University of Isfahan & Iranian Society of Cryptology Journal of Computing and Security 2322-4460 7 1 2020 01 01 A Risk Estimation Framework for Security Threats in Computer Networks 19 33 24611 10.22108/jcs.2020.120412.1038 EN Razieh Rezaee Data and Communication Security Lab., Computer Dept., Ferdowsi University of Mashhad, Iran. Abbas Ghaemi Bafghi Data and Communication Security Lab., Computer Dept., Ferdowsi University of Mashhad, Iran. Journal Article 2020 01 04 In security risk management of computer networks, some challenges are more serious in large networks. Specifying and estimating risks is largely dependent on the knowledge of security experts. In this paper, a framework for security risk estimation is proposed to address this issue. It represents the security knowledge required for security risk estimation and utilizes current security metrics and vulnerability databases. This framework is a major step towards automating the process of security risk estimation so that a network administrator can estimate the risk of the network with less expertise and effort. As a case study, the proposed framework is applied to a sample network to show its applicability and usability in operational environments. The comparison of results with two existing methods showed the validity of the estimations given by the proposed framework. https://jcomsec.ui.ac.ir/article_24611_ab7b840ce97ed1c990bfa82dcf61c6ab.pdf