Network Security Risk Assessment Method Research Based On Graph Theory

The network world is facing the vulnerabilities that exist everywhere in the network, threats and attacks that come from various aspects. There is security risk inevitably. The security risk assessment which is an important active defense technology in network security, has the vital significance to the network security technology research, and is one of present research hotspots.The network security risk assessment will understand as far as possible where there are risks at present and the future network, and fully assess these risks' threat and the influence degree which will bring to the system, so that we may achieve acts appropriately to the situation, prevent accidents before they occur, and protect the computer and the network security on own initiative, and make the possibility of system attacked and the destroyed lowers to the most mild degree.This paper analyzes the main content about security risk assessment, including the theory relating to risk assessment, the domestic and foreign assessment's standards, as well as the risk assessment's steps, the object, the risk assessment's guidelines, guidelines' parameter determination and the assessment system modularizing structure, and has given some study and explanation to several mistake and some correlation questions about risk assessment and so on. This paper emphatically brings forward the network security synthesis risk assessment method based on graph theory. This method is mainly on the basis of the knowledge of graph theory, presents two main concepts: assessing vulnerable correlation graph and assessing the network correlation graph. From the network security risk assessment's granularity: vulnerability, the service, the host computer and the entire network four aspects we conduct the research, thus determine the method of each risk assessment granularity risk index, and carry on vulnerable analysis, route analysis, crucial analysis, threat analysis, entire situation analysis. And we present the prospect for the risk assessment's development.