This paper presents a wireless risk assessment method to help an administrator manage wireless network security. The assessment method consists of a risk model and an assessment measure. The risk model is in charge of modeling the wireless network risk. Security requirements, wireless attacks, and system configurations are considered in the model. The assessment measure is an algorithm which determines the risk value of the wireless network according to the risk model. Our risk model is developed upon an extended analytic hierarchy process, which contains the 4 layers: the risk layer, the requirement layer, the attack layer, and the configuration layer. The separate layers of the risk model are helpful in dealing with the dynamics of a wireless network because only the related layers are introduced to the assessment measure when changes of the network are detected. Based on the risk model per device, our assessment measure evaluates the wireless network risk in consideration of the relations between devices, attacks, and configurations. Hence, our risk assessment method, composed of the risk model and the assessment measure, can determine the wireless network risk efficiently while considering the dependencies in the wireless network. Two examples are introduced in this paper to examine the feasibility of our method. In the first example, we demonstrate that the risk values derived by our method meet the ground truth by performing practical experiments. The second example shows that our method can evaluate the risk of a changing wireless network with efficiency, and can distinguish disparities in different wireless networks.
- Analytic hierarchy process (AHP)
- risk assessment
- wireless security