Abstract
Multimedia communication network has gained remarkable popularity by a wide spectrum of users nowadays. It is easier that the potential threats conceal within the large-scale net flow of multimedia communication traffic. Once vulnerability exploitation occurs, the latent risk will be brought to the surface, causing a series of safety problems. Thus, the vulnerability analysis and threat prediction are becoming critical issues. Recently years, many investigations have been made. However, they are not sufficient. To provide a comprehensive view of the threat scenario and present a quantitative risk-aware approach, we propose a novel method for threat identification, and further we build a quantitative security risk model with it. Actually, two algorithms are proposed, namely dynamic Bayesian attack graph based threat prediction algorithm, and threat prediction based security risk quantification algorithm. The first algorithm aims to provide full prediction information with threat scenario. The second algorithm quantifies the threat in the first algorithm into the security risk from two levels: host and network. The examples indicate that our method is feasible and scalable, which enables a manager to quantify the risks of any identified threat or ongoing attack and to recognize the vulnerable multimedia devices to keep secure multimedia communication.
Similar content being viewed by others
References
Ahmad A, Abdur Rahman M, Sadiq B et al (2015) Visualization of a scale free network in a smart phone based multimedia big data environment. In Proc. BigMM’15, 286-287
Apurba KN, Medal HR, Vadlamani S (2016) Interdicting attack graphs to protect organizations from cyber-attacks A bi-level defender–attacker model. Comput Oper Res 75(11):118–131
ArcSight ESM: Enterprise security manager [OL]. 2016 available on http://cn.linkedincom/topic/enterprise-security-manager
Bass T (2000) Intrusion detection systems & multisensory data fusion: creating cyberspace situational awareness. Commun ACM 43(4):99–105
Cai Z, Zhang Q, Gan Y (2014) Intrusion intention recognition and response based on weighed plan knowledge graph. Comput Model New Techno 18(12B):151–157
Chen G, Shen D, Jose B, Cruz J (2006) Chiman Kwan,Martin Kruger, Game Theoretic Approach to Threat Prediction and Situation Awareness. Proc of 9th International Conference on Information Fusion, Florence, Italy, 789–796
Dai F, Hu Y, Zheng K, Wu B (2015) Exploring risk flow attack graph for security risk assessment. IET Inf Secur 9(6):344–353
Endsley MR (1988) Design and evaluation for situation awareness enhancement. Proc of the Human Factors Society 32nd Annual Meeting. Santa Monica, CA: Human Factors. Society:97–101
Fava DS, Byers SR, Yang SJ (2008) Projecting cyber-attacks through variable-length Markov models. IEEE Trans Inform Forensics Sec 3(3):359–369
Fredj OB (2015) A realistic graph-based alert correlation system. Sec Commun Netwk 8(15):2477–2493
Ge P, Wang J, Ren P, Gao H, Luo Y (2013) A new improved forecasting method integrated fuzzy time series with the exponential smoothing method. Int J Environ Pollut 51(3/4):206–221
Ghasemigol M, Ghaemi BA, Takabi H (2016) A comprehensive approach for network attack forecasting. Comput Sec 58:83–105
Hao YH, Han JH, Yi L, Liu L (2016) Vulnerability of complex networks under three-level-tree attacks. Physica A 462:674–683
Jiang D, Yuan Z, Zhang P, Miao L, Zhu T (2016) A traffic anomaly detection approach in communication networks for applications of multimedia medical devices. Multimed Tools Appl 75(22):1–25
Juan Y, Simon D, Susan MK (2012) Situation identification techniques in pervasive computing: a review. Pervasive Mobile Comput 8:36–66
Kim J, Ryu ES (2016) Stochastic stable buffer control for quality-adaptive HEVC video transmission in enterprise WLAN architectures. J Real-Time Image Proc 12(2):465–471
Koukopoulos D (2008) Stability of heterogeneous multimedia networks against adversarial attacks. IEEE International Conference on Communications and NETWORKING, China, pp 1259–1263
Koukopoulos D (2009) The impact of dynamic adversarial attacks on the stability of heterogeneous multimedia networks. IEEE International Conference on Multimedia Information NETWORKING and Security, Wuhan, pp 439–443
Li A, Miao Z, Cen Y, Cen Y (2016) Anomaly detection using sparse reconstructionin crowded scenes. Multimed Tools Appl. https://doi.org/10.1007/s11042-016-4115-6
Lian S, Gritzalis S (2015) Innovations in emerging multimedia communication systems. Telecommun Syst 59(3):289–290
Lin Y, Yang J, Lv Z et al (2015) A self-assessment stereo capture model applicable to the internet of things. Sensors 15(8):20925–20944
Liu S, Lin Y (2016) Network Security Risk Assessment Method Based on HMM and Attack Graph Model. Proc of 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), Shanghai, China 517-52
Lye K, Wing JM (2005) Game strategies in network security. Int J Inform Sec 4(1/2):71–86
National Vulnerability Database (2016) Available on https://web.nvd.nistgov/view/vuln/search
NIST (2012). Guide for Conducting Risk Assessments. U.S. National Institute of Standards and Technologies. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf
Ou X, Govindavajhala S, Appel AW (2005) MulVAL: A logic-based network security analyzer Proc of 14th Usenix Security Symposium, Baltimore, 113-127
Paul A, Mark V (1999) The Importance of Security in Modern Communication Networks. The 5th International Conference on Information Systems Analysis and Synthesis, Orlando, 443–450
Qu ZY, Li YY, Li P (2010) A network security situation evaluation method based on D-S evidence theory. Proc 2nd Conf Environ Sci Inform Appl Technol, Washington, DC: IEEE Comput Soc 2:496–499
Schiffman M. Common Vulnerability Scoring System (CVSS). available on https://www.first.org/cvss.Html
Serra E, Jajodia S, Pugliese A, Rullo A, Subrahmanian VS (2015) Pareto-optimal adversarial defense of enterprise systems. ACM Trans Inform Syst Sec 17(3):1–11
Shahrulniza M, Parish DJ (2007) Visualising communication network security attacks. International Conference on Information Vizualization, Zurich, pp 726–733
Tse R, Zhang L F, Lei P, Pau G (2017) Social Network Based Crowd Sensing for Intelligent Transportation and Climate Applications. Mobile Networks & Applications :1-7
Wang H, Liang Y, Li B (2010) Dynamic awareness of network security situation based on stochastic game theory Proc of 2nd IEEE International Conference on Software Engineering and Data Mining, Chengdu, 101-105
Wang L, Zou H, Su J, Li L, Chaudhry S (2013) An ARIMA-ANN hybrid model for time series forecasting. Syst Res Behav Sci 30(3):244–259
Wang Y, Li J, Meng K, Lin C, Cheng X (2013) Modeling and security analysis of enterprise network using attack-defense stochastic game Petri nets. Sec Commun Netwk 6(1):1–11
Wu J, Ota K, Dong M, Li J, Wang H (2016) Big data analysis based security situational awareness for smart grid. IEEE Trans Big Data. https://doi.org/10.1109/TBDATA.2016.2616146
Wu Y, Zhang L, Bryankinns N, Barthet M (2017) Open symphony: creative participation for audiences of live music performances. IEEE Multimed 24(1):48–62
Yang T, Yu B, Wang H et al (2015) Cryptanalysis and improvement of Panda-public auditing for shared datain cloud and internet of things. Multimed Tools Appl:1–18
Yang J, He S, Lin Y et al (2015) Multimedia cloud transmission and storage system based on internet of things. Multimed Tools Appl :1-16
Yi S, Peng Y, Xiong Q, Wang T, Dai Z (2014) Overview on attack graph generation and visualization technology. Proc of 2013 I.E. International Conference on Anti-Counterfeiting, Security and Identification
Young, Carl S (2010) Security threats and risk. Metrics and Methods for Security Risk Management (Chapter 1) 3–18 DOI: https://doi.org/10.1016/B978-1-85617-978-2.00007-1
Yu W, Zhang N, Fu X et al (2010) Self-disciplinary worms and countermeasures: modeling and analysis. IEEE Trans Parallel Distrib Syst 21(10):1501–1514
Zhang W, Yang T, Shi YQ, Peng XN, DB H (2012) A Chaotic Characteristics identification method for network security situation time series. J Inform Comput Sci 9(5):1548–7741
Acknowledgements
The authors would like to thank the reviewers for their detailed reviews and constructive comments. The authors would like to thank to Dr. Yuling Liu and Prof. Runguo Ye for their valuable discussions. This work is supported by the National High Technology Research and Development Program of China (2012AA012704, 2015AA016006), the National Key Research and Development Program of China (2016YFF0204003), the Equipment Pre-research Foundation during the 13th Five-Year Plan (61400020201), CCF-Venus “Hongyan” research plan of China (2017003) and the Key Lab of Information Network Security, Ministry of Public Security (C15604).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hu, H., Zhang, H. & Yang, Y. Security risk situation quantification method based on threat prediction for multimedia communication network. Multimed Tools Appl 77, 21693–21723 (2018). https://doi.org/10.1007/s11042-017-5602-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-017-5602-0