Design of an On-Line Intrusion Forecast System with a Weather Forecasting Model

Information protection for information systems is the major concern for most of the institutes, but there are a limited number of activities for the prevention of intrusion. Though each institute establishes and operates information protection solutions such as information security control systems, counter-measures against intrusions are generally applied only after intrusions have taken place in most cases. Delayed counter-measures lead to delays in damage recovery as well as failure of timely actions to mitigate the damages. In this paper, we propose the design of an online intrusion forecast system using a weather forecasting model, allowing administrators to minimize the effects of damages in advance through an online intrusion prediction of the probable vulnerability and risks. Both the information from the sensors of information security control systems and the profiles of the information system assets are used to analyze vulnerabilities and to predict intrusion routes and the scope of damages.

[1]  Dongho Won,et al.  A Study on Security Risk Modeling over Information and Communication Infrastructure , 2004, Security and Management.

[2]  Hoh Peter In,et al.  Security Risk Vector for Quantitative Asset Assessment , 2005, ICCSA.

[3]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.

[4]  Bernhard Plattner,et al.  An economic damage model for large-scale Internet attacks , 2004, 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[5]  William J. Buchanan,et al.  An agent-based Bayesian forecasting model for enhanced network security , 2001, Proceedings. Eighth Annual IEEE International Conference and Workshop On the Engineering of Computer-Based Systems-ECBS 2001.

[6]  Dongho Won,et al.  A Time-Variant Risk Analysis and Damage Estimation for Large-Scale Network Systems , 2005, ICCSA.

[7]  Yoon-Jung Jung,et al.  The Design and Development for Risk Analysis Automatic Tool , 2004, ICCSA.