{"title":"基于数据融合的网络安全态势评估","authors":"Mixia Liu, Qiuyu Zhang, Zhao Hong, Dongmei Yu","doi":"10.1109/WKDD.2008.35","DOIUrl":null,"url":null,"abstract":"Network security situation assessment can project the next behavior of the network by describing the current state. Security events from IDS, firewall, and other security tools are currently growing at a rapid pace. However, most intrusion event researches focus on IDS alerts, overlooking other intrusion evidence from other security tools, or they make simple integration of various security tools not inflecting the whole network state. In this paper, we described network security from the view of system. First, network situation elements are analyzed. Second, we research their correlations and present system architecture of network security situation. Third, multi-sensor correlation algorithms are analyzed that colored Petri net is used for describing the changing of system state after arrival of new events and D-S theory of evidence is used for combining the different evidence. Then, we report the experimental results on the DARPA 2000 DDoS attack scenarios and analyze them. At last, we conclude our work and present next research goal.","PeriodicalId":101656,"journal":{"name":"First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008)","volume":"90 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":"{\"title\":\"Network Security Situation Assessment Based on Data Fusion\",\"authors\":\"Mixia Liu, Qiuyu Zhang, Zhao Hong, Dongmei Yu\",\"doi\":\"10.1109/WKDD.2008.35\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network security situation assessment can project the next behavior of the network by describing the current state. Security events from IDS, firewall, and other security tools are currently growing at a rapid pace. However, most intrusion event researches focus on IDS alerts, overlooking other intrusion evidence from other security tools, or they make simple integration of various security tools not inflecting the whole network state. In this paper, we described network security from the view of system. First, network situation elements are analyzed. Second, we research their correlations and present system architecture of network security situation. Third, multi-sensor correlation algorithms are analyzed that colored Petri net is used for describing the changing of system state after arrival of new events and D-S theory of evidence is used for combining the different evidence. Then, we report the experimental results on the DARPA 2000 DDoS attack scenarios and analyze them. At last, we conclude our work and present next research goal.\",\"PeriodicalId\":101656,\"journal\":{\"name\":\"First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008)\",\"volume\":\"90 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-01-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"28\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WKDD.2008.35\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WKDD.2008.35","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network Security Situation Assessment Based on Data Fusion
Network security situation assessment can project the next behavior of the network by describing the current state. Security events from IDS, firewall, and other security tools are currently growing at a rapid pace. However, most intrusion event researches focus on IDS alerts, overlooking other intrusion evidence from other security tools, or they make simple integration of various security tools not inflecting the whole network state. In this paper, we described network security from the view of system. First, network situation elements are analyzed. Second, we research their correlations and present system architecture of network security situation. Third, multi-sensor correlation algorithms are analyzed that colored Petri net is used for describing the changing of system state after arrival of new events and D-S theory of evidence is used for combining the different evidence. Then, we report the experimental results on the DARPA 2000 DDoS attack scenarios and analyze them. At last, we conclude our work and present next research goal.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
