Security assessment method based on alarm information
A technology for alarm information and security assessment, applied in digital transmission systems, electrical components, transmission systems, etc., can solve the problems of high false alarm rate, low accuracy rate, and chaotic attack scene reconstruction in intrusion detection systems
Inactive Publication Date: 2012-02-15
JIANGSU NANDASOFT TECHNOLOGY COMPANY LIMITED +1
View PDF1 Cites 7 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0006] Due to the high false alarm rate of the current intrusion detection system, the accuracy of attack scene reconstruction directly relying on the alarm information of the intrusion detection system is not high, which will cause confusion in the attack scene reconstruction
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0042] 1. Use an acyclic directed graph to represent the reconstructed attack scenario. The generation of the attack scene graph is divided into three steps.
[0043] 1) Generate a set of initial attack scenario graphs based on the premise set and consequence set of the super-alarm type.
[0044] 2) For each attack scenario graph in the initial attack scenario graph, calculate the evidence support of each node (attack step) in it to eliminate possible false alarms.
[0045] 2. Elimination of false positive nodes in attack scenario graph G
[0046] 1) Calculate the alarm credibility C for each node in the attack scenario graph G r , Consider all C r ≤ε (ε is a minimum value set by the administrator, indicating that an alarm with an alarm credibility less than or equal to ε can be regarded as a false alarm, the same below).
[0047] 2) Eliminate no forward node and alarm credibility C r Nodes ≤ε
[0048] 3) Eliminate no backward nodes and alarm credibility C r Nodes ≤ε
[0049] 4) For the ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention provides a security assessment method based on alarm information. The method is characterized by: employing a method of associating alarm information to reconstruct attack scene, using a predicate to express a prerequisite condition and a result of attack, and employing a directed acyclic graph to express an attack scene after reconstruction. The method comprises the following steps: (1) according to a prerequisite set and a result set of a hyper-alert class, generating an initial attack scene graph set; (2) for each attack scene graph in the initial attack scene graph set, calculating each node evidence support degree, and eliminating a possible false alarm; eliminating a false alarm node in a attack scene graph G; on the basis of alarm credibility, improving an alarm association algorithm, and assessing an attack sequence after alarm association from creditability, danger and caused risk of a system; carrying out danger analysis of the attack sequence and loss analysisof a network system. According to the invention, through calculation of environmental coupling degrees, attack types, related attack information and destination system node security degrees of alarm information and a destination system, alarm information is obtained.
Description
1. Technical Field [0001] The invention relates to a safety assessment method based on alarm information. 2. Background technology [0002] With the advent of the Internet age, the scale and application fields of the Internet continue to develop, and it has penetrated into people’s daily life, economy, military, science and technology, and education, and its basic and overall status and role have become increasingly important. The network security of basic technology and facilities has become an important factor affecting social and economic development and national development strategies, and is the focus of common attention of all countries in the world. However, in the face of the increasingly complex structure and large scale of the network, especially with the network attack With the increasing prevalence of sabotage and the gradual diversification of attack tools, traditional network security protection and research can no longer meet the actual needs of network development...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): H04L12/24H04L29/06
Inventor 石进张辰高为刘建邦潘健翔
Owner JIANGSU NANDASOFT TECHNOLOGY COMPANY LIMITED