Abstract
With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods, we propose a network security situation evaluation system based on modified D-S evidence theory is proposed. Firstly, we give a modified D-S evidence theory to improve the reliability and rationality of the fusion result and apply the theory to correlation analysis. Secondly, the attack successful support is accurately calculated by matching internal factors with external threats. Multi-module evaluation is established to comprehensively evaluate the situation of network security. Finally we use an example of actual network datasets to validate the network security situation evaluation system. The simulation result shows that the system can not only reduce the rate of false positives and false alarms, but also effectively help analysts comprehensively to understand the situation of network security.
Similar content being viewed by others
References
Xu R Z, Wang Y F, Li Y K. A study of hierarchical network security situation evaluation system for electric power enterprise based on Grey Clustering Analysis [C]//2011 International Conference on Computer Science and Service System. Nanjing: IEEE Press, 2011: 1990–1995.
Hu W, Li J H, Jiang X H. A hierarchical algorithm for cyberspace situational awareness based on analytic hierarchy process [J]. High Technology Letters, 2007, 13(3):291–296.
Jia Y, Wang X, Han W H, et al. YHSSAS: Large-scale network oriented security situational awareness system [J]. Computer Science, 2011, 38(2):4–8, 37(Ch).
Lu S S, Wang X F, Mao L. Network security situa-tionawareness based on network simulation [C]//2014 IEEE Workshop on Electronics, Computer and Applications. Ottawa: IEEE Press, 2014: 512–517.
Deng C H. A scalable model for network security situation based on Endsley situation model [C]//Proceedings of the 2012 International Conference of Modern Computer Science and Applications. Berlin, Heidelberg: Springer Verlag, 2013: 137–143.
Zhang Y, Tan X B, Cui X L. Network security situation awareness approach based on Markov game model [J]. Journal of Software, 2011, 22(3):495–508(Ch).
Bass T. Intrusion detection system and multisensor data fusion [J]. Communication of the ACM, 2000, 43(4):99–105.
Yegneswaran V, Barford P, Paxson V. Using honeynets for Internet situational awareness [EB/OL]. [2013-09-17]. http://pages.cs.wisc.edu/~vinod/hotnets-sa.pdf.
Yu D, Frincke D. Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory[EB/OL]. [2014-01-05]. http://research.microsoft.com/pubs/78838/AlertFusion-ACMSE2005.pdf.
Zhang H, Su P, Feng D. Network security analysis model based on increase in attack ability [J]. Journal of Computer Research and Development, 2007, 44(12):2012–2019(Ch).
Chen X, Zheng Q, Guan X H. Quantitative hierarchical threat evaluation model for network security [J]. Journal of Software, 2006, 17(4): 885–897(Ch).
Liu X W, Wang H Q, Lyu H. Quantitative awareness of network security situation based on fusion [J]. Journal of Jilin University Engineering and Technology Edition, 2013, 43(6):1650–1657.
Dempster A P. Upper and lower probabilities induced by a multivalued mapping [J]. Ann Math Statist, 1967, 38(8): 325–339.
Otman B, Yuan X H. Engine fault diagnosis based on multi-sensor information fusion using Dempster-Shafer evidence theory [J]. Information Fusion, 2007, 8(4): 379–386.
Author information
Authors and Affiliations
Corresponding author
Additional information
Foundation item: Supported by the Foundation of Tianjin for Science and Technology Innovation (10FDZDGX00400, 11ZCKFGX00900), Key Project of Educational Reform Foundation of Tianjin Municipal Education Commission (C03-0809)
Biography: WANG Chundong, male, Professor, Ph.D., research direction: network communications and information security.
Rights and permissions
About this article
Cite this article
Wang, C., Zhang, Y. Network security situation evaluation based on modified D-S evidence theory. Wuhan Univ. J. Nat. Sci. 19, 409–416 (2014). https://doi.org/10.1007/s11859-014-1033-1
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11859-014-1033-1