Abstract
Purchase PDF (539 K)
E-mail Article
Add to my Quick Links
Cited By in Scopus (3)
Purchase PDF (162 K)
doi:10.1016/j.cose.2004.08.009 
Copyright © 2004 Elsevier Ltd All rights reserved.
Received 27 May 2004;
References and further reading may be available for this article. To view references and further reading you must purchase this article.
Abstract
How to evaluate network security threat quantitatively is one of key issues in the field of network security, which is vital for administrators to make decision on the security of computer networks. A novel model of security threat evaluation with a series of quantitative indices is proposed on the analysis of prevalent network intrusions. This model is based on multiple behavior information fusion and two indices of privilege validity and service availability that are proposed to evaluate the impact of prevalent network intrusions on system security, so as to provide security evolution over time, i.e., monitor security changes with respect to modification of security factors. The Markov model and the algorithm of D-S evidence reasoning are proposed to measure these two indices, respectively. Compared with other methods, this method mitigates the impact of unsuccessful intrusions on threat evaluation. It evaluates the impact of important intrusions on system security comprehensively and helps administrators to insight into intrusion steps, determine security state and identify dangerous intrusion traces. Testing in a real network environment shows that this method is reasonable and feasible in alleviating the tremendous task of data analysis and facilitating the understanding of the security evolution of the system for its administrators.
Keywords: Network security; Information fusion; Threat evaluation; Evaluation index; Markov model; Evidence reasoning
