风险传播研究是信息系统安全风险评估的重要研究方向。基于风险传播和风险传播模型, 考虑邻居节点之间的相互影响, 重新定义了信息系统网络节点的初始负荷和节点崩溃与失效的概念。引入负荷局域择优重新分配策略, 提出运用信息系统网络节点崩溃和实效节点的数目反映信息系统抵御风险传播的能力。设计了两种袭击策略, 即网络信息已知条件下的蓄意攻击和网络信息未知条件下的随机攻击, 并结合实例仿真分析了不同节点崩溃条件下的信息系统安全风险的传播问题。结果表明, 蓄意攻击策略引起的节点崩溃更易造成信息系统安全风险的迅速全域传播。

Research on risk propagation is an important direction of information system security risk evaluation.We redefined the original load of information system network and the concept of node breakdown/ failure based on risk propagation and risk propagation model as well as considering the mutual effect between the adjacent nodes.The local preferential redistribution rule of the load was proposed and the information system network node breakdown and the number of effective nodes were used to reflect the resisting ability of information system to risk propagation.Two attacking strategies deliberate attacking with known network information and random attacking without network information were designed.Information system security risk propagation under conditions of different node breakdown was analyzed through simulation.The results show that node breakdown caused by a deliberate attack is more likely to cause the rapid global propagation of information system security risk.