基于告警验证的网络威胁评估

2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies Pub Date : 2011-10-20 DOI:10.1109/PDCAT.2011.57

Rongrong Xi, Xiao-chun Yun, Shuyuan Jin, Yongzheng Zhang

{"title":"基于告警验证的网络威胁评估","authors":"Rongrong Xi, Xiao-chun Yun, Shuyuan Jin, Yongzheng Zhang","doi":"10.1109/PDCAT.2011.57","DOIUrl":null,"url":null,"abstract":"In face of overwhelming alerts produced by firewalls or intrusion detection devices, it is difficult to assess network threats that we face. In this paper, we propose a threat assessment approach to estimate the impact of attacks on network. The approach employs the Common Vulnerability Scoring System to quantitatively assess network threats and further correlates alerts with contextual information to improve the accuracy of assessment. In the case studies, we demonstrate how the approach is applied in real networks. The experimental results show that the approach can make an accurate assessment of network threats.","PeriodicalId":137617,"journal":{"name":"2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Network Threat Assessment Based on Alert Verification\",\"authors\":\"Rongrong Xi, Xiao-chun Yun, Shuyuan Jin, Yongzheng Zhang\",\"doi\":\"10.1109/PDCAT.2011.57\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In face of overwhelming alerts produced by firewalls or intrusion detection devices, it is difficult to assess network threats that we face. In this paper, we propose a threat assessment approach to estimate the impact of attacks on network. The approach employs the Common Vulnerability Scoring System to quantitatively assess network threats and further correlates alerts with contextual information to improve the accuracy of assessment. In the case studies, we demonstrate how the approach is applied in real networks. The experimental results show that the approach can make an accurate assessment of network threats.\",\"PeriodicalId\":137617,\"journal\":{\"name\":\"2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-10-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PDCAT.2011.57\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PDCAT.2011.57","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

面对防火墙或入侵检测设备产生的大量警报，很难评估我们所面临的网络威胁。在本文中，我们提出了一种威胁评估方法来评估攻击对网络的影响。该方法采用通用漏洞评分系统对网络威胁进行定量评估，并进一步将警报与上下文信息关联起来，以提高评估的准确性。在案例研究中，我们演示了如何将该方法应用于实际网络。实验结果表明，该方法能够对网络威胁进行准确的评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Network Threat Assessment Based on Alert Verification

In face of overwhelming alerts produced by firewalls or intrusion detection devices, it is difficult to assess network threats that we face. In this paper, we propose a threat assessment approach to estimate the impact of attacks on network. The approach employs the Common Vulnerability Scoring System to quantitatively assess network threats and further correlates alerts with contextual information to improve the accuracy of assessment. In the case studies, we demonstrate how the approach is applied in real networks. The experimental results show that the approach can make an accurate assessment of network threats.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2011 12th International Conference on Parallel and Distributed Computing, Applications and Technologies

自引率

0.00%

发文量