A Risk Assessment Method based on Software Behavior

Abstract

Traditional risk assessment methods have problems with the subjectivity of assessors and inaccuracy of vulnerability detection, which leads to unreliable and non-quantitative assessment results. To address these problems, this paper proposed a method to assess system risk based on software behavior. The behavior of untrusted software calling is necessarily associated with system risk, specifically, the larger the number and scope of untrusted software called, the higher risk the system faces, and vice versa. In other words, illegal operation of computers is the specific form of system risk and there is a probabilistic correlation between them. Because the number and scope of untrusted software calling can be accurately measured while risk level cannot be observed directly, this paper used a quantitative analysis method (HMM) to assess the system risk level, which ensures objectivity and accuracy of results. Furthermore, this paper analyzed and explained the risk assessment method based on software behavior through experiments.