Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2010, Vol. 33 ›› Issue (3): 57-61.doi: 10.13190/jbupt.201003.57.wuh

• Papers • Previous Articles     Next Articles

A Risk Assessment Model Using Incomplete Attack Graphs Analysis

WU Huan1,2, PAN Lin1,2, WANG Xiao-zhen1,2, XU Rong-sheng1   

  1. (1. Computing Center, Institute of High Energy Physics, Chinese Academy

     of Sciences, Beijing 100049, China; 

    2. Graduate School, Chinese Academy of Sciences, Beijing 100049, China)

  • Received:2009-07-21 Revised:2010-02-21 Online:2010-06-28 Published:2010-05-14

Abstract:

To solve the hysteresis problem of complete attack graphs analysis method, the existing attack 

graphs analysis is researched. By importing uncertain and unknown information, an incomplete 

attack graphs analysis (IAGA) method is proposed. A risk assessment model based on IAGA 

(IAGARAM) is also proposed, that will prevent asset losses from real intrusion activities, and is 

applicable to the business life cycle.

Key words: attack graphs, attack path, incomplete attack graphs analysis, risk assessment, risk management

CLC Number: