A Fusion Model for Network Threat Identification and Risk Assessment

Author

Ma, Jie ; Li, Zhi-Tang ; Zhang, Hong-wu

Author_Institution

Comput. Sci. Dept., Huazhong Univ. of Sci. & Technol., Wuhan, China

Volume

1

fYear

2009

fDate

7-8 Nov. 2009

Firstpage

314

Lastpage

318

Abstract

Current practice for real-time security risk assessment typically takes intrusion detection systems alerts as the only source of risk factor. Their assessment results are more likely to suffer from the impact of false positive alerts in the increasingly complex and severe network security environment. This paper proposes a novel online fusion model for dynamical network risk assessment by using multiple risk factors. The model is composed by three fusion levels. First, an online alert fusion algorithm is proposed and the redundancy of the raw alerts is dramatically reduced. Then, the model employs Dempster-Shafer theory to handle uncertainties and ignorance existed in the multiple risk factors. Threats in different kinds of severity levels are identified. Finally, the whole network risk distribution is dynamically calculated and reported by using HMM approach. Experiments show the effectiveness and validity of our method.

Keywords

inference mechanisms; risk management; security of data; sensor fusion; Dempster-Shafer theory; HMM approach; network fusion model; network risk distribution; network threat identification; online alert fusion algorithm; online fusion model; risk assessment; uncertainty handling; Artificial intelligence; Asset management; Computational intelligence; Computer networks; Hidden Markov models; Information security; Intrusion detection; Protection; Real time systems; Risk management;

fLanguage

English

Publisher

ieee

Conference_Titel

Artificial Intelligence and Computational Intelligence, 2009. AICI '09. International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-4244-3835-8

Electronic_ISBN

978-0-7695-3816-7

Type

conf

DOI

10.1109/AICI.2009.487

Filename

5376182