Issue |
Security and Safety
Volume 3, 2024
Security and Safety in Network Simulation and Evaluation
|
|
---|---|---|
Article Number | 2024009 | |
Number of page(s) | 21 | |
Section | Information Network | |
DOI | https://doi.org/10.1051/sands/2024009 | |
Published online | 30 July 2024 |
Research Article
RiskTree: Decision trees for asset and process risk assessment quantification in big data platforms
1
School of Cyber Engineering, Xidian University, Xi’an, 710126, China
2
The State Key Laboratory of Integrated Service Network, Xi’an, 710126, China
3
National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC), Beijing, 100024, China
* Corresponding authors (email: zhangdong@cert.org.cn)
Received:
16
May
2024
Revised:
6
June
2024
Accepted:
2
July
2024
Currently, big data platforms are widely applied across various industries. These platforms are characterized by large scale, diverse forms, high update frequency, and rapid data flow, making it challenging to directly apply existing risk quantification methods to them. Additionally, the composition of big data platforms varies among enterprises due to factors such as industry, economic capability, and technical proficiency. To address this, we first developed a risk quantification assessment process tailored to different types of big data platforms, taking into account relevant laws, regulations, and standards. Subsequently, we developed RiskTree, a risk quantification system for big data platforms, which supports automated detection of configuration files, traffic, and vulnerabilities. For situations where automated detection is not feasible or permitted, we provide a customized questionnaire system to collect assets and data processing procedures. We utilize a knowledge graph (KG) to integrate and analyze the collected data. Finally, we apply a random forest algorithm to compute risk index weights, risk values, and risk levels, enabling the quantification of risks on big data platforms. To validate the proposed process, we conducted experiments on an educational big data platform. The results demonstrate that the risk index system presented in this paper objectively and comprehensively reflects the risks faced by big data platforms. Furthermore, the proposed risk assessment process not only effectively identifies and quantifies risks but also provides highly interpretable evaluation results.
Key words: Big data platform / Quantitative risk assessment / Machine learning / Big data platform / Quantitative risk assessment / Machine learning
Citation: Zhan H, Yang J, Guo Z, et al. RiskTree: Decision trees for asset and process risk assessment quantification in big data platforms. Security and Safety 2024; 3: 2024009. https://doi.org/10.1051/sands/2024009
© The Author(s) 2024. Published by EDP Sciences and China Science Publishing & Media Ltd.
This is an Open Access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.
Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.
Initial download of the metrics may take a while.