Quantitative threat assessment of denial of service attacks on service availability

With increasing denial of service attacks on network infrastructure, there is an urgent need to develop technique to assess the threat of attacks on network security online. A novel model of security threat assessment relying on several predefined metrics of network performance is proposed to measure the impact of denial of service attacks on service availability in real time. This model applies the technique of D-S evidence reasoning to fuse three metrics of network performance, which are designed carefully to reflect the reliability of service availability in three perspectives. Our approach includes three steps: determining performance parameters, calculating threat index and characterizing the threat state of service availability. Compared with other methods, this method avoids the unilateral result obtained from single sensor, helps administrators to determine security threat state, and provides threat evolution of service availability over time. Testing in a real network environment shows that this method greatly improves the accuracy of threat assessment, demonstrates the impact of denial of service attacks on network security is different from the beginning to the end of DoS attacks, and provides administrators with threat evolution picture macroscopically. Moreover, it lays the foundation for administrators to adopt security response policies in real time for reliable and robust network.