Network security risk assessment depends on the prediction of attacker's behavioral decision. In computer network attack and defense area, this kind of decision is the optimal judgment for attackers and defenders themselves in consideration of the opponents' strategy spaces. Thus, The attack and defend behavior can be seen as a game process. In this paper, we studied how to bring Game Theory into the research area of network security risk assessment. First, we analyze the concept and the process of risk assessment to find the combining point where game theory can be used in network security risk assessment. Then we present a risk assessment framework based on game theory, and set up a risk assessment system using this framework. We emphatically introduce GTADM (Game Theoretical Attack-Defense Model) and HRCM (Hierarchical Risk Computing Model) in the system, and provide detailed analysis and specification by a scenario.

• 出版日期2008
• 单位北京航空航天大学