Yu Fei,Zhu Miao-liang,Chen Yu-feng,Li Ren-fa,Xu Cheng

DOI: https://doi.org/10.1007/bf02828642

2005-01-01

Abstract:Intrusion detection system can make effective alarm for illegality of network users, which is absolutely necessarily and important to build security environment of communication base service. According to the principle that the number of network traffic can affect the degree of self-similar traffic, the paper investigates the variety of self-similarity resulted from unconventional network traffic. A network traffic model based on normal behaviors of user is proposed and the Hurst parameter of this model can be calculated. By comparing the Hurst parameter of normal traffic and the self-similar parameter, we can judge whether the network is normal or not and alarm in time.

Renjie Zhou,Xiao Wang,Jingjing Yang,Wei Zhang,Sanyuan Zhang

DOI: https://doi.org/10.1155/2021/5560185

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:The prosperity of mobile networks and social networks brings revolutionary conveniences to our daily lives. However, due to the complexity and fragility of the network environment, network attacks are becoming more and more serious. Characterization of network traffic is commonly used to model and detect network anomalies and finally to raise the cybersecurity awareness capability of network administrators. As a tool to characterize system running status, entropy-based time-series complexity measurement methods such as Multiscale Entropy (MSE), Composite Multiscale Entropy (CMSE), and Fuzzy Approximate Entropy (FuzzyEn) have been widely used in anomaly detection. However, the existing methods calculate the distance between vectors solely using the two most different elements of the two vectors. Furthermore, the similarity of vectors is calculated using the Heaviside function, which has a problem of bouncing between 0 and 1. The Euclidean Distance-Based Multiscale Fuzzy Entropy (EDM-Fuzzy) algorithm was proposed to avoid the two disadvantages and to measure entropy values of system signals more precisely, accurately, and stably. In this paper, the EDM-Fuzzy is applied to analyze the characteristics of abnormal network traffic such as botnet network traffic and Distributed Denial of Service (DDoS) attack traffic. The experimental analysis shows that the EDM-Fuzzy entropy technology is able to characterize the differences between normal traffic and abnormal traffic. The EDM-Fuzzy entropy characteristics of ARP traffic discovered in this paper can be used to detect various types of network traffic anomalies including botnet and DDoS attacks.

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan,Chenguang Lin

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.04.019

2004-01-01

Abstract:Aiming at the deficiency that is unable to provide useful security situation information encountered in the cur2 rent security evaluation systems , a hierarchical and quantitative model , which is used to evaluate security situation of net2 worked systems , and its corresponding computation method are proposed based on the importance of service , host , and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global , calculates the risk indexes of service , host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity , and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels : service , host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.

Yukun Zheng,Kun Lv,Changzhen Hu

DOI: https://doi.org/10.1007/978-3-319-64701-2_25

2017-01-01

Abstract:With the rapid development of network, network security issues become increasingly important. It is a tough challenge to evaluate the network security due to the increasing vulnerabilities. In this paper, we propose a quantitative method for evaluating network security based on attack graph. We quantify the importance of nodes and the maximum reachable probability of nodes, and construct a security evaluation function to calculate the security risk score. Our approach focuses on the attacker's view and considers the most important factors that may affect the network security. The parameters we use are easily to be acquired in any network. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the security level. According to the security risk value, security professionals can take appropriate countermeasures to harden the network. Experimental results prove that this model solves the security evaluation problem efficiently.

Jian Chen,Mingyuan Yang

DOI: https://doi.org/10.1145/3523181.3523192

2022-01-01

Abstract:Network security situation assessment is a research hotspot in the field of information security, which is strong in real-time performance. However, most of the current real-time situation assessment technologies are very complicated and do poorly in real-time performance. Hence, this paper puts forward a real-time situation assessment method based on the threat propagation model. This method establishes a threat propagation model of real-time situation assessment, in order to calculate the threat degree of threat propagation source to target network, and to evaluate the real-time situation assessment from two layers which includes the network node layer and the whole network layer. The results of simulation experiment show that the method proposed in this paper can evaluate the potential threats according to the current attack scenarios, and can achieve a real-time assessment on the attacks in the network since the situation of real-time network attacks change obviously. In short, the effectiveness, accuracy and real-time performance of the proposed method are verified by comparative experiments.

Jun'e Li,Jiaqi Liang,Quanying Liu,Donglian Qi,Jianliang Zhang,Yangrong Chen

DOI: https://doi.org/10.3389/fenrg.2022.971725

IF: 3.4

2022-01-01

Frontiers in Energy Research

Abstract:With the rapid development of integrated energy system, the large-scale and high-permeability access of distributed generations (DGs) is making the distribution networks develop into active distribution networks (ADNs). The increased complexity of ADNs also increases the vulnerabilities for cyberattacks. It is a new challenge how to evaluate the situation of an ADN so as to support the decision-making of grid control policies in the condition of cyberattacks probably occur. Hence, in this paper, we proposed a method of situation assessment for ADNs considering cyberattacks. This method is aggregated by two parts. 1) An index system is presented, which includes the indexes of DGs stability, the indexes of security risk considering cyberattacks along with the traditional safety indexes. 2) The entropy weight method is used to assign weights to each index, and taking the normal operation status of ADNs as the reference scenario, an operating situation assessment method for ADNs is proposed based on grey correlation analysis method. Finally, in order to verify the effectiveness of the proposed index system and assessment method, 12 attack scenarios are established from three categories: attacks on DGs, attacks on controllable loads and attacks on both of them, and the situation of the ADN, a case based on IEEE 33-node standard distribution system, is evaluated under each scenario.

张鑫,顾庆,陈道蓄

DOI: https://doi.org/10.3969/j.issn.1002-137x.2009.09.032

2009-01-01

Computer Science

Abstract:Quality of protection can be seen as the security target of security modules when doing their security treatments,which can be judged by quantitative criteria.The question of how to evaluate whether the current software system has fulfills the quality of protection target objectively and effectively has become one of the hotspots of research.Currently,however,most security professionals use the qualitative method for security evaluation,which is highly subjective and makes the evaluation result dependent on the individual experience and thus unreliable.So what needed are substantive and quantitative security metrics.Because of the complexity and the difficulty of implementing the security metrics,a novel security evaluation model was presented in this paper,which analyzed the relative security level of given systems from the views of attack surface,denial of service and attack graph.At last,a general discussion for the process and the result of the evaluation were given.

Hongbin Gao,Shangxing Wang,Hongbin Zhang,Bin Liu,Dongmei Zhao,Zhen Liu

DOI: https://doi.org/10.1109/nana56854.2022.00102

2022-01-01

Abstract:This paper has a new network security evaluation method as an absorbing Markov chain-based assessment method. This method is different from other network security situation assessment methods based on graph theory. It effectively refinement issues such as poor objectivity of other methods, incomplete consideration of evaluation factors, and mismatching of evaluation results with the actual situation of the network. Firstly, this method collects the security elements in the network. Then, using graph theory combined with absorbing Markov chain, the threat values of vulnerable nodes are calculated and sorted. Finally, the maximum possible attack path is obtained by blending network asset information to determine the current network security status. The experimental results prove that the method fully considers the vulnerability and threat node ranking and the specific case of system network assets, which makes the evaluation result close to the actual network situation.

Zhengbing Hu,Roman Odarchenko,Sergiy Gnatyuk,Maksym Zaliskyi,Anastasia Chaplits,Sergiy Bondar,Vadim Borovik,

DOI: https://doi.org/10.5815/ijcnis.2020.06.01

2021-12-08

International Journal of Computer Network and Information Security

Abstract:Represented paper is currently topical, because of year on year increasing quantity and diversity of attacks on computer networks that causes significant losses for companies. This work provides abilities of such problems solving as: existing methods of location of anomalies and current hazards at networks, statistical methods consideration, as effective methods of anomaly detection and experimental discovery of choosed method effectiveness. The method of network traffic capture and analysis during the network segment passive monitoring is considered in this work. Also, the processing way of numerous network traffic indexes for further network information safety level evaluation is proposed. Represented methods and concepts usage allows increasing of network segment reliability at the expense of operative network anomalies capturing, that could testify about possible hazards and such information is very useful for the network administrator. To get a proof of the method effectiveness, several network attacks, whose data is storing in specialised DARPA dataset, were chosen. Relevant parameters for every attack type were calculated. In such a way, start and termination time of the attack could be obtained by this method with insignificant error for some methods.

CHEN Xiu-Zhen,ZHENG Qing-Hua,GUAN Xiao-Hong,LIN Chen-Guang

DOI: https://doi.org/10.1360/jos170885

2006-01-01

Journal of Software

Abstract:Evaluating security threat status is very important in network security management and analysis. A quantitative hierarchical threat evaluation model is developed in this paper to evaluate security threat status of a computer network system and the computational method is developed based on the structure of the network and the importance of services and hosts. The evaluation policy from bottom to top and from local to global is adopted in this model. The threat indexes of services, hosts and local networks are calculated by weighting the importance of services and hosts based on attack frequency, severity and network bandwidth consumption, and the security threat status is then evaluated. The experiment results show that this model can provide the intuitive security threat status in three hierarchies: services, hosts and local networks so that system administrators are freed from tedious analysis tasks based on the alarm datasets to have overall security status of the entire system. It is also possible for them to find the security behaviors of the system, to adjust the security strategies and to enhance the performance on system security. This model is valuable for guiding the security engineering practice and developing the tool of security risk evaluation.

Yu Sun,Xiaorong Liu,Xiaoli Shen

DOI: https://doi.org/10.1155/2022/3170164

IF: 1.968

2022-11-19

Security and Communication Networks

Abstract:With the rapid advancement of society and the level of programming and the rapid development of computer technology, networking and information are playing an increasingly important role in the social life of the masses. Creating and developing a network information security monitoring system have become one of the most important ways to keep a computer running smoothly. Traditional information security systems cannot adapt to the ever-changing network environment. If only relying on it to maintain network security, it will be far from effective monitoring and defense. Based on the theory of network information security, this study analyzes the characteristics of network information and the information security monitoring technology at the current stage. Based on the background of big data era, a new type of computer network information security monitoring system is proposed. This system is compared with the traditional network information security monitoring system, and the performance and stability of the system are investigated, respectively. The experimental data show that the network information security monitoring system designed in this study can achieve more than 99% detection rate of external attacks in a network environment with a background traffic of 10M. Its false alarm rate is lower than 4%, and the false alarm rate is lower than 7%. The qualitative mean reaches 93.02%, indicating its good monitoring accuracy and stability. By popularizing it in the current network environment, it can effectively identify and defend information attacks and maintain the development of network information security.

computer science, information systems,telecommunications

Yuantian Miao,Zichan Ruan,Lei Pan,Yu Wang,Jun Zhang,Yang Xiang

DOI: https://doi.org/10.48550/arXiv.1804.09023

2018-04-24

Abstract:Network traffic analytics technology is a cornerstone for cyber security systems. We demonstrate its use through three popular and contemporary cyber security applications in intrusion detection, malware analysis and botnet detection. However, automated traffic analytics faces the challenges raised by big traffic data. In terms of big data's three characteristics --- volume, variety and velocity, we review three state of the art techniques to mitigate the key challenges including real-time traffic classification, unknown traffic classification, and efficiency of classifiers. The new techniques using statistical features, unknown discovery and correlation analytics show promising potentials to deal with big traffic data. Readers are encouraged to devote to improving the performance and practicability of automatic traffic analytic in cyber security.

Cryptography and Security

Qingyuan Zhou,Jianjian Luo

DOI: https://doi.org/10.1080/10798587.2016.1267444

2018-01-01

Abstract:Big data is an emerging paradigm applied to datasets whose size is beyond the ability of commonly used software tools to capture, manage, and process the data within a tolerable elapsed time. In a Smarter City, available resources are harnessed safely, sustainably and efficiently to achieve positive, measurable economic and societal outcomes. Most of the challenges of Big Data in Smart Cities are multi-dimensional and can be addressed from different multidisciplinary perspectives. Based on the above considerations, this paper combined the PSR method, the fuzzy logic model and the entropy weight method in an empirical study for feasible urban public security evaluation modeling. The PSR method was used to establish an evaluation index system regarding the essence of public security. The Entropy method was used in the weighing assignment process to verify the objectivity of this modeling. The fuzzy method was used for the quantitative analysis to determine the fuzziness of urban public security.

automation & control systems,computer science, artificial intelligence

Simon Yusuf Enoch,Jin B. Hong,Mengmeng Ge,Dong Seong Kim

DOI: https://doi.org/10.48550/arXiv.2007.03486

2020-07-07

Cryptography and Security

Abstract:Security metrics present the security level of a system or a network in both qualitative and quantitative ways. In general, security metrics are used to assess the security level of a system and to achieve security goals. There are a lot of security metrics for security analysis, but there is no systematic classification of security metrics that are based on network reachability information. To address this, we propose a systematic classification of existing security metrics based on network reachability information. Mainly, we classify the security metrics into host-based and network-based metrics. The host-based metrics are classified into metrics ``without probability" and "with probability", while the network-based metrics are classified into "path-based" and "non-path based". Finally, we present and describe an approach to develop composite security metrics and it's calculations using a Hierarchical Attack Representation Model (HARM) via an example network. Our novel classification of security metrics provides a new methodology to assess the security of a system.

Xing Li,Qianli Zhang,Jichen Liu

DOI: https://doi.org/10.3969/j.issn.1001-0505.2017.S1.004

2017-01-01

Abstract:Aiming at the problem that the distributed denial of service(DDoS)attacks often use va-rious methods, a comprehensive scoring algorithm is designed.The algorithm can combine several detection algorithms and give a comprehensive score to alarm the attacks.Due to that current DDoS detection algorithms can not provide the specific features of the attacks, an Apriori-Geo-AS algo-rithm and Kolmogorov-Smirnov test based port usage pattern classification algorithm are designed. By improving the Apriori algorithm,the source-address,port and geographic location information of the attack source are extracted more effectively.Compared the port usage pattern with the ideal port usage pattern through the Kolmogorov-Smirnov test,the attacker摧s port usage pattern is further deter-mined.Experimental results show that the comprehensive scoring based detection algorithm can achieve a false alarm rate of less than 0.2%.An analysis on the attack case in Tsinghua University campus network demonstrates the effectiveness of the attack analysis.

Anmin Xie,Cong Tang,Nike Gui,Zhuhua Cai,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ICC.2010.5502655

2010-01-01

Abstract:To protect our networks against malicious intrusions, we need to evaluate these networks security. Previous works on attack graphs have provided meaningful conclusions on security measurement. However, large attack graphs are still hard to be understood vividly, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to evaluate network security based on adjacency matrixes, which are constructed from existing attack graphs. With our model, we use gray scale images to show overall security vividly, and get quantitative evaluation scores. Moreover, we create a prioritized list of potential threatening hosts, which can help network administrators to harden network step by step. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could be completed in real time. We also give an example to show how to put our methods in practice.

Guoquan Li,Yulong Fu,Zheng Yan,Weilin Hao

DOI: https://doi.org/10.1007/978-3-030-30619-9_5

2019-01-01

Abstract:Security Metrics help network administrators master the security status and strengthen security management for many years. Recently, with the usages of many new techniques and network structures, the cyber attacks become complex and the security measurement has received more and more attentions. However, existing methods usually focus on one aspect of security and the indicators used are usually difficult to quantify, which makes it difficult to understand network security status in some real circumstance. In this paper, we consider the network system security from the perspective of attack and defense and the changes of external security environment to propose a comprehensive and quantifiable index system for network security measurement. We illustrate the corresponding theories and the usages of each selected indicators and we also complete the real-time security measurement in various attacks and defenses by using NS3 simulator. The simulation results verify the correctness and rationality of the proposed Security Measurement Index System.

Y Xiang,Y Lin,WL Lei,SJ Huang

DOI: https://doi.org/10.1049/ip-com:20040526

2004-01-01

Abstract:A new method of real-time distributed denial of service (DDOS) attack inspection is introduced, based on changes in the characteristic of network self-similarity. Using the real-time RS (R2S) algorithm, simulation experiments with real DDOS attacks and background traffic have been carried out. The results show that DDOS attacks can be detected effectively and precisely under most situations using the proposed method.

Zhaocui Li,Huichuan Liu,Chunyan Wu

DOI: https://doi.org/10.1080/23742917.2022.2120293

2022-09-10

Journal of Cyber Security Technology

Abstract:The traditional security detection and defense methods are relatively backward, and there are many problems, such as high false alarm and missed alarm rate, and detection lag, which have been difficult to meet the requirements of computer security defense. In order to strengthen the active defense of computer network security and improve the classification and prediction performance of computer network security events, a computer network security risk assessment model based on mrmr Ig feature selection model and attack graph model is proposed. The mrmr Ig feature selection model is used to classify the characteristics of security events, and the hidden Markov chain model and attack graph model are used to predict the attack intention. The experimental results show that the classification accuracy rate of the model is 99.79%, the false alarm rate and the false alarm rate are 0.11% and 0.18%, respectively. The model can accurately predict attacks in real time, and can provide reference for timely taking targeted computer network security reinforcement and active defense measures.