摘要
目前人们采用的信息安全风险评估方法基本局限于定性或半定量的方法。采用概率风险分析的方法,通过故障树分析网络系统被攻击的根本原因,并对网络构成的实质进行了剖析,同时分析了系统漏洞的类型及对攻击结果进行了分类,在此基础上建立了定量风险计算模型。
The current methods of risk evaluation on information security are basically related to qualitative or semi - quantitative ones. So, in this paper, by using a method of probability risk analysis, analyzing the fundamental reasons why network systems are attacked through fault tree, position and of the different types of system vulnerabilities, quantitative model of information security risk assessment is making a serious study of the essence of network comand classifying the consequences of network attacks, a proposed.
出处
《空军工程大学学报(自然科学版)》
CSCD
北大核心
2005年第6期56-59,共4页
Journal of Air Force Engineering University(Natural Science Edition)
基金
国家自然科学基金资助项目(60572162)
关键词
网络安全
风险评估
故障树
漏洞
威胁
network security
risk assessment
fault tree
vulnerability
threat
