Abstract: A model of network security risk assessment system both with a quantitative evaluation theory are presented in this paper.And each relevant index,such as asset,vulnerability,threat and risk,is built up with a quantitative measurement.Design and mechanism of each module of this system are specified in this article.This model can detect unknown threats by using intrusion detection technology based on immunity in threat evaluation module.And the efficiency and the extendibility of vulnerability evaluation module are ensured by using the plug-in technology.At the end,the experiment shows that the quantitative model of risk assessment is effective approach to the evaluate network security state.

摘要： 提出一个定量的网络安全风险评估系统模型和与之对应的定量风险评估体系,并为体系中资产、威胁、脆弱性和风险等各项指标提出了相应的计算方法;论述了模型系统中各个模块的设计和机理,其中采用基于免疫的入侵检测技术使得威胁评估模块具备发现新颖威胁的能力,插件设计保证了脆弱性模块较好的扫描效率和扩展性。最后,用实验验证了该定量评估模型对评价网络安全状态的有效性。