Vulnerability-based information security risk assessment using attack tree

2015 ◽  
Author(s):  
Yong Wang
Keyword(s):  
Risk Assessment ◽  
Information Security ◽  
Security Risk ◽  
Attack Tree ◽  
Information Security Risk ◽  
Security Risk Assessment

scholarly journals Information Security Risk Assessment Method for Ship Control System Based on Fuzzy Sets and Attack Trees

2019 ◽  
Vol 2019 ◽  
pp. 1-11 ◽  
Author(s):  
Wenli Shang ◽  
Tianyu Gong ◽  
Chunyu Chen ◽  
Jing Hou ◽  
Peng Zeng
Keyword(s):  
Risk Assessment ◽  
Control System ◽  
Information Security ◽  
Assessment Method ◽  
Security Risk ◽  
Tree Model ◽  
Attack Tree ◽  
Interval Probability ◽  
Information Security Risk ◽  
Security Risk Assessment

Information security risk assessment for industrial control system is usually influenced by uncertain factors. For effectively dealing with problem that the uncertainty and quantification difficulties are caused by subjective and objective factors in the assessment process, an information security risk assessment method based on attack tree model with fuzzy set theory and probability risk assessment technology is proposed, which is applied in a risk scenario of ship control system. Firstly, potential risks of the control system are analyzed and the attack tree model is established. Then triangular fuzzy numbers and expert knowledge are used to determine the factors that influence the probability of a leaf node and the leaf nodes are quantified to obtain the interval probability. Finally, the fuzzy arithmetic is used to determine the interval probability of the root node and the attack path. After defuzzification, the potential risks of the system and the probability of occurrence of each attack path are obtained. Compared with other methods, the proposed method can greatly reduce the impact of subjectivity on the risk assessment of industrial control systems and get more stable, reliable, and scientific evaluation results.

Sign in / Sign up

Export Citation Format

Share Document