer and Modernization, 2019, 0(10): 121-.
[8]	YE Qian1,WANG Yu-fei2,FU Yi3,TANG Yu-lan1. GQM-based Risk Assessment Method for Industrial Control Systems [J]. Computer and Modernization, 2019, 0(08): 92-.
[9]	MI Qian-kun1, WU Bin2, DU Ning1,QIN Xi1. Information System Security Risk Assessment Based on Incomplete Information Game Model [J]. Computer and Modernization, 2019, 0(04): 118-.
[10]	WANG Yin， GUO Hong-yu. CART-based Risk Assessment of Community Correction Staff [J]. Computer and Modernization, 2018, 0(08): 73-.
[11]	LIANG Cong1,2, LIAO Xin 3, ZHENG Xin1, CHEN Lei-ting1,4. A Healthy Big Data Classification Model Based on Improved Bayesian Network [J]. Computer and Modernization, 2017, 0(12): 61-64.
[12]	PING Ping， HUANG Li-lin， MAO Ying-chi， XU Guo-yan. Image Encryption Algorithm Based on Life-like Cellular Automaton [J]. Computer and Modernization, 2017, 0(10): 95-99.
[13]	YU Hao1, JIA Xue1, WANG Qiang2. Research on Safety Protection Strategy of Smart Substation Application Layer Data Encryption [J]. Computer and Modernization, 2016, 0(2): 82-85.
[14]	TANG Lian, WANG Xiao-long. Pattern Matching-based Wireless Network Security Configuration Verification Tool [J]. Computer and Modernization, 2015, 0(10): 98-102.
[15]	SUN Lin-fang1, XU Hui2, LI Jin-hai3. Classification Model of New Media Events Based on Bayesian Network [J]. Computer and Modernization, 2014, 0(5): 65-69,73.