A computing approach of information system vulnerability's exploited probability
Article
Figures
Metrics
Preview PDF
Reference
Related
Cited by
Materials
Abstract:
The evaluation results are impacted by many subjective factors since the existing risk assessment for information systems does not take the correlation of vulnerabilities into account. By combining two assessment vectors, i.e. access complexity and chosen probability, we transfer the so called "accessed complexity" evaluation method into an "exploited probability" evaluation approach, and use Bayesian networks' forward inference to accumulation each of vulnerability's chosen probability. Theoretical and experimental analysis show that the proposed "exploited probability" evaluation method is more accurate and reasonable than associated existing research work.
