关键词: 网络管理, 网络安全风险评估, 漏洞评估, 贝叶斯攻击图, 层次分析法

Abstract: This paper studies the issue of network security risk assessment and proposes a method for the network security risk assessment based on enterprise environment. First of all, this paper proposes a vulnerability severity risk assessment method based on economic losses of an enterprise to evaluate the vulnerability severity for the enterprise. Next, this paper proposes a dynamic security risk assessment method by using the Bayesian attack graph model and combining the changes of network environment. Last, the case study interprets the detailed calculation processes of the proposed dynamic security risk assessment method, and the simulation experiment shows that the proposed method conforms to the real threat level of the network or information system evaluated, therefore, the evaluation results are more accurate and objective.

Key words: network management, network security risk assessment, vulnerability assessment, Bayesian attack graph, analytic hierarchy process