Yang Yu, Jian Wang, Jiqiang Liu, Lei Han, Xudong He, Shaohua Lv
{"title":"基于网络安全属性的多维威胁态势评估","authors":"Yang Yu, Jian Wang, Jiqiang Liu, Lei Han, Xudong He, Shaohua Lv","doi":"10.1109/ICCCN.2018.8487387","DOIUrl":null,"url":null,"abstract":"Cyber-attacks become more and more complex, but the network situation assessment based on log analysis cannot meet the security requirements because of the low quality of logs and alerts. This paper addresses the lack of consideration of security attributes of hosts and attacks in network. What's more, the most common attacks, identity and effectiveness of Distributed Denial of Service (DDoS) are hard to be proved in risk assessment based on alerts and flow matching. The multi-dimension threat situation assessment method based on network security attributes is proposed in this paper. Firstly, it gives an adaptive Common Vulnerability Scoring System (CVSS) calculation, which considers asset value as environment metric. Secondly, it collects deterioration rate of properties by sensors in hosts and network, that aims at assessing the time and level of DDoS attacks. Thirdly, it adopts the distribution of asset value in security attributes considering the features of attacks and network, which aims at assessing and showing the whole situation. Experiments demonstrate that the results show the primary threat and security requirement of network. By comparison and analytic study, the method reflects more in security requirement and security risk situation than traditional methods based on alert and flow analyzing.","PeriodicalId":399145,"journal":{"name":"2018 27th International Conference on Computer Communication and Networks (ICCCN)","volume":"164 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Multi-Dimension Threat Situation Assessment Based on Network Security Attributes\",\"authors\":\"Yang Yu, Jian Wang, Jiqiang Liu, Lei Han, Xudong He, Shaohua Lv\",\"doi\":\"10.1109/ICCCN.2018.8487387\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber-attacks become more and more complex, but the network situation assessment based on log analysis cannot meet the security requirements because of the low quality of logs and alerts. This paper addresses the lack of consideration of security attributes of hosts and attacks in network. What's more, the most common attacks, identity and effectiveness of Distributed Denial of Service (DDoS) are hard to be proved in risk assessment based on alerts and flow matching. The multi-dimension threat situation assessment method based on network security attributes is proposed in this paper. Firstly, it gives an adaptive Common Vulnerability Scoring System (CVSS) calculation, which considers asset value as environment metric. Secondly, it collects deterioration rate of properties by sensors in hosts and network, that aims at assessing the time and level of DDoS attacks. Thirdly, it adopts the distribution of asset value in security attributes considering the features of attacks and network, which aims at assessing and showing the whole situation. Experiments demonstrate that the results show the primary threat and security requirement of network. By comparison and analytic study, the method reflects more in security requirement and security risk situation than traditional methods based on alert and flow analyzing.\",\"PeriodicalId\":399145,\"journal\":{\"name\":\"2018 27th International Conference on Computer Communication and Networks (ICCCN)\",\"volume\":\"164 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 27th International Conference on Computer Communication and Networks (ICCCN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCN.2018.8487387\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 27th International Conference on Computer Communication and Networks (ICCCN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2018.8487387","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Multi-Dimension Threat Situation Assessment Based on Network Security Attributes
Cyber-attacks become more and more complex, but the network situation assessment based on log analysis cannot meet the security requirements because of the low quality of logs and alerts. This paper addresses the lack of consideration of security attributes of hosts and attacks in network. What's more, the most common attacks, identity and effectiveness of Distributed Denial of Service (DDoS) are hard to be proved in risk assessment based on alerts and flow matching. The multi-dimension threat situation assessment method based on network security attributes is proposed in this paper. Firstly, it gives an adaptive Common Vulnerability Scoring System (CVSS) calculation, which considers asset value as environment metric. Secondly, it collects deterioration rate of properties by sensors in hosts and network, that aims at assessing the time and level of DDoS attacks. Thirdly, it adopts the distribution of asset value in security attributes considering the features of attacks and network, which aims at assessing and showing the whole situation. Experiments demonstrate that the results show the primary threat and security requirement of network. By comparison and analytic study, the method reflects more in security requirement and security risk situation than traditional methods based on alert and flow analyzing.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
