关键词: 风险评估, Petri网, 模糊逻辑, 入侵检测系统

Abstract: Risk assessment is a hotspot issue in current network security management.However，current risk assessment methodologies focus on manual risk analysis of network during system design or through periodic reviews.Techniques for real-
time risk assessment of network security are scarce.This paper proposes a novel real-time risk assessment method for large scale networks that build upon existing network monitoring and Intrusion Detection Systems（IDS）.Different from most other risk assessment methods，the approach treats the risk assessment problem as a dynamical real-time inference problem rather than a static statistical filter problem using Fuzzy Logic and Petri Nets method（FLPN）.FLPN can describe the relationship between different steps carried out by intruders，alert observations and transition actions separately，and associate each intrusion state with a probability（or confidence）.Experimental results clearly show that it can locate the attackers in a short time，predict intruders’ next possible attack action，discover the potential network security risk and provide the confidence scores of risk assessment.This method can play an important role for network security assessment.

Key words: risk assessment, Petri nets, fuzzy logic, intrusion detection system