Research On Information Security Risk Assessment Based On Bayesian Network

In recent years, with the rapid development of the network, the impact of the network on people's lives has gradually deepened. And it has also extended to all areas of society. However, at the same time in its development, the security incidents which caused by the increasing number of network security issues can't be ignored. In order to deal with the increasingly prominent problem of network security, the researches on how can identify the security risks of information systems in advance and accurately become the focus. And that can also make the information system more security. Therefore, establishing an accurate information security risk assessment method to identify the security risk of information system reasonably has become a research trend gradually.According to the accuracy of information security risk assessment model, this paper puts forward a model of information security risk assessment based on Bayesian Network. Firstly, establishing the Bayesian Network topology based on attack graph, determining the evaluation index and modeling method. Then establishing the Static Bayesian Network model and analyzing the static model of reasoning. The next step is to introduce the time dimension, establishing a Dynamic Bayesian Network model and analyzing the dynamic model of reasoning. Finally, the parameter learning is introduced into the information security risk assessment model of Bayesian Network to improve the accuracy of the model.Based on the test environment I set up the evaluation index. And the information security risk assessment model based on Bayesian Network is analyzed with an experiment in this paper. First, establish the information security risk assessment model. Then collect the data of the network experiment environment, and carry on the simulation experiment. The experimental results verify the validity of the information security risk assessment model. Finally, compare and analyze the experimental results. The results show that the Dynamic Bayesian Network evaluation model is more accurate than the Static Bayesian Network evaluation model. After parameter study of the model, the experimental results show that the learning model can further provided high model accuracy and reliability. And it can provide valuable guidance to decision makers.