重庆大学学报2017,Vol.40Issue(12):35-42,8.DOI:10.11835/j.issn.1000-582X.2017.12.005
信息系统脆弱性被利用概率计算方法
A computing approach of information system vulnerability's exploited probability
摘要
Abstract
The evaluation results are impacted by many subj ective factors since the existing risk assessment for information systems does not take the correlation of vulnerabilities into account.By combining two assessment vectors,i.e.access complexity and chosen probability,we transfer the so called"accessed complexity"evaluation method into an"exploited probability"evaluation approach,and use Bayesian networks'forward inference to accumulation each of vulnerability's chosen probability.Theoretical and experimental analysis show that the proposed"exploited probability"evaluation method is more accurate and reasonable than associated existing research work.关键词
风险评估/脆弱性/贝叶斯网络/被利用概率Key words
risk assessment/vulnerability/Bayesian network/exploited probability分类
信息技术与安全科学引用本文复制引用
柴继文,王胜,梁晖辉,胡兵,向宏..信息系统脆弱性被利用概率计算方法[J].重庆大学学报,2017,40(12):35-42,8.基金项目
国网四川省电力公司科技项目(5219991351VR) (5219991351VR)
国家自然科学基金资助项目(61472054).Supported by Science and Technology Program of State Grid Sichuan Electric Power Company(5219991351VR)and National Natural Science Foundation of China(61472054). (61472054)
