Research On The Multidimensional And DynamicInformation Security Risk Management Model And The Related Assessment Algorithms

Everything has two sides. Network has inevitable risk as it has brought great changes to human world. What we can do is just to reduce risk and accept risk to some extent. As a result, risk management technology appears accordingly. The risk management models proposed before have abstracted the risk management process from the perspective of the theory or management process, and most of them have put risk assessment to an important position. But, all of them did not subdivide risk assessment into the risk assessment for the whole network and the assessment for risks’propagation probability in a network. So, this paper builds a multidimensional and dynamic information security risk management model which highlights the multidimensional nature of the risk assessment and manages the network risks dynamically from two aspects of risks development, time sequence and spatiality. Also, the model’s related assessment algorithms are studied.The main work and contributions of the present thesis are as follows:(1) The multidimensional and dynamic information security risk management model is proposed. The model has five cyclic responding layers including multi-source information layer, basic data analysis layer, risk situation assessment layer, risk situation analysis layer and risk control layer. It manages the risks from two aspects of risks development, time sequence and spatiality. In one word, a kind of multidimensional management for network risks is realized. Compared with the traditional risk management models, this model highlights technology rather than management, and is easy to operate. Particularly, the concept of multidimensional risk management is proposed firstly, which strengthens the management and control of propagating risks and enhances the reliability of risk management. In addition, for the basic data analysis layer, the paper proposed a risk identification framework based on Hierarchical Holographic Modeling which can identify three kinds of risks including threat, vulnerability and the effectiveness of safety measure more systematically and detailedly. As a result, the completeness of the risk identification result is enhanced.(2) The risk situation assessment layer is lucubrated on, and the fuzzy risk assessment approach of the information security threat scenario is proposed from the perspective of assessing risks afterward. Firstly, a hierarchical index system of venture evaluations is constructed for threat scenes, and new indexes are defined which describe the uncontrollability of the relationship between safety measures and the risk formation. Thus, completeness of the index system is enhanced. Secondly, a membership function of the indicators based on Gaussian function is defined, and on this basis a new comprehensive fuzzy evaluation model based on constructing membership matrix is proposed to reduce the influence of subjective factors during the assessment process. Finally, the combining method of above-mentioned fuzzy comprehensive evaluation model and AHP is adopted to quantify the risk of threat scenarios. In a whole, the method considers diversified factors that affect risks comprehensively, and realizes assessing risks afterwards for threat scenarios.(3) The quantitative evaluation approach for real-time risk based on attack event correlation is proposed from the perspective of assessing risks in real time. Firstly, considering the influence of the intensity of security measures and vulnerabilities on attacking results, the attacking success probability algorithm is proposed. Secondly, the attacking threat degree algorithm is proposed, that can better reflect the difference of threat degree between continuous multi-step attacks and multiple isolated attacks. Finally, single node risk situation value is calculated using models above, and the weighted risk situation value for the whole network is calculated whose weighting coefficient is the node importance weight. Thus, we can get a network risk situation chart. As a result, the method can correlate and analyze alerts of IDS automatically, and can assess network risks quantificationally in real time. In this way, the association analysis for evaluation indicators is enhanced, and the accuracy of evaluation results is improved. The algorithm provides an important basis for network manager to optimize the safety strategy.(4) The paper studies on the risk situation analysis layer, especially on the analysis for propagating risks, and proposed an analytical method for information network propagating risks. Firstly, the transmitting paths analyzed algorithm for risk is put forward to analyze and predict the possible transmitting paths of risks. Thus, the precision of positioning the risk transmitting paths is improved. Secondly, the evaluation algorithm for risk transmission probability is proposed to estimate the probability of risk transmission between any two nodes, which makes risk propagation characteristics reflected on micro. Finally, the algorithm constructing the risk associated matrix according to the risk transmitting probability of any two nodes, and analyzes the risk transmission capacity and the infectivity of each node. Generally, the objectivity of the method’s analysis result is better than similar studies, the risk spreading sequence generated is simple and intuitive, and reveals the internal reason for the risk transmitting. Above all, it is advantageous for security administrators to avoid transmitting risks to some extent. Experiments show that the method can provide objective and effective safety protection suggestions for network managers.