Revista de la Facultad de Ingeniería

A bottom-up hierarchical network security threat transmission model has been proposed and weights of different levels as well as calculation method of each parameter have been offered to strengthen the real time of network management and evaluate network security situation accurately. Research results have shown that the adoption of the method in this paper can understand the security status of network system intuitively. It can be found out that the bigger security threat situation evaluation index of network system, the greater security risk within the system and the higher violation degree of security strategy within network system. The adoption of longer statistical data can provide change rule of macro network security threat situation for network management work and confirm the attack features and attack time of hacker. The adoption of smaller statistical analysis time window can provide change rule of micro network security threat situation and make it easy for network situation to make real-time supervision. At the same time, the combination of consumption rate of network resources can judge attack source and method more conveniently and quickly.

Abedin M., Nessa S., Al-Shaer E. (2006).Vulnerability analysis for evaluating quality of protection of security policies. Proc of the 2nd ACM CCS Work shop on Quality of Protection. New York: ACM,49-52

Ahmed M., Al-Shaer E., Khan L. (2008).A novel quantitative approach f or measuring network security. Proc of the 27th C on f on Computer Communications. Piscataway, NJ: IEEE, 1957-1965.

Bruce D., Masami T., Daniel U. (2001). Security situation assessment and response evaluation. Proc of the 2nd DARPA Information Survivability Conference & Exposition. Los Angeles, CA: IEEE, 387-394.

Cohen F. (2004). Managing network security attack and defense strategies.

Cuppens F., Miège A. (2002). Alert correlation in a cooperative intrusion detection framework. IEEE Symp. on Security and Privacy. Oakland, 12−15.

D’Ambrosio B., Takikawa M., Upper D., Fitzgerald J., Mahoney S. (2001).Security situation assessment and response evaluation. DARPA Information Survivability Conf. & Exposition II. Anaheirn,387−394.

Hariri S., Qu G.Z., Dharmagadda T. (2003).Impact analysis of faults and attacks in large-scale networks. IEEE Security & Privacy, 1(5), 49−54.

Lippman R., Webster S., Stetson D. (2002).The effect of identifying vulnerabilities and patching software on the utility of network intrusion detection. Proc. of the 15th Int’l Symp. on Recent Advances in Intrusion Detection. Zurich, 307−326.

Mehta V., Bartzis C., Zhu H. (2006).Ranking attack graphs. Proc of the International Symposium on the Recent Advances in Intrusion Detection. Berlin: Springer-Verlay, 127-144.

Ortalo R., Deswarte Y., Kaaniche M. (1999). Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans on Software Engineering, 25(5), 633-650.

Porras P., Fong M., Valdes A. (2002). A mission-impact-based approach to INFOSEC alarm correlation. Proc. of the 15th Int’l Symp. on Recent Advances in Intrusion Detection. Zurich, 95−114.

Qin X.Z., Lee W.K. (2003).Statistical causality analysis of INFOSEC alert data. Proc. of the 6th Int’l Symp. on Recent Advances in Intrusion Detection. Pittsburgh, 73−93.

Qu G.Z., Pakash J., Kishore R., Hariri S. (2003).A framework for network vulnerability analysis.

Schneier B. (1999).Attack Trees. Dr. Dobb's Journal, 24(12), 21-29.

Sheyner O., Jha S., Wing J. (2002).Automated generation and analysis of attack graphs. Proc of the 2002 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 273-284.

Skaggs B., Blackburn B., Manes G. (2002). Network vulnerability analysis. Proc of the 45th IEEE Midwest Symp on Circuits and Systems. Piscataway, NJ: IEEE, 493-495.

Wales E. (2003).Vulnerability assessment tools. Network Security,7, 15-17.

Wang C.X., Wulf W.A. (1997).Towards a framework for security measurement. Proc. of the 20th National Information Systems SecurityConf. Baltimore.