Network security situation assessment based on data fusion

Liu Mixia; Zhang Qiuyu; Zhao Hong; Yu Dongmei

doi:10.1109/WKDD.2008.35

Network security situation assessment based on data fusion

Liu Mixia, Zhang Qiuyu, Zhao Hong, Yu Dongmei

Lanzhou University of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

10 Scopus citations

Abstract

Network security situation assessment can project the next behavior of the network by describing the current state. Security events from IDS, firewall, and other security tools are currently growing at a rapid pace. However, most intrusion event researches focus on IDS alerts, overlooking other intrusion evidence from other security tools, or they make simple integration of various security tools not inflecting the whole network state. In this paper, we described network security from the view of system. First, network situation elements are analyzed. Second, we research their correlations and present system architecture of network security situation. Third, multi-sensor correlation algorithms are analyzed that Colored Petri net is used for describing the changing of system state after arrival of new events and D-S Theory of Evidence is used for combining the different evidence. Then, we report the experimental results on the DARPA 2000 DDoS attack scenarios and analyze them. At last, we conclude our work and present next research goal.

Original language	English
Title of host publication	Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD
Pages	542-545
Number of pages	4
DOIs	https://doi.org/10.1109/WKDD.2008.35
State	Published - 2008
Externally published	Yes
Event	1st International Workshop on Knowledge Discovery and Data Mining, WKDD - Adelaide, Australia Duration: 23 Jan 2008 → 24 Jan 2008

Publication series

Name	Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD

Conference

Conference	1st International Workshop on Knowledge Discovery and Data Mining, WKDD
Country/Territory	Australia
City	Adelaide
Period	23/01/08 → 24/01/08

Access to Document

10.1109/WKDD.2008.35

Cite this

@inproceedings{5b69df4382194b99a28c3aee79b389b6,

title = "Network security situation assessment based on data fusion",

abstract = "Network security situation assessment can project the next behavior of the network by describing the current state. Security events from IDS, firewall, and other security tools are currently growing at a rapid pace. However, most intrusion event researches focus on IDS alerts, overlooking other intrusion evidence from other security tools, or they make simple integration of various security tools not inflecting the whole network state. In this paper, we described network security from the view of system. First, network situation elements are analyzed. Second, we research their correlations and present system architecture of network security situation. Third, multi-sensor correlation algorithms are analyzed that Colored Petri net is used for describing the changing of system state after arrival of new events and D-S Theory of Evidence is used for combining the different evidence. Then, we report the experimental results on the DARPA 2000 DDoS attack scenarios and analyze them. At last, we conclude our work and present next research goal.",

author = "Liu Mixia and Zhang Qiuyu and Zhao Hong and Yu Dongmei",

year = "2008",

doi = "10.1109/WKDD.2008.35",

language = "英语",

isbn = "0769530907",

series = "Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD",

pages = "542--545",

booktitle = "Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD",

note = "1st International Workshop on Knowledge Discovery and Data Mining, WKDD ; Conference date: 23-01-2008 Through 24-01-2008",

}

Mixia, L, Qiuyu, Z, Hong, Z & Dongmei, Y 2008, Network security situation assessment based on data fusion. in Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD., 4470456, Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD, pp. 542-545, 1st International Workshop on Knowledge Discovery and Data Mining, WKDD, Adelaide, Australia, 23/01/08. https://doi.org/10.1109/WKDD.2008.35

Network security situation assessment based on data fusion. / Mixia, Liu; Qiuyu, Zhang; Hong, Zhao et al.
Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD. 2008. p. 542-545 4470456 (Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Network security situation assessment based on data fusion

AU - Mixia, Liu

AU - Qiuyu, Zhang

AU - Hong, Zhao

AU - Dongmei, Yu

PY - 2008

Y1 - 2008

N2 - Network security situation assessment can project the next behavior of the network by describing the current state. Security events from IDS, firewall, and other security tools are currently growing at a rapid pace. However, most intrusion event researches focus on IDS alerts, overlooking other intrusion evidence from other security tools, or they make simple integration of various security tools not inflecting the whole network state. In this paper, we described network security from the view of system. First, network situation elements are analyzed. Second, we research their correlations and present system architecture of network security situation. Third, multi-sensor correlation algorithms are analyzed that Colored Petri net is used for describing the changing of system state after arrival of new events and D-S Theory of Evidence is used for combining the different evidence. Then, we report the experimental results on the DARPA 2000 DDoS attack scenarios and analyze them. At last, we conclude our work and present next research goal.

AB - Network security situation assessment can project the next behavior of the network by describing the current state. Security events from IDS, firewall, and other security tools are currently growing at a rapid pace. However, most intrusion event researches focus on IDS alerts, overlooking other intrusion evidence from other security tools, or they make simple integration of various security tools not inflecting the whole network state. In this paper, we described network security from the view of system. First, network situation elements are analyzed. Second, we research their correlations and present system architecture of network security situation. Third, multi-sensor correlation algorithms are analyzed that Colored Petri net is used for describing the changing of system state after arrival of new events and D-S Theory of Evidence is used for combining the different evidence. Then, we report the experimental results on the DARPA 2000 DDoS attack scenarios and analyze them. At last, we conclude our work and present next research goal.

UR - http://www.scopus.com/inward/record.url?scp=50949095740&partnerID=8YFLogxK

U2 - 10.1109/WKDD.2008.35

DO - 10.1109/WKDD.2008.35

M3 - 会议稿件

AN - SCOPUS:50949095740

SN - 0769530907

SN - 9780769530901

T3 - Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD

SP - 542

EP - 545

BT - Proceedings - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD

T2 - 1st International Workshop on Knowledge Discovery and Data Mining, WKDD

Y2 - 23 January 2008 through 24 January 2008

ER -

Network security situation assessment based on data fusion

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this