Authors: Yong Yan Chen; Hong Chun Shu
Addresses: Computer Centre, Kunming University of Science and Technology, Kunming, 650500, China ' Graduate School, Kunming University of Science and Technology, Kunming, 650500, China
Abstract: The network information security vulnerability assessment consists of two kinds of risks. The stable risks of vulnerability itself and the cumulative multi-risks that are generated from a successful attack and which can impact on the whole network. To count cumulative multi-risk, a new method has been developed, which uses vulnerabilities in attack graph and reverse iteration tracing algorithm based on rough sets. Two kinds of cumulative multi-risks will be identified, named 'the worst state' and 'the critical state'. The experimental evidences prove the veracity and validity of the new algorithm model.
Keywords: rough sets; cumulative vulnerability; risk assessment; reverse iteration; cumulative risk; network security; information security; attack graph.
International Journal of Internet Protocol Technology, 2014 Vol.8 No.2/3, pp.150 - 157
Received: 04 May 2013
Accepted: 01 Jan 2014
Published online: 17 Dec 2014 *