Quantitative hierarchical threat evaluation model for network security

被引：90

作者：

State Key Laboratory of Manufacturing System, Center for Networked Systems and Information Security, Xi'an Jiaotong University, Xi'an 710049, China ^{[1
]}

不详 ^{[2
]}

机构：

[1] State Key Laboratory of Manufacturing System, Center for Networked Systems and Information Security, Xi'an Jiaotong University

[2] Center for Intelligent and Networked Systems, Tsinghua University

来源：

Ruan Jian Xue Bao | 2006年 / 4卷 / 885-897期

关键词：

Intrusion detection system; Network security; Threat evaluation model; Threat index; Threat situation;

D O I：

10.1360/jos170885

中图分类号：

学科分类号：

摘要：

Evaluating security threat status is very important in network security management and analysis. A quantitative hierarchical threat evaluation model is developed in this paper to evaluate security threat status of a computer network system and the computational method is developed based on the structure of the network and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The threat indexes of services, hosts and local networks are calculated by weighting the importance of services and hosts based on attack frequency, severity and network bandwidth consumption, and the security threat status is then evaluated. The experiment results show that this model can provide the intuitive security threat status in three hierarchies: services, hosts and local networks so that system administrators are freed from tedious analysis tasks based on the alarm datasets to have overall security status of the entire system. It is also possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security. This model is valuable for guiding the security engineering practice and developing the tool of security risk evaluation.

引用

页码：885 / 897

页数：12

共 20 条

[1] Cuppens F., Miege A., Alert correlation in a cooperative intrusion detection framework, IEEE Symp. on Security and Privacy, pp. 12-15, (2002)
[2] Qin X.Z., Lee W.K., Statistical causality analysis of INFOSEC alert data, Proc. of the 6th Int'l Symp. on Recent Advances in Intrusion Detection, pp. 73-93, (2003)
[3] Bass T., Intrusion systems and multisensor data fusion: Creating cyberspace situational awareness, Communications of the ACM, 43, 4, pp. 99-105, (2000)
[4] Ortalo R., Deswarte Y., Kaaniche M., Experimenting with quantitative evaluation tools for monitoring operational security, IEEE Trans. on Software Engineering, 25, 5, pp. 633-651, (1999)
[5] Xiao D.J., Yang S.J., Zhou K.F., Chen X.S., A study of evaluation model for network security, Journal of Huazhong University of Science and Technology (Nature Science Edition), 30, 4, pp. 37-39, (2002)
[6] Feng D.G., Zhang Y., Zhang Y.Q., Survey of information security risk assessment, Journal of China Institute of Communications, 25, 7, pp. 10-18, (2004)
[7] Bass T., Multisensor data fusion for next generation distributed intrusion detection systems, 1999 IRIS National Symp. on Sensor and Data Fusion, pp. 24-27, (1999)
[8] D'Ambrosio B., Takikawa M., Upper D., Fitzgerald J., Mahoney S., Security situation assessment and response evaluation, DARPA Information Survivability Conf. and Exposition II, pp. 387-394, (2001)
[9] Porras P., Fong M., Valdes A., A mission-impact-based approach to INFOSEC alarm correlation, Proc. of the 15th Int'l Symp. on Recent Advances in Intrusion Detection, pp. 95-114, (2002)
[10] Hariri S., Gu G.Z., Dharmagadda T., Impact analysis of faults and attacks in large-scale networks, IEEE Security and Privacy, 1, 5, pp. 49-54, (2003)

← 1 2 →