Research on Host-Level Security Situational Awareness
Situational assessment is significant for host-level security. Most existing approaches are generally limited to network security that is different from host-level security. In this paper, we introduce an approach to assess host security. Analyzing process and file behaviors, we propose a series of security indices, based on which we compute the value of process situation (PS) and file situation (FS). To make the results more practical, we associate the process situation with its status in operating system, and then modify the file situation by associating it with the process situation. As an output, a situation curve is drew to display recent and past security situation. The experiment results show that the model can reflect host security situation effectively and dynamically.
situational awareness assesment host security process file
ZHOU Ti WANG Xiao-fei FENG Li WANG Jing
School of Computer Science and Technology Harbin Engineering Institute Harbin, China Wuhan Digital E Wuhan Digital Engineering Institute Wuhan, China
国际会议
成都
英文
575-579
2010-07-07(万方平台首次上网日期,不代表论文的发表时间)