A Network Information Security Risk Assessment Method Based on Cloud Model

Abstract

As an information security technology that can make the system more secure and robust, network security assessment not only can integrate various security assessment elements such as information assets, vulnerability and threats, but also can help users actively identify potential security threats that the system is encountering. Current network security assessment theories and methods require large amount of historical data to conduct statistics analysis or machine learning. Besides, the means of network threats change with each passing day, which implies that new network security assessment theories and methods should be formed by considering from network information’s own characteristics and finding out its behavior patterns of vulnerability and threats. Cloud model is an uncertainty analysis method, which can be used for the grading of network security status. Based on access graph model, this paper proposed the assessment method based on threat event occurrence probability and the assessment method based on information assets, and calculate the integrated security value of network information system. Then, the paper combined the network security assessment value with cloud model, obtained the eigenvalue of the cloud model after sampling and calculation, and established a certain cloud model. At last, the paper took the random sampling value as the input of the cloud model, and confirm the network security grade after judging the cloud model.