RiskTree: Decision trees for asset and process risk assessment quantification in big data platforms

RiskTree: Decision trees for asset and process risk assessment quantification in big data platforms

Currently, big data platforms are widely applied across various industries. These platforms are characterized by large scale, diverse forms, high update frequency, and rapid data flow, making it challenging to directly apply existing risk quantification methods to them. Additionally, the composition...

Full description

Saved in:
Bibliographic Details
Main Authors: Zhan Haomou, Yang Jiawei, Guo Zhenyang, Cao Jin, Zhang Dong, Zhao Xingwen, You Wei, Li Hui
Format: Article
Language:English
Published: EDP Sciences 2024-01-01
Series:Security and Safety
Subjects:
big data platform
quantitative risk assessment
machine learning
Online Access:https://sands.edpsciences.org/articles/sands/full_html/2024/01/sands20240012/sands20240012.html
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Currently, big data platforms are widely applied across various industries. These platforms are characterized by large scale, diverse forms, high update frequency, and rapid data flow, making it challenging to directly apply existing risk quantification methods to them. Additionally, the composition of big data platforms varies among enterprises due to factors such as industry, economic capability, and technical proficiency. To address this, we first developed a risk quantification assessment process tailored to different types of big data platforms, taking into account relevant laws, regulations, and standards. Subsequently, we developed RiskTree, a risk quantification system for big data platforms, which supports automated detection of configuration files, traffic, and vulnerabilities. For situations where automated detection is not feasible or permitted, we provide a customized questionnaire system to collect assets and data processing procedures. We utilize a knowledge graph (KG) to integrate and analyze the collected data. Finally, we apply a random forest algorithm to compute risk index weights, risk values, and risk levels, enabling the quantification of risks on big data platforms. To validate the proposed process, we conducted experiments on an educational big data platform. The results demonstrate that the risk index system presented in this paper objectively and comprehensively reflects the risks faced by big data platforms. Furthermore, the proposed risk assessment process not only effectively identifies and quantifies risks but also provides highly interpretable evaluation results.
ISSN:2826-1275

Similar Items