Open AccessQuantitative threat situation assessment based on alert verification
Author(s) -
Xi Rongrong,
Yun Xiaochun,
Hao Zhiyu,
Zhang Yongzheng
Publication year - 2016
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.1473
Subject(s) - computer science , situation awareness , asset (computer security) , situation analysis , computer security , situational ethics , matching (statistics) , risk analysis (engineering) , data mining , medicine , statistics , mathematics , marketing , law , political science , engineering , business , aerospace engineering
Traditional network threat situational assessment is based on raw alerts, not combined with contextual information, which influences the accuracy of assessment. In this paper, we propose a method to quantitatively assess network threat situation based on not only alerts but also contextual information. It firstly verifies alerts by matching alerts with contextual information to determine the successful probability of attacks, then analyzes the impact caused by attacks according to the severity and the corresponding asset value of them, and finally quantitatively assesses network threat situation based on the successful probability and the impact of attacks. Case studies show that the method can assess network threat situations more reasonably. Copyright © 2016 John Wiley & Sons, Ltd.