Common Vulnerability Assessment Of Complex Information Systems

With the development of information technology and enhance of computer processing power, the information system becomes more larger and business tends to be more complicated. Information system services appears in all sectors of society with information security issues accompanied, which is more severe in the country’s industries. With the growth of the information system size, security issues of complex information system come with new features:more complex, widespread and strong political intent. Since information system security is directly related to the national security, it has great significance to assess the security risk of complex information system through scientific method.In this subject, the structure of complex information systems security risk and protocol security risk are treated as two important common security risk aspects. Based on the complex network theory research, as well as the current security issues and attack methods of communication protocols achievements, we use network simulation technology to study common safety risk assessment of complex information systems technology model:Firstly, the paper studies the information network topology and static change of the information system in the case that system failure、deliberate attack、cascading collapse all happen. Secondly, using simulation software to simulate system under the condition of system fault deliberate attack and cascading collapse in order to observe the function changes. At last, the article validates the information system frangibility and assess the scope and degree of the system safety risk influence by using attack technology. This paper focus on the China Education and Research Network (CERNET), as well as the national fiber optic trunk cable, the two network is different in topology and properties, which has practical significance for the information system research.This paper applies complex network theory to the structural risk analysis of information system and make the assessment of complex information system structure security risk in respect of connectivity and efficacy. The important of protocol security is validated through the BGP. protocol attack. With the research on the specific features of network traffic, this method make up one-sidedness of network efficacy evaluation and offer information system structure vulnerability analysis. Generally speaking, the common safety risk analysis of complex information can provide active defense strategies and guidance to the risk assessment of the complex information system in a large-scale network system.