关键词: 网络风险评估, 网络攻击模型, 攻击图, 粗糙图, 粗糙网络

Abstract: Concerning the characteristic that the information system obtained from doing network security analysis is rough and incomplete, this paper compared the process of attack to the rough and uncertain relationship mining process by analogy, and proposed a new network risk assessment model based on rough graph. The model is made up of three parts of main contents including node rough correlation network, attack graph generation algorithm based on rough graph and network risk maximum flow analysis algorithm. In the end, this paper used a representative example of network system to explain the method of model, and verified the correctness. Model advantage analysis shows that the model can reflect the actual situation better than the previous attack graph model and risk assessment model, and the conclusion and safety recommendations are more accurate and reasonable.

Key words: network risk assessment, network attack model, attack graph, rough graph, rough network