Skip to main content
SpringerLink
Log in

Network security situation evaluation based on modified D-S evidence theory

  • Security of Network
  • Published:
Wuhan University Journal of Natural Sciences

Abstract

With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods, we propose a network security situation evaluation system based on modified D-S evidence theory is proposed. Firstly, we give a modified D-S evidence theory to improve the reliability and rationality of the fusion result and apply the theory to correlation analysis. Secondly, the attack successful support is accurately calculated by matching internal factors with external threats. Multi-module evaluation is established to comprehensively evaluate the situation of network security. Finally we use an example of actual network datasets to validate the network security situation evaluation system. The simulation result shows that the system can not only reduce the rate of false positives and false alarms, but also effectively help analysts comprehensively to understand the situation of network security.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Xu R Z, Wang Y F, Li Y K. A study of hierarchical network security situation evaluation system for electric power enterprise based on Grey Clustering Analysis [C]//2011 International Conference on Computer Science and Service System. Nanjing: IEEE Press, 2011: 1990–1995.

    Google Scholar 

  2. Hu W, Li J H, Jiang X H. A hierarchical algorithm for cyberspace situational awareness based on analytic hierarchy process [J]. High Technology Letters, 2007, 13(3):291–296.

    CAS  Google Scholar 

  3. Jia Y, Wang X, Han W H, et al. YHSSAS: Large-scale network oriented security situational awareness system [J]. Computer Science, 2011, 38(2):4–8, 37(Ch).

    Google Scholar 

  4. Lu S S, Wang X F, Mao L. Network security situa-tionawareness based on network simulation [C]//2014 IEEE Workshop on Electronics, Computer and Applications. Ottawa: IEEE Press, 2014: 512–517.

    Google Scholar 

  5. Deng C H. A scalable model for network security situation based on Endsley situation model [C]//Proceedings of the 2012 International Conference of Modern Computer Science and Applications. Berlin, Heidelberg: Springer Verlag, 2013: 137–143.

    Google Scholar 

  6. Zhang Y, Tan X B, Cui X L. Network security situation awareness approach based on Markov game model [J]. Journal of Software, 2011, 22(3):495–508(Ch).

    Article  CAS  Google Scholar 

  7. Bass T. Intrusion detection system and multisensor data fusion [J]. Communication of the ACM, 2000, 43(4):99–105.

    Article  Google Scholar 

  8. Yegneswaran V, Barford P, Paxson V. Using honeynets for Internet situational awareness [EB/OL]. [2013-09-17]. http://pages.cs.wisc.edu/~vinod/hotnets-sa.pdf.

  9. Yu D, Frincke D. Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory[EB/OL]. [2014-01-05]. http://research.microsoft.com/pubs/78838/AlertFusion-ACMSE2005.pdf.

  10. Zhang H, Su P, Feng D. Network security analysis model based on increase in attack ability [J]. Journal of Computer Research and Development, 2007, 44(12):2012–2019(Ch).

    Article  Google Scholar 

  11. Chen X, Zheng Q, Guan X H. Quantitative hierarchical threat evaluation model for network security [J]. Journal of Software, 2006, 17(4): 885–897(Ch).

    Article  Google Scholar 

  12. Liu X W, Wang H Q, Lyu H. Quantitative awareness of network security situation based on fusion [J]. Journal of Jilin University Engineering and Technology Edition, 2013, 43(6):1650–1657.

    Google Scholar 

  13. Dempster A P. Upper and lower probabilities induced by a multivalued mapping [J]. Ann Math Statist, 1967, 38(8): 325–339.

    Article  Google Scholar 

  14. Otman B, Yuan X H. Engine fault diagnosis based on multi-sensor information fusion using Dempster-Shafer evidence theory [J]. Information Fusion, 2007, 8(4): 379–386.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Key Laboratory of Computer Vision and System, Ministry of Education / Tianjin Key Laboratory of Intelligence Computing and Novel Software Technology, Tianjin University of Technology, Tianjin, 300384, China

    Chundong Wang & Yu Zhang

Authors
  1. Chundong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chundong Wang.

Additional information

Foundation item: Supported by the Foundation of Tianjin for Science and Technology Innovation (10FDZDGX00400, 11ZCKFGX00900), Key Project of Educational Reform Foundation of Tianjin Municipal Education Commission (C03-0809)

Biography: WANG Chundong, male, Professor, Ph.D., research direction: network communications and information security.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, C., Zhang, Y. Network security situation evaluation based on modified D-S evidence theory. Wuhan Univ. J. Nat. Sci. 19, 409–416 (2014). https://doi.org/10.1007/s11859-014-1033-1

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11859-014-1033-1

Key words

CLC number

Search

Navigation