A dynamic risk assessment model for network systems
A dynamic risk assessment model for network systems based on attack and defense game theory was proposed to address the problem that the existing models are overly simplified in dealing with the complex dependencies and potential threat paths in the open source software supply chain,and it is diffic...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Hebei University of Science and Technology
2025-06-01
|
| Series: | Journal of Hebei University of Science and Technology |
| Subjects: | |
| Online Access: | https://xuebao.hebust.edu.cn/hbkjdx/article/pdf/b202503012?st=article_issue |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850111440236576768 |
|---|---|
| author | Hongbin ZHANG Jiamei MI Jun ZUO Bin LIU |
| author_facet | Hongbin ZHANG Jiamei MI Jun ZUO Bin LIU |
| author_sort | Hongbin ZHANG |
| collection | DOAJ |
| description | A dynamic risk assessment model for network systems based on attack and defense game theory was proposed to address the problem that the existing models are overly simplified in dealing with the complex dependencies and potential threat paths in the open source software supply chain,and it is difficult to cope with the problem of open source risks in network systems under the background of the big data era. Firstly,system topology information,open source component information,and vulnerability information were integrated to build a knowledge graph of open source risk propagation; Secondly,a threat path generation algorithm was designed based on knowledge graphs to acquire threat paths,and the potential risks of each threat path were evaluated to identify the most likely threat path; Finally,the idea of stochastic game theory was introduced to establish NSRAM-RG,a risk assessment model of network system based on risk game,to analyze the game behaviors of the attacker and defender regarding the most likely threat path. The knowledge graph was dynamically updated,and the risk of the network system was quantitatively evaluated according to the utility function. The experimental results show that fitting degree of the assessment results to the true values is better than the HMM and AHP methods,which can more accurately respond to the risk changes of the system. The proposed model can effectively quantify and assess the open source risk in the system,which provides a new idea for the security management of the open source software supply chain. |
| format | Article |
| id | doaj-art-785d9bde35ad439c8fdbd70c8bb22f66 |
| institution | OA Journals |
| issn | 1008-1542 |
| language | zho |
| publishDate | 2025-06-01 |
| publisher | Hebei University of Science and Technology |
| record_format | Article |
| series | Journal of Hebei University of Science and Technology |
| spelling | doaj-art-785d9bde35ad439c8fdbd70c8bb22f662025-08-20T02:37:37ZzhoHebei University of Science and TechnologyJournal of Hebei University of Science and Technology1008-15422025-06-0146334235410.7535/hbkd.2025yx03012b202503012A dynamic risk assessment model for network systemsHongbin ZHANG0Jiamei MI1Jun ZUO2Bin LIU3School of Information Science and Engineering,Hebei University of Science and Technology,Shijiazhuang,Hebei 050018,ChinaSchool of Information Science and Engineering,Hebei University of Science and Technology,Shijiazhuang,Hebei 050018,ChinaDepartment of Business Administration,Hebei Vocational University of Industry and Technology,Shijiazhuang, Hebei 050091,ChinaSchool of Economics and Management,Hebei University of Science and Technology,Shijiazhuang, Hebei 050018,ChinaA dynamic risk assessment model for network systems based on attack and defense game theory was proposed to address the problem that the existing models are overly simplified in dealing with the complex dependencies and potential threat paths in the open source software supply chain,and it is difficult to cope with the problem of open source risks in network systems under the background of the big data era. Firstly,system topology information,open source component information,and vulnerability information were integrated to build a knowledge graph of open source risk propagation; Secondly,a threat path generation algorithm was designed based on knowledge graphs to acquire threat paths,and the potential risks of each threat path were evaluated to identify the most likely threat path; Finally,the idea of stochastic game theory was introduced to establish NSRAM-RG,a risk assessment model of network system based on risk game,to analyze the game behaviors of the attacker and defender regarding the most likely threat path. The knowledge graph was dynamically updated,and the risk of the network system was quantitatively evaluated according to the utility function. The experimental results show that fitting degree of the assessment results to the true values is better than the HMM and AHP methods,which can more accurately respond to the risk changes of the system. The proposed model can effectively quantify and assess the open source risk in the system,which provides a new idea for the security management of the open source software supply chain.https://xuebao.hebust.edu.cn/hbkjdx/article/pdf/b202503012?st=article_issuenetwork; open source software supply chain security; knowledge graph; stochastic game; risk assessment |
| spellingShingle | Hongbin ZHANG Jiamei MI Jun ZUO Bin LIU A dynamic risk assessment model for network systems Journal of Hebei University of Science and Technology network; open source software supply chain security; knowledge graph; stochastic game; risk assessment |
| title | A dynamic risk assessment model for network systems |
| title_full | A dynamic risk assessment model for network systems |
| title_fullStr | A dynamic risk assessment model for network systems |
| title_full_unstemmed | A dynamic risk assessment model for network systems |
| title_short | A dynamic risk assessment model for network systems |
| title_sort | dynamic risk assessment model for network systems |
| topic | network; open source software supply chain security; knowledge graph; stochastic game; risk assessment |
| url | https://xuebao.hebust.edu.cn/hbkjdx/article/pdf/b202503012?st=article_issue |
| work_keys_str_mv | AT hongbinzhang adynamicriskassessmentmodelfornetworksystems AT jiameimi adynamicriskassessmentmodelfornetworksystems AT junzuo adynamicriskassessmentmodelfornetworksystems AT binliu adynamicriskassessmentmodelfornetworksystems AT hongbinzhang dynamicriskassessmentmodelfornetworksystems AT jiameimi dynamicriskassessmentmodelfornetworksystems AT junzuo dynamicriskassessmentmodelfornetworksystems AT binliu dynamicriskassessmentmodelfornetworksystems |