Abstract: In order to protect the network and evaluate the security risk of network automatically,a novel multi-agents risk evaluation model based on attack graph (MREMBAG) was presented. First, a well-structured model to manage entire evaluation process and the function architecture of primary-slave agents were designed. Then primary-slave agents constructed the attack path and generated the attack graph by using the attract graph building algorithm with the input of the dynamic data information collected by components. Finally, the risk indexes of attack path, components, hosts, the vulnerabilities and nodes correlation risk indexes were determined to calculate the target network quantitatively. The experimental results demonstrate that the MREMI3AG is a more practical and efficient way to evaluate the network security risk.

Key words: Network security, Risk evaluation, Multi Agents, Attack graph