Network Security Risk Assessment Framework Based on Tactical Correlation

Power system network is one of the important targets of cyber attack.In order to ensure the safe operation of power system,network managers need to evaluate the network security risk.Usually,existing network security risk assessment framework only aims at a single scenario,and can not find the strategic attackers who use a variety of low-risk methods to achieve high-risk threat targets from large quantities of network security alerts.In order to meet the above challenges,this paper proposes a network security risk assessment method based on tactical correlation.In this method,the warning information generated on va-rious network security detection devices when an attacker implements a multi-step attack is associated to form an attack chain,and the security risk of the organization intranet is evaluated by calculating the threat,vulnerability,impact score of each node in the attack chain and the risk score of the whole attack chain.In order to verify the effectiveness and robustness of the proposed method,this paper selects a representative example to illustrate the specific implementation process of the proposed method for network security risk assessment in the organizational intranet.The example shows that the network security risk assessment framework based on the tactical association can correctly assess the harm of multi-step attack caused by low-risk alarm association to achieve high-risk targets,and is more robust than the traditional single scenario analysis method,which can better provide decision-making basis for organization decision-makers in network security risk management.