Incident prioritisation using analytic hierarchy process (AHP): Risk Index Model (RIM)
作者: Nor Badrul Anuar , Maria Papadaki , Steven Furnell , Nathan Clarke
DOI: 10.1002/SEC.673
关键词: Two stages 、 Analytic hierarchy process 、 Process (engineering) 、 CVSS 、 Influence factor 、 Operations research 、 Computer science 、 Security studies 、 Risk index 、 Risk assessment
摘要: The landscape of security threats continues to evolve, with attacks becoming more serious and the number vulnerabilities rising. For these be managed, many studies have been undertaken in recent years, mainly focusing on improving detection, prevention response efficiency. This paper proposes an incident prioritisation model, Risk Index Model (RIM), which is based risk assessment analytic hierarchy process. incidents prioritised, model uses indicators, such as criticality, decision factors calculate incidents' index. also adopts different strategies enhance To evaluate two stages evaluation study were conducted. first stage aims validate by comparing its results Common Vulnerability Scoring System Snort. second RIM analysing effect using model. experimental shown that 100% could rated RIM, compared only 17.23% System. experiments significant changes resultant index well some top-priority incidents. Copyright © 2012 John Wiley & Sons, Ltd.
researchgate.net 
sci-hub.se 参考文章(72)
Nizar Kheir, Nora Cuppens-Boulahia, Frédéric Cuppens, Hervé Debar, A service dependency model for cost-sensitive intrusion response european symposium on research in computer security. pp. 626- 642 ,(2010) , 10.1007/978-3-642-15497-3_38
William A. Wulf, Chenxi Wang, TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT ,(1997)
Matthew Hoagberg, Travis Schack, Chuck Little, Bryan Cunningham, Ted Dykstra, Greg Miles, Russ Rogers, Ed Fuller, Network Security Evaluation: Using the NSA IEM Syngress Publishing. ,(2005)
C. P. Mu, X. J. Li, H. K. Huang, S. F. Tian, Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory european symposium on research in computer security. pp. 35- 48 ,(2008) , 10.1007/978-3-540-88313-5_3
Chris Davis, Kevin Wheeler, Mike Schiller, IT Auditing : Using Controls to Protect Information Assets ,(2006)
Maxwell G. Dondo, A Vulnerability Prioritization System Using A Fuzzy Risk Analysis Approach information security conference. pp. 525- 540 ,(2008) , 10.1007/978-0-387-09699-5_34
André Årnes, Karin Sallhammar, Kjetil Haslum, Tønnes Brekne, Marie Elisabeth Gaup Moe, Svein Johan Knapskog, None, Real-Time Risk Assessment with Network Sensors and Intrusion Detection Systems Computational Intelligence and Security. pp. 388- 397 ,(2005) , 10.1007/11596981_57
Phillip A. Porras, Martin W. Fong, Alfonso Valdes, A mission-impact-based approach to INFOSEC alarm correlation recent advances in intrusion detection. pp. 95- 114 ,(2002) , 10.1007/3-540-36084-0_6
Gina C. Tjhai, Maria Papadaki, Steven M. Furnell, Nathan L. Clarke, The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset Trust, Privacy and Security in Digital Business. pp. 139- 150 ,(2008) , 10.1007/978-3-540-85735-8_14
Wenke Lee, Wei Fan, Matthew Miller, Salvatore J. Stolfo, Erez Zadok, Toward cost-sensitive modeling for intrusion detection and response Journal of Computer Security. ,vol. 10, pp. 5- 22 ,(2002) , 10.3233/JCS-2002-101-202