Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

Journal of Beijing University of Posts and Telecommunications ›› 2021, Vol. 44 ›› Issue (4): 41-48.doi: 10.13190/j.jbupt.2021-019

• PAPERS • Previous Articles     Next Articles

An Information System Risk Assessment Method Based on Risk Propagation

YANG Hong-yu1,2, ZHANG Le2, ZHANG Liang3   

  1. 1. College of Safety Science and Engineering, Civil Aviation University of China, Tianjin 300300, China;
    2. College of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China;
    3. College of Information, University of Arizona, Tucson AZ 85721, USA
  • Received:2021-02-02 Published:2021-07-13

Abstract: Traditional information system risk assessment methods do not consider the state change of nodes and the direction of risk propagation, and the accuracy of the evaluation results is affected by the subjectivity of experts. To solve these problems, an information system risk assessment method based on risk propagation is proposed. First, the initial state transition probability matrix of the node is determined, and the node state transition probability is obtained by modifying the matrix according to the attack attributes. Then, the propagation probability of nodes in all directions is calculated based on the topology network and node attribute value.Next, the three-parameter interval number method is used to obtain the quantitative value of node threat events. Finally, the risk value of each node is calculated according to the risk assessment method. Experimental results show that the proposed methodis more objective and reasonable, and it improves the integrity and accuracy of the risk assessment of information systems.

Key words: risk assessment, risk propagation, state transition probability, propagation probability, three-parameter interval number

CLC Number: