Abstract
Aiming at the deficiency that is unable to provide useful security situation information encountered in the current security evaluation systems, a hierarchical and quantitative model, which is used to evaluate security situation of networked systems, and its corresponding computation methods are proposed based on the importance of service, host, and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global, calculates the risk indexes of service, host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity, and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels: service, host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.
| Original language | English |
|---|---|
| Pages (from-to) | 404-408 |
| Number of pages | 5 |
| Journal | Hsi-An Chiao Tung Ta Hsueh/Journal of Xi'an Jiaotong University |
| Volume | 38 |
| Issue number | 4 |
| State | Published - Apr 2004 |
Keywords
- Intrusion detection system
- Network security
- Risk index
- Security assessment
- Situation curve
- Situation evaluation