A Quantification Method for Network Security Situational Awareness Based on Conditional Random Fields

Network Security Situational Awareness(NSSA) has been a hot research spot in the network security domain. In this paper, a quantification method for NSSA based on conditional random fields(CRFs) was proposed. The data of network attacks from Intrusion Detection System (IDS), the hosts’ vulnerabilities and the hosts’ states were firstly combined as the network security factors. And then the network security threat degree was defined to quantify the risk of the whole network and classify the attacks. A diverse set of effective features were incorporated in CRFs Model. Finally the experiments on the DARPA 2000 data set generate the explicit network security situational graph. It proves that the method introduced in this paper can represent network risk more accurate and offer a good quantification for the network security situation.

[1]  Wang Hui,et al.  Survey of Network Situation Awareness System , 2006 .

[2]  Guan Xiao-hong Study and implementation of integrated network security monitoring system , 2003 .

[3]  N. Rao,et al.  Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security , 2005 .

[4]  Guan Xiaohong,et al.  Quantitative Hierarchical Threat Evaluation Model for Network Security , 2006 .

[5]  Jason Shifflet A TECHNIQUE INDEPENDENT FUSION MODEL FOR NETWORK INTRUSION DETECTION , 2005 .

[6]  Jianping Li,et al.  Research on the Application of CRFs Based on Feature Sets in Network Intrusion Detection , 2008, 2008 International Conference on Security Technology.

[7]  Jing Dong,et al.  An Optimized Method for Real Time Network Security Quantification: An Optimized Method for Real Time Network Security Quantification , 2009 .

[8]  Kjetil Haslum,et al.  Multisensor Real-time Risk Assessment using Continuous-time Hidden Markov Models , 2006, 2006 International Conference on Computational Intelligence and Security.

[9]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[10]  Li Wei An Optimized Method for Real Time Network Security Quantification , 2009 .

[11]  Kotagiri Ramamohanarao,et al.  Conditional Random Fields for Intrusion Detection , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[12]  Chen Jia-jun,et al.  Automatic Recognition of Chinese Organization Name Based on Cascaded Conditional Random Fields , 2006 .

[13]  Andrew McCallum,et al.  Conditional Random Fields: Probabilistic Models for Segmenting and Labeling Sequence Data , 2001, ICML.

[14]  Wang Hui A Method of Network Security Situation Awareness Based on Rough Set Theory , 2007 .