In this paper a bottom-up hierarchical real-time risk assessment approach based on risk propagation is presented. The approach calculates risks of services, hosts and network caused by attack processes in real-time. Risk index and risk status are used to quantify the risk situation. These two concepts are involved with three aspects of attacks: severity, certainty and successful possibility, and with the importance of the assets. Algorithms to calculate the risk index and risk status are proposed, and implementation is briefly introduced. Risk status decay is also proposed, which is important to adaptive response.
展开▼
