A situation assessment and prediction mechanism for network security situation awareness
Loading...
Date
2016-07
Authors
Leau Yu Beng
Journal Title
Journal ISSN
Volume Title
Publisher
Universiti Sains Malaysia
Abstract
Network intrusion attempts have reached an alarming level. Cisco's 2014
Security Report indicated that 50,000 network intrusions were detected and 80 million
suspicious web requests were blocked daily. Hence, Intrusion Prevention System (IPS)
had been chosen as a defence mechanism in many organizations. However, the
University of South Wales reported that seven big-brand IPS had failed to detect and
block 34% - 49% of attacks in web-based applications. The accuracy of IPS can be
improved if the network situation is also considered in preventing intrusion attempts.
Knowledge about current and incoming network security situation is required before
any precaution can be taken. Situation assessment and prediction are two main phases
of Network Security Situation Awareness. The existing assessment models do not
consider cost factor as an assessment criterion. Moreover, there has been a lack of
standard guidelines to determine the importance of network assets. On prediction,
training self-learning detectors are difficult due to incomplete and insufficient data.
Furthermore, First-order One-variable grey model (GM(l, 1 )) has not been suitable to
predict non-stationary random sequence. In addition, mean generation sequence
depresses the model precision with delay error.
Description
Keywords
Computer networks , Security measures , Computer security