Research on Railway Network Data Security Risk Assessment Method Based on Attack and Defense Resource Allocation
Authors: 
Guangjie Zhu, Yizhuo Wu, Qi Li, Honglei YaoAuthors Info & Claims
Guangjie Zhu, Yizhuo Wu, Qi Li, Honglei YaoAuthors Info & ClaimsPages 805 - 814
Abstract
To conduct security risk assessment on railway network data, a railway network data security risk assessment method based on attack and defense resource allocation is proposed for risk value calculation. Firstly, we analyze the security risk of railway network data leakage, draw the corresponding fault tree, and calculate the probability of attack path occurrence. Secondly, the Analytic Hierarchy Process is used to calculate security risk losses. Finally, a simulation experiment is conducted to calculate the risk values of different strategies used by both attacker and defender to allocate attack and defense resources, and analyze them. When attacker uses the same strategy to allocate attack resources, different strategies for allocating defense resources will result in a risk value change of 1.3% to 35.1%. The results indicate that the proposed railway network data security risk assessment method can effectively simulate actual attack and defense situations, and has good differentiation for different attack and defense strategies.
References
[1]
Secretariat of the National Information Security Standardization Technical Committee. Practice Guide for Network Security Standards - Implementation Guidelines for Network Data Security Risk Assessment. [EB/OL]. 2023, 05-29. [2023-10-20].https://www.tc260.org.cn/upload/2023-05-29/1685346726882022691.pdf.
[2]
Zeng Lingping, Liu Yu, Lu Zhengpeng, Research and practical exploration of data security risk assessment methods [J]. Financial Technology Era, 2023,31 (04): 11-16
[3]
Li Bobo, Zhang Mingfei. Medical data security risk assessment based on probability hesitant fuzzy sets [J]. Modern Information Technology, 2023,7 (06): 102-106.
[4]
Huang Yong, Jiao Zilong, Yang Suili, Research on Risk Assessment Methods for Customs Data Security [J]. Network Security Technology and Application, 2023, (03): 96-99.
[5]
Li Anlun, Liu Longgeng, Ma Shimin. Research on Security Risk Assessment Methods for Government Data [J]. Network Security and Informatization, 2022, (06): 9-12.
[6]
Juan E, Taher A S, James D, Assessing Health Data Security Risks in Global Health Partnerships: Development of a Conceptual Framework. [J]. JMIR formative research, 2021, 5(12):
[7]
Yao Honglei, Liu Guoliang, Xie Chenhui, CTCS network security risk assessment method under AHP strategy [J]. China Railway Science, 2023, 44 (04): 241-250.
[8]
Aktayeva A, Makatov Y, Tulegenovna K A, Cybersecurity Risk Assessments within Critical Infrastructure Social Networks [J]. Data, 2023, 8(10):
[9]
Ministry of Industry and Information Technology. Guidelines for the Reporting and Sharing of Data Security Risk Information in the Field of Industry and Information Technology (Trial) [EB/OL]. 2021, 12-22. [2023-10-20]. https://wap.miit.gov.cn/cms_files/filemanager/1226211233/attach/202112/80f8e64f1e7647249036de224320c5b8.pdf.
[10]
Information Technology - Data Security; National Kaohsiung University of Science and Technology Reports Findings in Data Security (pISRA: privacy considered information security risk assessment model) [J]. Computer Technology Journal, 2020.
Index Terms
- Research on Railway Network Data Security Risk Assessment Method Based on Attack and Defense Resource Allocation
Recommendations
Cybersecurity risk assessment method of ICS based on attack-defense tree model
Cybersecurity risk assessment is an important means of effective response to network attacks on industrial control systems. However, cybersecurity risk assessment process is susceptible to subjective and objective effects. To solve this problem, this ...
A Game Theoretical Attack-Defense Model Oriented to Network Security Risk Assessment
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 06How to quantify the threat probability in network security risk assessment is an important problem to be solved. Most of the existing methods tend to consider the attacker and defender separately. However, the decision to perform the attack is a trade-...
Research on Network Risk Assessment Based on Attack Probability
IWCSE '09: Proceedings of the 2009 Second International Workshop on Computer Science and Engineering - Volume 02A quantitative risk evaluation method for network security is proposed based on analyzing the process that attackers intrude network. The analysis depends on modeling attack activities and attack processes by tracking the transferring of safety states. ...
Comments
Information & Contributors
Information
Published In
November 2023
1156 pages
ISBN:9798400716478
DOI:10.1145/3656766
Copyright © 2023 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 June 2024
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICBAR 2023
ICBAR 2023: 2023 3rd International Conference on Big Data, Artificial Intelligence and Risk Management
November 24 - 26, 2023
Chengdu, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 19Total Downloads
- Downloads (Last 12 months)19
- Downloads (Last 6 weeks)10
Reflects downloads up to 02 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format