Application of Bayesian Algorithm in Risk Quantification for Network Security

Abstract

Network security risk quantification involves both technical and management aspects. Risk quantification has great uncertainty and cannot be fully quantified. Therefore, the fully objective realization of network information security risk quantification is not yet mature. This paper analyzes and quantifies the network security risks caused by various threat sources through a network security risk quantification model based on the Bayesian algorithm. By combining expert knowledge, the conditional probability matrix under the inference rule of the Bayesian algorithm is clarified, and the subjective judgment information of experts on the damage degree of the target information system is synthesized into the prior information system of network security threat. The Bayesian algorithm is used to realize the observation node of objective assessment information and combining subjective security threat levels to achieve continuity and accumulation of security assessments. The error is about 3%, which has a very good effect on the quantification of network security risk.