원문정보
초록
영어
Most situation evaluation methods suffer from the false positives and false negatives of detection systems seriously, without considering authorization and dependence relationships, unable to reflect indirect threats, and whose assessment results guide dynamic defense poorly. Upon these problems, an evaluation method whose core consists of multi-source fusion decision, threat spread analysis and attack intention guess is presented. First, the decision-level fusion of multi-source detection logs and attack alerts is introduced to improve detection rate or reduce false alarm rate. Afterwards, the direct threats imposed by attacks, the indirect threats caused by spreading along dependence relationships, and the nonlinear overlapping effects under multiple concurrent attacks are evaluated. Finally, covering and clustering method is utilized to guess attack intentions. Experiments show that the method proposed can not only weaken the impact imposed on assessment result by false positive or false negative effectively, reveal security situation more deeply and accurately, but also guide dynamic defense preferably.
목차
1. Introduction
2. Fusion Decision
2.1. Training Model
2.2. Decision Method
3. Evaluation algorithm
4. Attacking Intent
4.1. Covering Method
4.2. Clustering Method
5. Experimental Analysis and Comparison
5.1. Multi-source Integration Decisions
5.2. Threat Evaluation
5.3. Comparison of Related Work
6. Conclusion
References