期刊名称:International Journal of Network Security & Its Applications
印刷版ISSN:0975-2307
电子版ISSN:0974-9330
出版年度:2013
卷号:5
期号:4
DOI:10.5121/ijnsa.2013.5405
出版社:Academy & Industry Research Collaboration Center (AIRCC)
摘要:Security components such as firewalls, IDS and IPS, are the most widely adopted security devices fornetwork protection.These components are often implemented with several errors (or anomalies) that aresometimes critical. To ensure the security of their networks, administrators should detect these anomaliesand correct them. Before correcting the detected anomalies, the administrator should evaluate and classifythese latter to determine the best strategy to correct them. In this work, we propose a framework to assessand classify the detected anomalies using a three evaluation criteria: a quantitative evaluation, a semanticevaluation and multi-anomalies evaluation. The proposed process, convenient in an audit process, will bedetailed by a case study to demonstrate its usefulness
