Abstract:

For the existing network security risks, this paper provides a novel network security risk assessment model based on simulated attack, which comprehensively considers the vulnerabilities of single computer and network attack menace. Firstly, the model uses the assessment value based on the vulnerabilities of single computer to simulate the intrusion process of attacker using the network weakness initially and produce the attack state chart. Secondly, the model identifies the attack behaviors, the possible attack line, the change of security state and the location of potential threat according to the attack state chart and the initial assessment value. Finally, the paper gives the quantitative analysis on the new assessment value by the new method, and provides a more accurate basis for the implement on risk control decision pointedly. The experimental results show that this model is correct, and can find out about more 50% security risk than the existing risk assessment models averagely. It means that the assessment results estimated by the model designed in this paper are more accurate than the traditional methods.

Key words: university network security;simulated attack;risk assessment