Bottom-up hierarchical real-time risk assessment for information system

Author

Wan Li ; Shengfeng Tian

Author_Institution

Inf. Eng. Dept., Beijing Inf. Technol. Coll., Beijing, China

fYear

2013

fDate

23-25 March 2013

Firstpage

937

Lastpage

941

Abstract

In this paper a bottom-up hierarchical real-time risk assessment approach based on risk propagation is presented. The approach calculates risks of services, hosts and network caused by attack processes in real-time. Risk index and risk status are used to quantify the risk situation. These two concepts are involved with three aspects of attacks: severity, certainty and successful possibility, and with the importance of the assets. Algorithms to calculate the risk index and risk status are proposed, and implementation is briefly introduced. Risk status decay is also proposed, which is important to adaptive response.

Keywords

information systems; risk analysis; security of data; attack certainty; attack processes; attack severity; bottom-up hierarchical real-time risk assessment approach; host risks; information system; network risks; risk index; risk propagation; risk situation quantification; risk status decay; service risks; successful attack possibility; Correlation; Indexes; Intrusion detection; Real-time systems; Risk management;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Science and Technology (ICIST), 2013 International Conference on

Conference_Location

Yangzhou

Print_ISBN

978-1-4673-5137-9

Type

conf

DOI

10.1109/ICIST.2013.6747693

Filename

6747693