Title :
Network Security Situation Assessment Based on Data Fusion
Author :
Mixia, Liu ; Qiuyu, Zhang ; Hong, Zhao ; Dongmei, Yu
Author_Institution :
Lanzhou Univ. of Technol., Lanzhou
Abstract :
Network security situation assessment can project the next behavior of the network by describing the current state. Security events from IDS, firewall, and other security tools are currently growing at a rapid pace. However, most intrusion event researches focus on IDS alerts, overlooking other intrusion evidence from other security tools, or they make simple integration of various security tools not inflecting the whole network state. In this paper, we described network security from the view of system. First, network situation elements are analyzed. Second, we research their correlations and present system architecture of network security situation. Third, multi-sensor correlation algorithms are analyzed that colored Petri net is used for describing the changing of system state after arrival of new events and D-S theory of evidence is used for combining the different evidence. Then, we report the experimental results on the DARPA 2000 DDoS attack scenarios and analyze them. At last, we conclude our work and present next research goal.
Keywords :
Petri nets; authorisation; graph colouring; sensor fusion; DARPA 2000 distributed denial of service attack scenarios; Dempster-Shafer theory; colored Petri net; data fusion; evidence theory; firewall; intrusion detection system; intrusion evidence; multisensor correlation algorithms; network security situation assessment; Computer networks; Computer security; Data mining; Data security; Educational institutions; Fuses; IP networks; Information security; Intrusion detection; Software tools;
Conference_Titel :
Knowledge Discovery and Data Mining, 2008. WKDD 2008. First International Workshop on
Conference_Location :
Adelaide, SA
Print_ISBN :
978-0-7695-3090-1
DOI :
10.1109/WKDD.2008.35
