Abstract
In the paper, an online risk assessment model based on D-S evidence theory is presented. The model can quantitate the risk caused by an intrusion scenario in real time and provide an objective evaluation of the target security state. The results of the online risk assessment show a clear and concise picture of both the intrusion progress and the target security state. The model makes full use of available information from both IDS alerts and protected targets. As a result, it can deal with uncertainties and subjectiveness very well in its evaluation process. In IDAM&IRS, the model serves as the foundation for intrusion response decision-making.
Supported by the Annual Proposed Sci-tech Project of 2008 of Jiangxi Education Bureau (GJJ08036).
Chapter PDF
Similar content being viewed by others
Keywords
References
Ning, P., Cui, Y.: An intrusion alert correlator based on prerequisites of intrusion. Technical Report TR-2002-01, Department of Computer Science, North Carolina State University (January 2002)
Boyer, S., Dain, O., Cunningham, R.: Stellar: A fusion system for scenario construction and security risk assessment. In: Third IEEE International Workshop on Information Assurance (IWIA 2005), Maryland, USA, pp. 105–116 (2005)
Gehani, A., Kedem, G.: RheoStat:Real-Time Risk Management. In: Recent Advances in Intrusion Detection:7th International symposium (Raid 2004), Sophia Antipolis, France, September 15-17, 2004, pp. 196–314 (2004)
Arnes, A., Sallhammar, K., Haslum, K., Brekne, T., Moe, M.E.G., Knapskog, S.J.: Real-Time Risk Assessment with Network Sensors and Intrusion Detection Systems. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3801, Springer, Heidelberg (2005)
Porras, P.A., Fong, M.W., Valdes, A.: A mission-impact-based approach to INFOSEC alarm correlation. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516. Springer, Heidelberg (2002)
Ourston, D., Matzner, S., Stump, W., Hopkins, B.: Coordinated internet attacks: Responding to attack complexity. Journal of Computer Security 12(2), 165–190 (2004)
Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Trans. Dependable Secure Comput. 1(3), 146–169 (2004)
Maines, J., Kewley, D., Tinnel, L., Taylor, S.: Validation of sensor alert correlators. IEEE Security Privacy Mag. 1(1), 46–56 (2003)
Mu, C.P., Huang, H.K., Tian, S.F.: Managing Intrusion-Detection Alerts Based on Fuzzy Comprehensive Evaluation. In: 10th International Conference on Fuzzy Theory and Technology (FTT 2005), Salt Lake City, Utah, USA, July 21-26 (2005)
Mu, C.P., Huang, H.K., Tian, S.F.: False Positive Alert, Irrelevant Alert and Duplicate Alert Reduction Based on a Comprehensive Approach. Journal of Dynamics of Continuous, Discrete and Impulsive System Series B, Supplementary Issue (2006)
Mu, C.P., Huang, H.K., Tian, S.F.: Intrusion Detection Alert Verification based on Multi-level Fuzzy Comprehensive Evaluation. In: Hao, Y., Liu, J., Wang, Y.-P., Cheung, Y.-m., Yin, H., Jiao, L., Ma, J., Jiao, Y.-C. (eds.) CIS 2005. LNCS (LNAI), vol. 3801, pp. 9–16. Springer, Heidelberg (2005)
Bass, T., Robichaux, R.: Defence-in-depth: Qualitative risk analysis methodology for complex network centric operation (2004), http://www.silkroad.com/papers/pdf/archives/defense-in-depth-revisited-origintal.pdf
Caswell, B., Beale, J., Foster, J.C., Posluns, J.: Snort 2.0 Intrusion Detection. Syngress Publishing, Inc., Sebastopol (2003)
Staniford, S., Hoagland, J.A., McAlerney, J.M.: Practical automated detection of stealthy portscans. Journal of Computer Security 10(1-2), 105–136 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mu, C.P., Li, X.J., Huang, H.K., Tian, S.F. (2008). Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory. In: Jajodia, S., Lopez, J. (eds) Computer Security - ESORICS 2008. ESORICS 2008. Lecture Notes in Computer Science, vol 5283. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88313-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-88313-5_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88312-8
Online ISBN: 978-3-540-88313-5
eBook Packages: Computer ScienceComputer Science (R0)