论文信息 - A Fusion Model for Network Threat Identification and Risk Assessment

A Fusion Model for Network Threat Identification and Risk Assessment

Current practice for real-time security risk assessment typically takes Intrusion Detection Systems alerts as the only source of risk factor. Their assessment results are more likely to suffer from the impact of false positive alerts in the increasingly complex and severe network security environment. This paper proposes a novel online fusion model for dynamical network risk assessment by using multiple risk factors. The model is composed by three fusion levels. First, an online alert fusion algorithm is proposed and the redundancy of the raw alerts is dramatically reduced. Then, the model employs Dempster-Shafer theory to handle uncertainties and ignorance existed in the multiple risk factors. Threats in different kinds of severity levels are identified. Finally, the whole network risk distribution is dynamically calculated and reported by using HMM approach. Experiments show the effectiveness and validity of our method.

Jie Ma | Zhi-tang Li | Hong-wu Zhang

[1] Kari Sentz,et al. Combination of Evidence in Dempster-Shafer Theory , 2002 .

[2] Paul Ammann,et al. Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[3] Ashish Gehani,et al. RheoStat: Real-Time Risk Management , 2004, RAID.

[4] OpielaNancy. Real-Time Risk Management , 2006 .

[5] Mehmet Sahinoglu,et al. Security meter: a practical decision-tree model to quantify risk , 2005, IEEE Security & Privacy Magazine.

[6] Mary Shaw,et al. Incorporating Nontechnical Attributes in Multi-attribute Analysis for Security , 2002 .

[7] Duminda Wijesekera,et al. Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[8] Shelby Evans,et al. Risk-based Systems Security Engineering: Stopping Attacks with Intention , 2004, IEEE Secur. Priv..

[9] Manu Malek,et al. Security risk analysis and evaluation , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[10] Giovanni Vigna,et al. Using Hidden Markov Models to Evaluate the Risks of Intrusions , 2006, RAID.