Real-time Network Security Situation Visualization and Threat Assessment Based on Semi-Markov Process
To cope with a large amount of data in current sensed environments, decision aid tools should provide their understanding of situations in a time-efficient manner, so there is an increasing need for real-time network security situation awareness and threat assessment. In this study, the state transition model of vulnerability in the network based on semi Markov process is proposed at first. Once events are triggered by an attackers action or system response, the current states of the vulnerabilities are known. Then we calculate the transition probabilities of the vulnerability from the current state to security failure state. Furthermore in order to improve accuracy of our algorithms, we adjust the probabilities that they exploit the vulnerability according to the attackers skill level. In the light of the preconditions and post-conditions of vulnerabilities in the network, attack graph is built to visualize security situation in real time. Subsequently, we predict attack path, recognize attack intention and estimate the impact through analysis of attack graph. These help administrators to insight into intrusion steps, determine security state and assess threat. Finally testing in a network shows that this method is reasonable and feasible, and can undertake tremendous analysis task to facilitate administrators work.
security situation threat assessment semi-Markov process
Chen Junhua
School of Mathematics & Computer Science, Yunnan Nationalities University Kunming, China
国际会议
成都
英文
1779-1783
2010-12-17(万方平台首次上网日期,不代表论文的发表时间)