Network security assessment, which is also called network risk assessment, aims to give an analysis to the vulnerability and impact when information technology infrastructure needs to make a response or faces threat. It is a process of confirming the quantity of security risk. In the process, network security assessment is used to give a security risk level and the priority sequence of risk control of the network information technology infrastructure by using some suitable tools and suitable methods, including quantitative methods and qualitative methods. Network security assessment can be concluded as follows: quantitative assessment, assessment based on rules and assessment based on models.This paper works out with a new method of network security assessment based on Bayesian privilege graph which is a combination of graph theory and probability. This method involves quantitative assessment and assessment based on model. It first generates some kind of privilege graph according to some algorithm and then it gives different kinds of quantitative analysis including posteriori probability analysis, MPE analysis, dynamic update and privilege escalation path's entropy analysis. The combination of analysis covering different kinds of knowledge makes the network security assessment more accurate, more precise and suits to the changes of networks. |