Tingting Yao,Qinghua Zheng,Xiaohong Guan,Xiuzhen Chen

DOI: https://doi.org/10.3321/j.issn:0253-987X.2006.04.011

2006-01-01

Abstract:After analyzing malicious attacks against network that affect the service availability and would lead to the abnormal change of the network traffic, a method to evaluate the security situation of real-time traffic of hosts is presented. A group of statistic that can reflect the network traffic features in a fixed time window are selected as the evaluation metrics. Based on the large samples, the information entropy gain method is applied to determine the importance of evaluation results for different metrics. Then, using hierarchical weighted method, the evaluation results are regarded as the normalized abnormality value to evaluate the real time traffic of host networks. Experiments and testing show that this method can reasonably evaluate the host network abnormal flows caused by the DDoS, DoS worm and other attacks, and has good evaluation results for new attacks that cause abnormal change of network traffic.

Cuixia Gao,Zhitang Li,Lin Chen

DOI: https://doi.org/10.1109/EBISS.2009.5138070

2009-01-01

Abstract:Malicious behavior will lead to abnormal network traffic patterns. This paper presents a network traffic based method to evaluate the security situation of hosts. A group of variables that can reflect the network traffic feature in a fixed time window are selected as the evaluation metrics. Based on the large samples, we report on a preliminary proof-of-concept approach, that's logistic regression Analysis, to evaluate the probability of host that run into insecure status. The evaluation results are regarded as the normalized abnormality value to evaluate the network traffic of hosts. Experiments and testing show that this method can reasonably evaluate the host network abnormal traffic.

TAO Jing,MA Xiao-bo,ZHAO Juan,ZHENG Qing-hua

DOI: https://doi.org/10.3969/j.issn.1001-0548.2007.06.026

2007-01-01

Abstract:Abnormal behaviors of hosts are complicated and diversified caused by many factors. However, they are often incarnated by the usage of resouces such as CPU, memory, bandwidth, etc. In this paper, a novel method for anomaly detection based on Host Resource Availability (HRA) is presented. Firstly, an index system is established to describe the usage of host resource. Secondly, a normal profile of HRA is extracted by experiment. Finally, an algorithm called Double-Threshold Anomaly Detection Algorithm (DTADA ) is put forward according to the particularity of HRA. Application testing shows that our method has a satisfied result.

Gao Cuixia,Li Zhitang,Chen Lin

DOI: https://doi.org/10.1109/CCCM.2009.5270459

2009-01-01

Abstract:A framework was designed for fusing security information from multiple sources to evaluate host security risk. We selected four types of information that may good indicators of host security status, they are host resource usage, host real-time traffic, OS kernel files status and other security device information. In the information fusion module, the D-S evidence theory was used to fuse all the dynamic evidences. The weighted evidence was more effective on increasing the accuracy of the evaluation. In the calculation of weights of different variable the information entropy method was introduced to avoid subjectivity. An adaptive mechanism was also presented to adapt to dynamic host activities. Our framework is currently being developed for cyber security assessment. The initial experiments show that this framework is well suited to hardening critical infrastructure systems against cyber attack. ©2009 IEEE.

Xuesong Huo,Ming Zhang,Hongqin Zhu,Wei Li

DOI: https://doi.org/10.1109/cbd54617.2021.00052

2021-01-01

Abstract:At present, most of the security situation assessment methods for the power monitoring system only consider the network factors, ignore the security factors inside the system, and the weight distribution of assessment indicators is subjective. This paper analyzes the security factors affecting the power monitoring system, and gives the security situation assessment indicator system of the power monitoring system. On this basis, the security situation of each equipment is assessed based on Support Vector Regression, and the weight is calculated according to the importance of the security area division of the power monitoring system where different equipment is located. Finally, the overall security situation of the power monitoring system is comprehensively evaluated through weighted summation. On the one hand, it can improve the accuracy, the flexibility and the expansibility of the security situation assessment for the power monitoring system. On the other hand, it can also trace the source of security problems in the power monitoring system, which is convenient for managers to isolate risks quickly and efficiently or take defense strategies.

陈秀真,郑庆华,管晓宏,林晨光

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.12.005

2004-01-01

Abstract:Aiming at the weakness of being unable to evaluate the threat of combination of vulnerabilities on network security for most systems of security evaluation, a novel model of security evaluation based on rough set theory was put forward. This model considered the vulnerability as a security factor and the security evaluation model was built from historical evaluation records by using attribute reduction. Further, the measurement model of hierarchical security risk with three levels: security factor, service and host computer, was built, which calculated the security risk of the host by weighting the importance of service and security factor, then the security situation of the system was analyzed and evaluated. Compared with other evaluation methods, this method can create a rule-based model of security evaluation automatically and has advantage of evaluating threat of isolated security factor and combination of security factors on the same host. It can also monitor the impact of changes of the system configuration on system security. Nine useful rules for security evaluation were discovered from 7 days' evaluation records and security situation curves were established through simulation experiment, which shows that evaluation results by our method are more accurate and intuitive than others.

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan,Chenguang Lin

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.04.019

2004-01-01

Abstract:Aiming at the deficiency that is unable to provide useful security situation information encountered in the cur2 rent security evaluation systems , a hierarchical and quantitative model , which is used to evaluate security situation of net2 worked systems , and its corresponding computation method are proposed based on the importance of service , host , and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global , calculates the risk indexes of service , host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity , and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels : service , host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.

Chen,Gang Chen

DOI: https://doi.org/10.1109/aiipcc57291.2022.00077

2022-01-01

Abstract:With the rapid development and popular utilization of computer network system, the proportion of attacks against computer network system has been increasing year by year. The traditional security vulnerability assessment method only evaluates individual vulnerabilities in isolation, and the assessment results do not reflect the degree of impact of vulnerabilities on the whole network. To address this problem this paper proposes a computer network system security assessment method, which uses the CVSSv3 evaluation index to assess vulnerabilities based on vulnerability association graph and risk matrix, while taking into account the association relationship between the fore-order vulnerability nodes, back-order vulnerability nodes and the vulnerability itself. The vulnerability correlation hazard calculated by the method can accurately reflect the degree of impact of the vulnerability on the whole computer network system, and the accuracy and effectiveness of the method is proved through experiments.

Zhang Yongzheng,FANG Binxing,YUN Xiaochun

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.14.053

2005-01-01

Abstract:With increasing security problems of information technology, developers of information security products seek for the trusted security assessment by the third part. But there are some defects in present assessment methods for host software systems. This paper proposes a quantitative risk assessment approach for host system security, combining with the vulnerability information in software system. An assessment instance is given to analyze the assessment algorithm. Finally, this paper illuminates the advantages of this assessment approach.

Lina Zhu,Guoen Xia,Zuochang Zhang,Jianhua Li,Renjie Zhou

DOI: https://doi.org/10.14257/ijsia.2016.10.11.14

2016-01-01

International Journal of Security and Its Applications

Abstract:Network security situation awareness is vital important for network security supervision. In order to obtain the network security situation effectively, a multidimensional assessment method is proposed in this paper. The method is composed of three dimensions at different levels, namely vulnerability, threat and basic operation, with quantitative calculation method for each index. In the service layer, CVSS standard is adopted to assess the vulnerability situation, and simplified DREAD model is chosen for the threat situation. In the node layer, the vulnerability situation in the service layer is added with a weight, the threat situation in the service layer is accumulated according to attack paths based on Markov model, and the basic operation situation is evaluated by DS evidence fusion of several host and network performance index. In the network layer, each situation equals to weighted summation of corresponding situation in the node layer. Experimental results show the ease of use of this method, and multi-dimensional situation depicts the overall safety evolution process of network system accurately and intuitively.

Yukun Zheng,Kun Lv,Changzhen Hu

DOI: https://doi.org/10.1007/978-3-319-64701-2_25

2017-01-01

Abstract:With the rapid development of network, network security issues become increasingly important. It is a tough challenge to evaluate the network security due to the increasing vulnerabilities. In this paper, we propose a quantitative method for evaluating network security based on attack graph. We quantify the importance of nodes and the maximum reachable probability of nodes, and construct a security evaluation function to calculate the security risk score. Our approach focuses on the attacker's view and considers the most important factors that may affect the network security. The parameters we use are easily to be acquired in any network. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the security level. According to the security risk value, security professionals can take appropriate countermeasures to harden the network. Experimental results prove that this model solves the security evaluation problem efficiently.

Zhaocui Li,Huichuan Liu,Chunyan Wu

DOI: https://doi.org/10.1080/23742917.2022.2120293

2022-09-10

Journal of Cyber Security Technology

Abstract:The traditional security detection and defense methods are relatively backward, and there are many problems, such as high false alarm and missed alarm rate, and detection lag, which have been difficult to meet the requirements of computer security defense. In order to strengthen the active defense of computer network security and improve the classification and prediction performance of computer network security events, a computer network security risk assessment model based on mrmr Ig feature selection model and attack graph model is proposed. The mrmr Ig feature selection model is used to classify the characteristics of security events, and the hidden Markov chain model and attack graph model are used to predict the attack intention. The experimental results show that the classification accuracy rate of the model is 99.79%, the false alarm rate and the false alarm rate are 0.11% and 0.18%, respectively. The model can accurately predict attacks in real time, and can provide reference for timely taking targeted computer network security reinforcement and active defense measures.

Huan Wang,Zhanfang Chen,Xin Feng,Xiaoqiang Di,Dan Liu,Jianping Zhao,Xin Sui

DOI: https://doi.org/10.1007/s11277-017-5202-3

IF: 2.017

2018-01-03

Wireless Personal Communications

Abstract:In hierarchical network security situation assessment model, there are many problems, such as subjective index weight factor, large evaluation index system, large amount of calculation and low efficiency. A network security situation assessment model and quantification method based on AHP is proposed to solve this problem. The AHP analytic hierarchy process (AHP) is combined with the hierarchical model of situation assessment to simplify the situation assessment problem. The D–S evidence theory is used to fuse the fuzzy results of multi-source equipment to solve the problem of single information source and large deviation of accuracy. Through the construction of three evaluation indexes of risk situation, basic operation situation and damage situation, the problem of large evaluation index system and low evaluation efficiency is solved. AHP analytic hierarchy process is used to determine the weights of different index items, so as to avoid the subjectivity and randomness of weighting factors. The simulation results show that the model can reflect the security status of the network as a whole, and the situation assessment is accurate and can better serve the high-level decision-making.

telecommunications

Hongbin Gao,Shangxing Wang,Hongbin Zhang,Bin Liu,Dongmei Zhao,Zhen Liu

DOI: https://doi.org/10.1109/nana56854.2022.00102

2022-01-01

Abstract:This paper has a new network security evaluation method as an absorbing Markov chain-based assessment method. This method is different from other network security situation assessment methods based on graph theory. It effectively refinement issues such as poor objectivity of other methods, incomplete consideration of evaluation factors, and mismatching of evaluation results with the actual situation of the network. Firstly, this method collects the security elements in the network. Then, using graph theory combined with absorbing Markov chain, the threat values of vulnerable nodes are calculated and sorted. Finally, the maximum possible attack path is obtained by blending network asset information to determine the current network security status. The experimental results prove that the method fully considers the vulnerability and threat node ranking and the specific case of system network assets, which makes the evaluation result close to the actual network situation.

Jun'e Li,Jiaqi Liang,Quanying Liu,Donglian Qi,Jianliang Zhang,Yangrong Chen

DOI: https://doi.org/10.3389/fenrg.2022.971725

IF: 3.4

2022-01-01

Frontiers in Energy Research

Abstract:With the rapid development of integrated energy system, the large-scale and high-permeability access of distributed generations (DGs) is making the distribution networks develop into active distribution networks (ADNs). The increased complexity of ADNs also increases the vulnerabilities for cyberattacks. It is a new challenge how to evaluate the situation of an ADN so as to support the decision-making of grid control policies in the condition of cyberattacks probably occur. Hence, in this paper, we proposed a method of situation assessment for ADNs considering cyberattacks. This method is aggregated by two parts. 1) An index system is presented, which includes the indexes of DGs stability, the indexes of security risk considering cyberattacks along with the traditional safety indexes. 2) The entropy weight method is used to assign weights to each index, and taking the normal operation status of ADNs as the reference scenario, an operating situation assessment method for ADNs is proposed based on grey correlation analysis method. Finally, in order to verify the effectiveness of the proposed index system and assessment method, 12 attack scenarios are established from three categories: attacks on DGs, attacks on controllable loads and attacks on both of them, and the situation of the ADN, a case based on IEEE 33-node standard distribution system, is evaluated under each scenario.

Sun Yang,Xiong Wei

DOI: https://doi.org/10.1109/icsess.2017.8342948

2017-01-01

Abstract:The vulnerability of network or information system is the inherent reason for the existence of security risks and security risks. External threats exploit the vulnerability of the network or information system to launch attacks. Therefore, in the field of network security risk assessment technology, security vulnerability analysis takes an important position and is the basis for a network security risk assessment. This paper mainly reviews the research status of network security vulnerability analysis methods, network security quantitative evaluation method and real-time evaluation method of network security.

CHEN Xiu-Zhen,ZHENG Qing-Hua,GUAN Xiao-Hong,LIN Chen-Guang

DOI: https://doi.org/10.1360/jos170885

2006-01-01

Journal of Software

Abstract:Evaluating security threat status is very important in network security management and analysis. A quantitative hierarchical threat evaluation model is developed in this paper to evaluate security threat status of a computer network system and the computational method is developed based on the structure of the network and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The threat indexes of services, hosts and local networks are calculated by weighting the importance of services and hosts based on attack frequency, severity and network bandwidth consumption, and the security threat status is then evaluated. The experiment results show that this model can provide the intuitive security threat status in three hierarchies: services, hosts and local networks so that system administrators are freed from tedious analysis tasks based on the alarm datasets to have overall security status of the entire system. It is also possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security. This model is valuable for guiding the security engineering practice and developing the tool of security risk evaluation.

张鑫,顾庆,陈道蓄

DOI: https://doi.org/10.3969/j.issn.1002-137x.2009.09.032

2009-01-01

Computer Science

Abstract:Quality of protection can be seen as the security target of security modules when doing their security treatments,which can be judged by quantitative criteria.The question of how to evaluate whether the current software system has fulfills the quality of protection target objectively and effectively has become one of the hotspots of research.Currently,however,most security professionals use the qualitative method for security evaluation,which is highly subjective and makes the evaluation result dependent on the individual experience and thus unreliable.So what needed are substantive and quantitative security metrics.Because of the complexity and the difficulty of implementing the security metrics,a novel security evaluation model was presented in this paper,which analyzed the relative security level of given systems from the views of attack surface,denial of service and attack graph.At last,a general discussion for the process and the result of the evaluation were given.

Chen Weihua,Jiang Quanyuan,Cao Yijia

DOI: https://doi.org/10.1109/ipec.2005.207004

2005-01-01

Abstract:With the increasing utilization of HVDC system, security assessment of HVDC system has become a hot topic. This paper presents a novel approach using the framework of vulnerability to assess HVDC system security. First, equivalent models of HVDC systems, based on Markov model and logical diagram, are built to solve "dimension disaster" problem. Second, the risk index is used as an indicator of the level of security, and its sensitivity to a changing system parameter is used as an indicator of its trend. These two indicators are combined to determine the degree of HVDC system vulnerability to contingent disturbances. Finally, artificial neural network (ANN) is applied to the fast pattern recognition and classification of system vulnerability status. A case of Gezhouba-Shanghai HVDC system in China is presented to verify correctness and effectiveness of the approach.

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.