Title :
Host risk evaluation framework based on multi-source information
Author :
Gao, Cuixia ; Li, Zhitang ; Chen, Lin
Author_Institution :
Sch. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
A framework was designed for fusing security information from multiple sources to evaluate host security risk. We selected four types of information that may good indicators of host security status, they are host resource usage, host real-time traffic, OS kernel files status and other security device information. In the information fusion module, the D-S evidence theory was used to fuse all the dynamic evidences. The weighted evidence was more effective on increasing the accuracy of the evaluation. In the calculation of weights of different variable the information entropy method was introduced to avoid subjectivity. An adaptive mechanism was also presented to adapt to dynamic host activities. Our framework is currently being developed for cyber security assessment. The initial experiments show that this framework is well suited to hardening critical infrastructure systems against cyber attack.
Keywords :
inference mechanisms; security of data; D-S evidence theory; Dempster-Shafer theory; OS kernel files status; host real-time traffic; host resource usage; host risk evaluation framework; information entropy method; information fusion module; information security; multisource information; Central Processing Unit; Computer security; Computerized monitoring; Fuses; Information entropy; Information security; Kernel; Operating systems; Remote monitoring; Telecommunication traffic; muiti-source information; risk evaluation;
Conference_Titel :
Computing, Communication, Control, and Management, 2009. CCCM 2009. ISECS International Colloquium on
Conference_Location :
Sanya
Print_ISBN :
978-1-4244-4247-8
DOI :
10.1109/CCCM.2009.5270459
