• DocumentCode
    2118688
  • Title

    Intrusion Alerts Correlation Based Assessment of Network Security

  • Author

    Shi, Jin ; Hu, Guangwei ; Lu, Mingxin ; Xie, Li

  • Author_Institution
    State Key Lab. for Novel Software Technol., Nanjing Univ., Nanjing, China
  • Volume
    2
  • fYear
    2010
  • fDate
    7-8 Aug. 2010
  • Firstpage
    3
  • Lastpage
    6
  • Abstract
    Traditional network security assessment technologies are usually qualitative analyses from large variation of security factors. It is difficult to guide security managers to configure network security mechanisms. A new network security quantitative analysis method called ACRL is presented in this paper. It assesses attack sequences from credibility, risk and the loss of system and provides the assessment values to security managers. It can assess the network security mechanisms and measures in position and can help security managers adjust the corresponding security mechanisms and choose the response methods against attacks in detail. An experiment of our method shows favorable and promising results.
  • Keywords
    Internet; security of data; intrusion alerts correlation; network security assessment; network security mechanisms; qualitative analyses; quantitative analysis; security factors; Correlation; Intrusion detection; Operating systems; Position measurement; Servers; Alerts Correlation; Credibility Analysis; Risk Analysis; Security Assessment; System Loss Analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Science and Management Engineering (ISME), 2010 International Conference of
  • Conference_Location
    Xi´an
  • Print_ISBN
    978-1-4244-7669-5
  • Electronic_ISBN
    978-1-4244-7670-1
  • Type

    conf

  • DOI
    10.1109/ISME.2010.156
  • Filename
    5573875