Abstract
Utilizing computer aided security risk assessment, administrators can apperceive network security situation quickly and take countermeasures effectively. Most assessment methods disregard the dependencies among services, lack the evaluation against indirect risks, and seldom mention the composition of multiple source risks. Regarding the above problems, an assessment method that based on service dependency analysis is presented, which identifies the dependencies among services from operating system management information and network communication monitoring records, integrates correlative services into the network service architecture, assesses the indirect risks that propagate along dependency chains, and composes the risks that come from multiple vulnerabilities via multiple paths. Experiment indicates that the method can assess the overall risk more precisely, comprehensively and thoroughly.