A situation assessment and prediction mechanism for network security situation awareness
Network intrusion attempts have reached an alarming level. Cisco's 2014 Security Report indicated that 50,000 network intrusions were detected and 80 million suspicious web requests were blocked daily. Hence, Intrusion Prevention System (IPS) had been chosen as a defence mechanism in many organ...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2016
|
| Subjects: | |
| Online Access: | http://eprints.usm.my/52359/1/LEAU%20YU%20BENG24.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Network intrusion attempts have reached an alarming level. Cisco's 2014 Security Report indicated that 50,000 network intrusions were detected and 80 million suspicious web requests were blocked daily. Hence, Intrusion Prevention System (IPS) had been chosen as a defence mechanism in many organizations. However, the University of South Wales reported that seven big-brand IPS had failed to detect and block 34% - 49% of attacks in web-based applications. The accuracy of IPS can be improved if the network situation is also considered in preventing intrusion attempts. Knowledge about current and incoming network security situation is required before any precaution can be taken. Situation assessment and prediction are two main phases of Network Security Situation Awareness. The existing assessment models do not consider cost factor as an assessment criterion. Moreover, there has been a lack of standard guidelines to determine the importance of network assets. On prediction, training self-learning detectors are difficult due to incomplete and insufficient data. Furthermore, First-order One-variable grey model (GM(l, 1 )) has not been suitable to predict non-stationary random sequence. In addition, mean generation sequence depresses the model precision with delay error. |
|---|