RiskTree: Decision Trees for Asset and Process Risk Assessment Quantification in Big Data Platforms

The inherent characteristics of big data lies in its voluminous scale, varied data formats, and swift processing velocity. The intrinsic characteristics of big data undermine the efficacy of conventional data security techniques and data management standards, consequently compromising the security of big data. As a consequence, big data possesses susceptibilities to security incidents, including unauthorized data access, data manipulation, and data compromise throughout the transmission, storage, and processing stages. Conventional information system security risk assessment methodologies are constrained by human resources and computational techniques, rendering them unsuitable for direct application to big data platforms. Consequently, there is an urgent necessity to develop a risk assessment framework tailored specifically for big data environments, capable of quantifying potential risks and losses. In response to this need, we have devised an automated risk assessment theory that assimilates the unique characteristics of big data with traditional quantitative methods, introducing a risk metric system suited to the big data context. Utilizing the risk-related data generated during operations on the big data platform, we train a decision tree model to derive the weights for each risk indicator. These weights are then employed to conduct a weighted summation of the operational risk indicators, thereby achieving a quantitative evaluation of the platform's risk profile. To substantiate the proposed framework, experiments were conducted on a simulated big data platform. The experimental outcomes demonstrate that, compared to existing quantitative risk assessment methodologies, our approach enables an automatic, objective, and efficient assessment and quantification of the risks associated with tangible assets and data processing operations within the big data platform.