| ¡¡ | Chinese Journal of Computers Full Text |
| Title | An Optimized Method for Real Time Network Security Quantification |
| Authors | LI Wei-Ming LEI Jie DONG Jing LI Zhi-Tang |
| Address | (School of Computer Science, Huazhong University of Science and Technology, Wuhan 430074) |
| Year | 2009 |
| Issue | No.4(793¡ª804) |
| Abstract & Background | Abstract Exactly assessing the security risk of a network is the key to improving the security level of a network. The Hidden Markov Model based real time network security risk quantification method can get the risk value and evaluate the threat dynamically and timely, whose input is Intrusion Detection System alerts. But it¡¯s complex to configure and it tends to acquire errors. These faults are resolved in an optimized method presented in this paper. The optimized method improves the accuracy and simplifies the configuration with automatically calculate matrixes in HMM. First, it combines IDS alert, host information and asset value to define the threat of an attack. The threat is more accurate than the alert and is applied to classify attacks. Second, the new method uses the genetic algorithm to generate the HMM status transformation matrix and observation matrix automatically, and it defines risk description rules as the genetic algorithm optimization target. The risk description rule provides a formal method to characterize the network security risk, and the rule base can be used as the test criterion for other risk assessment methods. At last, the comparative experiment and DARPA 2000 data experiment obtain good results and prove that this method is practical to measure the risk of network security. Keywords network security; risk assessment; hidden Markov model Background If you can¡¯t quantify something, you can¡¯t control it. The same is network security risk. So, Security assessment of a network is the key to improving the security level of the network. There are many methods to quantify the network security risk, but they also have many faults. The Hidden Markov Model based method, result of lately research, is real time, dynamically and timely, but it is also complex to configure and it tends to acquire errors. These faults are resolved in an optimized method presented in this paper. The optimized method improves the accuracy and simplifies the configuration with automatically calculate matrixes in HMM. It presents the way to define the threat of an attack and uses the genetic algorithm to generate the HMM status transformation matrix and observation matrix automatically. The most important innovation is that it defines risk description rules as the genetic algorithm optimization target. The risk description rule provides a formal method to characterize the network security risk, and the rule base can be used as the test criterion for other risk assessment methods. Several experiments are provided in the paper to verify the effect of this method. The work is supported in part by the National Natural Science Foundation of China under grant No.60573120, ¡°The P2P Network Key Security Problems Research¡±. This paper is to resolve the problem in the project that whether a network is security and its security risk level. |