Year-end Sale % OFF 
Abstract
For the quantitative analysis of vulnerability risk in the information system, the paper proposes the non-cooperative and nonzero-sum game model of vulnerability attack-defense, in which the value of vulnerability is evaluated by expected payoffs on the equilibrium. In the paper, with the two operators proposed, the comprehensive connection of the vulnerabilities is calculated through the quantitative analysis of the vulnerabilities connection using attack graph and risk matrix. Then the assessment method of system vulnerability risk is devised through the above vulnerability value and comprehensive connection. Based on the quantitative analysis of the vulnerabilities’ own risk and transmission risk, the proposed method comprehensively assesses the global risk of vulnerabilities, whose result can be used to recognize the key vulnerability and improve the effectiveness of system security defense. Finally the model and method proposed in this paper are proved to be valid through an example.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: DEStech Transactions on Computer Science and Engineering
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
