Research On Ai Planning Based Information Security Risk Process Modeling And Assessment Method

With the continued expansion of the scale of the computer network, the security protection has become more and more complex and difficult to achieve. Information security risk assessment can identify vulnerabilities and evaluate risk of network information security. Therefore, studies on the theories and key technologies of risk assessment for information security have great theoretical significance and practical values.However, there are some common problems in existing network system information security risk assessment method. For example, these methods often separate the risk analysis and assessment of information security from the concrete organization environment and business background; or lack the scalable modeling and accurate formalization of the risk process; or evaluation result can not reflect the risk state of information security, neither can give valuable advice to security improvement. To solve these problems, this thesis researches on network information security risk process modeling and assessment method, lucubrates the pivotal question of this research. The main contents and fruits of this thesis are outlined as follows:(1) A method of the information security risk assessment is presentedTo evaluate information security risk accurately, dynamically and comprehensivly, a method of the information security risk assessment is presented. The method measures information security in a defender view, adopts "white box" type risk identification method, models the risk process with PEG model, and evaluates risk frequency with PEG-BN model. ISRAM provides a suit of normative practical procedure composed by 13 processes to implements risk assessment on information system.(2) An AI planning based method of information security risk process modeling is presentedAn AI planning based method named PISRPMA is proposed to model the risk process of information Security with large scale automatically. PISRPMA describes the network as risk domain and rule of vulnerability-use as risk problem in planning domain definition language PDDL, searches out all exploitation paths by correlative advanced planning algorithms, and builds a planning Exploitation graph to model the risk process with Graphviz toolkit. The result of this PISRPMA is PEG which not only describes the risk process but also give basis of PEG-BN model construction and security improvement decision. Experiment shows this method has the features of formalization and scalability,and is a good solution for risk process modeling for large scale network.(3) With the probability feature of risk combined in PEG model, a PEG-BN model of calculating information security risk probability based on BN is proposedCalculating network security risk probability is the core work of quantization appraising works. This thesis brought up the risk calculated Model PEG-BN. At first, we analysis the features of information security and the BN model, draws a conclusion that BN model suit the risk calculating problem well. Then probability data are combined with the PEG model and PEG-BN model is constructed: (1) The model graph structure is determined by PEG; (2) The local conditional probability distributions are computed by Bayesian method which takes expertise knowledge as prior probability distribution; (3) The model parameters are updated with training data by Bayesian Networks learning, which containes the full data situation and part data situation also. The analysis of the example shows the model could evaluate the information security risk successfully.(4) A method of calculating information security risk events frequency based on PEG-BN is presentedTwo basic elements of calculating information security risk are risk events frequency and influence of risk events. Based on known data, PEG-BN can forecast and real-time evaluate not only information risk events frequency but also information risk, make sensitivity ananlysis of all elements in risk process, reflect the network information risk all-around.(5) An information security risk assessment system named ISRAS based on ISRAM is designed and developed. And a real network system is used to illustrate key methodologies presented in this thesis.