摘要: |
为提高传统网络风险评估方法的准确性,针对大部分网络风险评估方法未考虑攻击能力值的问题,提出了一种基于项目反应理论的实时网络风险评估方法。该方法利用项目反应理论引入的攻击能力值参数以及服务安全等级参数,对传统攻击威胁值和攻击成功概率计算方法进行改进,并采用三标度层次分析法构建出更准确的服务重要性权重,最终获得符合网络环境的评估态势。仿真结果表明:该方法可以提高评估结果的准确度,并实时地绘制更符合真实网络环境的安全态势图。 |
关键词: 网络安全 态势感知 项目反应理论 风险态势评估 层次化 |
DOI: |
|
基金项目:国家自然科学基金资助项目(61271260; 61301122) |
|
Application of item response theory in network real-time risk assessment |
LI Fangwei,HUANG Qing,ZHU Jiang,ZHANG Haibo |
() |
Abstract: |
In order to improve the accuracy of traditional risk assessment methods and solve the problem that most of risk assessment methods did not consider attack ability,this paper puts forward a risk assessment method for network security based on item response theory(IRT). Firstly,the attack ability introduced by IRT and the service security level is used to calculate the threat of attack and the success probability of attack.Secondly,the three-scale analytic hierarchy process is adopted to calculate the importance weight of service accurately.Finally,the risk situation graphs are generated by the improved method. The simulation results show that this method can improve the accuracy of evaluation and get a more realistic network risk situation graph in real-time. |
Key words: network security situational awareness item response theory risk assessment hierarchical model |