DocumentCode
2118688
Title
Intrusion Alerts Correlation Based Assessment of Network Security
Author
Shi, Jin ; Hu, Guangwei ; Lu, Mingxin ; Xie, Li
Author_Institution
State Key Lab. for Novel Software Technol., Nanjing Univ., Nanjing, China
Volume
2
fYear
2010
fDate
7-8 Aug. 2010
Firstpage
3
Lastpage
6
Abstract
Traditional network security assessment technologies are usually qualitative analyses from large variation of security factors. It is difficult to guide security managers to configure network security mechanisms. A new network security quantitative analysis method called ACRL is presented in this paper. It assesses attack sequences from credibility, risk and the loss of system and provides the assessment values to security managers. It can assess the network security mechanisms and measures in position and can help security managers adjust the corresponding security mechanisms and choose the response methods against attacks in detail. An experiment of our method shows favorable and promising results.
Keywords
Internet; security of data; intrusion alerts correlation; network security assessment; network security mechanisms; qualitative analyses; quantitative analysis; security factors; Correlation; Intrusion detection; Operating systems; Position measurement; Servers; Alerts Correlation; Credibility Analysis; Risk Analysis; Security Assessment; System Loss Analysis;
fLanguage
English
Publisher
ieee
Conference_Titel
Information Science and Management Engineering (ISME), 2010 International Conference of
Conference_Location
Xi´an
Print_ISBN
978-1-4244-7669-5
Electronic_ISBN
978-1-4244-7670-1
Type
conf
DOI
10.1109/ISME.2010.156
Filename
5573875
Link To Document