Abstract
As an active topic in the research field, network security situation assessment can reflect the security situation from a global perspective. However, existing assessment approaches rely on detection threshold to make decisions, leading to massive false positives and false negatives. This paper proposes a confidence-based network security situation assessment approach that preserves the probability information in attack detection. We use the ensemble learning algorithm and D-S evidence theory to obtain the attack confidence, and calculate the network security situation value through the situation elements fusion. Experiment results demonstrate that this approach is effective and accurate.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bass, T.: Multisensor data fusion for next generation distributed intrusion detection systems (1999)
Bass, T.: Intrusion detection systems and multisensor data fusion. Commun. ACM 43(4), 99–105 (2000)
Yong, W., Yifeng, L., Dengguo, F.: A network security situational awareness model based on information fusion. J. Comput. Res. Dev. 3 (2009)
Yong, Z., Xiaobin, T., Hongsheng, X.: A novel approach to network security situation awareness based on multi-perspective analysis. In: 2007 International Conference on Computational Intelligence and Security, pp. 768–772. IEEE (2007)
Liu, Y.L., Feng, G.D., Lian, Y.F.: Network situation prediction method based on spatial-time dimension analysis. J. Comput. Res. 51(8), 1681–1694 (2014)
Kokkonen, T., Hautamki, J., Siltanen, J., et al.: Model for sharing the information of cyber security situation awareness between organizations. In: 2016 23rd International Conference on Telecommunications (ICT), pp. 1–5. IEEE (2016)
Kabiri, P., Ghorbani, A.A.: Research on intrusion detection and response: a survey. IJ Netw. Secur. 1(2), 84–102 (2005)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proceedings of the 2002 International Joint Conference on Neural Networks, IJCNN 2002, vol. 2, pp. 1702–1707. IEEE (2002)
Vapnik, V.: The Nature of Statistical Learning Theory. Springer, New York (2013)
Platt J C. Probabilities for SV Machines. In: Advances in Large Margin Classifiers, pp. 61–74 (2008)
Breiman, L.: Stacked regressions. Mach. Learn. 24(1), 49–64 (1996)
Syarif, I., Zaluska, E., Prugel-Bennett, A., Wills, G.: Application of bagging, boosting and stacking to intrusion detection. In: Perner, P. (ed.) MLDM 2012. LNCS, vol. 7376, pp. 593–602. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31537-4_46
Ting, K.M., Witten, I.H.: Issues in stacked generalization. J. Artif. Intell. Res. (JAIR) 10, 271–289 (1999)
Krogh, A., Vedelsby, J.: Neural network ensembles, cross validation, and active learning. In: Advances in Neural Information Processing Systems, vol. 7, pp. 231–238 (1995)
Qu, Z.Y., Li, Y.Y., Li, P.: A network security situation evaluation method based on D-S evidence theory. In: 2010 International Conference on Environmental Science and Information Application Technology (ESIAT), pp. 496–499 (2010)
Common Vulnerability Scoring System v3.0: Specification Document. https://www.first.org/cvss/specification-document
1999 DARPA Intrusion Detection Evaluation Data Set. http://www.ll.mit.edu/ideval/data/1999data.html
Lee, W., Stolfo, S.J., Mok, K.W.: A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 120–132. IEEE (1999)
Liu, X.Y., Wu, J., Zhou, Z.H.: Exploratory undersampling for class-imbalance learning. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 39(2), 539–550 (2009)
Truth used in the detection scoring phase of the 1999 DARPA Intrusion Detection Evaluation. http://www.ll.mit.edu/ideval/files/master-listfile-condensed.txt
Acknowledgments
This work is supported by The National Natural Science Foundation of China (No. 61572460, No. 61272481), National Key R&D Program of China (No. 2016YFB0800703), The Open Project Program of the State Key Laboratory of Information Security (No. 2017-ZD-01), The National Information Security Special Projects of National Development, the Reform Commission of China [No. (2012)1424], China 111 Project (No. B16037). Open Project Program of the State Key Laboratory of Information Security (2016-MS-02).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Liu, D. et al. (2017). A Novel Approach to Network Security Situation Assessment Based on Attack Confidence. In: Yan, Z., Molva, R., Mazurczyk, W., Kantola, R. (eds) Network and System Security. NSS 2017. Lecture Notes in Computer Science(), vol 10394. Springer, Cham. https://doi.org/10.1007/978-3-319-64701-2_33
Download citation
DOI: https://doi.org/10.1007/978-3-319-64701-2_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64700-5
Online ISBN: 978-3-319-64701-2
eBook Packages: Computer ScienceComputer Science (R0)