• DocumentCode
    1835209
  • Title

    On the Use of Security Metrics Based on Intrusion Prevention System Event Data: An Empirical Analysis

  • Author

    Chrun, Danielle ; Cukier, Michel ; Sneeringer, Gerry

  • Author_Institution
    Dept. of Mech. Eng., Univ. of Maryland, College Park, MD
  • fYear
    2008
  • fDate
    3-5 Dec. 2008
  • Firstpage
    49
  • Lastpage
    58
  • Abstract
    With the increasing number of attacks on the Internet, a primary concern for organizations is the protection of their network. To do so, organizations install security devices such as intrusion prevention systems to monitor network traffic. However, data that are collected by these devices are often imperfect. The contribution of this paper is to try to define some practical metrics based on imperfect data collected by an intrusion prevention system. Since attacks greatly differ, we propose to group the attacks into several attack type groups. We then define a set of metrics for each attack type group. We introduce an approach that consists in analyzing the evolution of these metrics per attack type group by focusing on outliers in order to give an insight into an organizationpsilas security. The method is assessed for an organization of about 40,000 computers. The results were encouraging: outliers could be related to security issues that, in some cases, had not been previously flagged.
  • Keywords
    Internet; security of data; Internet attack group; empirical analysis; intrusion prevention system event data; network traffic monitoring; organization security metrics; Data analysis; Data mining; Data security; Educational institutions; Information retrieval; Information security; Intrusion detection; Monitoring; Telecommunication traffic; USA Councils; Empirical Analysis; Intrusion Prevention System; Security Metrics;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    High Assurance Systems Engineering Symposium, 2008. HASE 2008. 11th IEEE
  • Conference_Location
    Nanjing
  • ISSN
    1530-2059
  • Print_ISBN
    978-0-7695-3482-4
  • Type

    conf

  • DOI
    10.1109/HASE.2008.52
  • Filename
    4708863