| Hi-index | 0.00 |
A quantitative risk evaluation method for network security is proposed based on analyzing the process that attackers intrude network. The analysis depends on modeling attack activities and attack processes by tracking the transferring of safety states. Three key factors of risk evaluation about assets, threats and vulnerabilities are identified and quantified. Especially the Attack Probability Indexes are recurrently estimated by layering based on the intruding process, and accurate success probabilities of attack are obtained. Then a quantitative evaluation algorithm is presented to estimate risk indexes by layering based on the intruding process. The conclusion obtained by this approach provides a useful evidence and guidance for security strategies. Finally this method is demonstrated and validated in an example network environment.