Affiliations: [a] School of Mathematic and Computer Science, Guangdong Ocean University, Guangdong, China
| [b] School of Computer Science, Guangdong University of Petrochemical Technology, Guangdong, China
| [c] School of Computer Science and Engineering, Yulin Normal University, Guangxi, China
Correspondence:
[*]
Corresponding author. Bing Xu, School of Computer Science, Guangdong University of Petrochemical Technology, Guangdong, 525000, China. E-mail: [email protected].
Abstract: Network security issues have become increasingly prominent, and information security risk assessment is an important part of network security protection. Security risk assessment based on methods such as attack trees, attack graphs, neural networks, and fuzzy logic has problems such as difficulty in data collection during the assessment process, excessive reliance on expert experience, failure to consider the actual network environment, or ineffective joint application. The qualitative and quantitative information security fuzzy comprehensive evaluation method uses the theory of fuzzy mathematics to better solve the above problems, so that the evaluation method is scientific, comprehensive and operable. To improve the accuracy of information security risk assessment in wireless sensor networks, we propose a fuzzy comprehensive evaluation method based on Bayesian attack graphs. This considers the impact of environmental factors of the assessed system on security risk and the spread of the effects on the Bayesian network. Therefore, this model can reflect possible situations due to network attacks in the wireless sensor network system. The results show that this quantitative evaluation method is applicable to assessing risk in wireless sensor network systems, and the results are more objective and accurate.
