期刊名称:International Journal of Security and Its Applications
印刷版ISSN:1738-9976
出版年度:2015
卷号:9
期号:3
页码:383-388
DOI:10.14257/ijsia.2015.9.3.30
出版社:SERSC
摘要:Most situation evaluation methods suffer from the false positives and false negatives of detection systems seriously, without considering authorization and dependence relationships, unable to reflect indirect threats, and whose assessment results guide dynamic defense poorly. Upon these problems, an evaluation method whose core consists of multi-source fusion decision, threat spread analysis and attack intention guess is presented. First, the decision-level fusion of multi-source detection logs and attack alerts is introduced to improve detection rate or reduce false alarm rate. Afterwards, the direct threats imposed by attacks, the indirect threats caused by spreading along dependence relationships, and the nonlinear overlapping effects under multiple concurrent attacks are evaluated. Finally, covering and clustering method is utilized to guess attack intentions. Experiments show that the method proposed can not only weaken the impact imposed on assessment result by false positive or false negative effectively, reveal security situation more deeply and accurately, but also guide dynamic defense preferably.
