A Risk Index Model for Security Incident Prioritisation
作者: Steven Furnell , Nathan Clarke , Nor Badrul Anuar , Maria Papadakil
关键词:
摘要: With thousands of incidents identified by security appliances every day, the process distinguishing which are important and trivial is complicated. This paper proposes an incident prioritisation model, Risk Index Model (RIM), based on risk assessment Analytic Hierarchy Process (AHP). The model uses indicators, such as criticality, maintainability, replaceability, dependability decision factors to calculate incidents’ index. RIM was validated using MIT DARPA LLDOS 1.0 dataset, results were compared against combined priorities Common Vulnerability Scoring System (CVSS) v2 Snort Priority. experimental have shown that 100% could be rated with RIM, only 17.23% CVSS. In addition, this study also improves limitation group priority in Priority (e.g. high, medium low priority) quantitatively ranking, sorting listing according their proposed has investigated effect applying weighted indicators at calculation index, well calculating them dynamically. experiments significant changes resultant index some top rankings.
sci-hub.st 参考文章(46)
Nizar Kheir, Nora Cuppens-Boulahia, Frédéric Cuppens, Hervé Debar, A service dependency model for cost-sensitive intrusion response european symposium on research in computer security. pp. 626- 642 ,(2010) , 10.1007/978-3-642-15497-3_38
William A. Wulf, Chenxi Wang, TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT ,(1997)
Matthew Hoagberg, Travis Schack, Chuck Little, Bryan Cunningham, Ted Dykstra, Greg Miles, Russ Rogers, Ed Fuller, Network Security Evaluation: Using the NSA IEM Syngress Publishing. ,(2005)
C. P. Mu, X. J. Li, H. K. Huang, S. F. Tian, Online Risk Assessment of Intrusion Scenarios Using D-S Evidence Theory european symposium on research in computer security. pp. 35- 48 ,(2008) , 10.1007/978-3-540-88313-5_3
Chris Davis, Kevin Wheeler, Mike Schiller, IT Auditing : Using Controls to Protect Information Assets ,(2006)
Maxwell G. Dondo, A Vulnerability Prioritization System Using A Fuzzy Risk Analysis Approach information security conference. pp. 525- 540 ,(2008) , 10.1007/978-0-387-09699-5_34
André Årnes, Karin Sallhammar, Kjetil Haslum, Tønnes Brekne, Marie Elisabeth Gaup Moe, Svein Johan Knapskog, None, Real-Time Risk Assessment with Network Sensors and Intrusion Detection Systems Computational Intelligence and Security. pp. 388- 397 ,(2005) , 10.1007/11596981_57
Phillip A. Porras, Martin W. Fong, Alfonso Valdes, A mission-impact-based approach to INFOSEC alarm correlation recent advances in intrusion detection. pp. 95- 114 ,(2002) , 10.1007/3-540-36084-0_6
Wenke Lee, Wei Fan, Matthew Miller, Salvatore J. Stolfo, Erez Zadok, Toward cost-sensitive modeling for intrusion detection and response Journal of Computer Security. ,vol. 10, pp. 5- 22 ,(2002) , 10.3233/JCS-2002-101-202
Siv Hilde Houmb, Virginia N.L. Franqueira, Erlend A. Engum, Quantifying security risk level from CVSS estimates of frequency and impact Journal of Systems and Software. ,vol. 83, pp. 1622- 1634 ,(2010) , 10.1016/J.JSS.2009.08.023