Intrusion Alerts Correlation Based Assessment of Network Security
Traditional network security assessment technologies are usually qualitative analyses from large variation of security factors. It is difficult to guide security managers to configure network security mechanisms. A new network security quantitative analysis method called ACRL is presented in this paper. It assesses attack sequences from credibility, risk and the loss of system and provides the assessment values to security managers. It can assess the network security mechanisms and measures in position and can help security managers adjust the corresponding security mechanisms and choose the response methods against attacks in detail. An experiment of our method shows favorable and promising results.
Alerts Correlation Security Assessment Risk Analysis Credibility Analysis System Loss Analysis
Jin SHI Guangwei HU Mingxin LU Li XIE
School of National Information Security, State Key Laboratory for Novel Software Technology Nanjing State Key Laboratory for Novel Software Technology Nanjing University Nanjing, P. R. China
国际会议
西安
英文
583-586
2010-08-07(万方平台首次上网日期,不代表论文的发表时间)