On the Use of Security Metrics Based on Intrusion Prevention System Event Data: An Empirical Analysis
With the increasing number of attacks on the Internet, a primary concern for organizations is the protection of their network. To do so, organizations install security devices such as intrusion prevention systems to monitor network traffic. However, data that are collected by these devices are often imperfect. The contribution of this paper is to try to define some practical metrics based on imperfect data collected by an intrusion prevention system. Since attacks greatly differ, we propose to group the attacks into several attack type groups. We then define a set of metrics for each attack type group. We introduce an approach that consists in analyzing the evolution of these metrics per attack type group by focusing on outliers in order to give an insight into an organizations security. The method is assessed for an organization of about 40,000computers. The results were encouraging: outliers could be related to security issues that, in some cases,had not been previously flagged.
Danielle Chrun Michel Cukier Gerry Sneeringer
Center for Risk and Reliability Department of Mechanical Engineering University of Maryland, College Office of Information Technology University of Maryland, College Park, USA
国际会议
11th IEEE High Assurance Systems Engineering Symposium(HASE 2008)(第十一届IEEE高可信系统工程国际研讨会)
南京
英文
49-58
2008-12-03(万方平台首次上网日期,不代表论文的发表时间)