Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory

In the paper, an online risk assessment model based on D-S evidence theory is presented. The model can quantitate the risk caused by an intrusion scenario in real time and provide an objective evaluation of the target security state. The results of the online risk assessment show a clear and concise picture of both the intrusion progress and the target security state. The model makes full use of available information from both IDS alerts and protected targets. As a result, it can deal with uncertainties and subjectiveness very well in its evaluation process. In IDAM&IRS, the model serves as the foundation for intrusion response decision-making.

[1]  Stuart Staniford-Chen,et al.  Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..

[2]  Peng Ning,et al.  An Intrusion Alert Correlator Based on Prerequisites of Intrusions , 2002 .

[3]  Stephen Taylor,et al.  Validation of Sensor Alert Correlators , 2003, IEEE Secur. Priv..

[4]  Christopher Krügel,et al.  Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[5]  Houkuan Huang,et al.  Intrusion Detection Alert Verification Based on Multi-level Fuzzy Comprehensive Evaluation , 2005, CIS.

[6]  Robert K. Cunningham,et al.  Stellar: a fusion system for scenario construction and security risk assessment , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).

[7]  Svein J. Knapskog,et al.  Real-Time Risk Assessment with Network Sensors and Intrusion Detection Systems , 2005, CIS.

[8]  T. Bass,et al.  Defense-in-depth revisited: qualitative risk analysis methodology for complex network-centric operations , 2001, 2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277).

[9]  Dirk Ourston,et al.  Coordinated Internet attacks: responding to attack complexity , 2004, J. Comput. Secur..

[10]  Jeffrey Posluns,et al.  Snort 2.0 Intrusion Detection , 2003 .

[11]  Ashish Gehani,et al.  RheoStat: Real-Time Risk Management , 2004, RAID.

[12]  Alfonso Valdes,et al.  A Mission-Impact-Based Approach to INFOSEC Alarm Correlation , 2002, RAID.