A Hierarchical Evaluation Approach for Network Security Based on Threat Spread Model

Chen Feng; Liu Dehui; Zhang Yi; Su Jishu

Journal of Computer Research and Development > 2011 > 48(6): 945-954.

Chen Feng, Liu Dehui, Zhang Yi, Su Jishu. A Hierarchical Evaluation Approach for Network Security Based on Threat Spread Model[J]. Journal of Computer Research and Development, 2011, 48(6): 945-954.

Citation:

PDF (1592 KB)

A Hierarchical Evaluation Approach for Network Security Based on Threat Spread Model

1(Network Information Center, Second Military Medical University, Shanghai 200433) 2(College of Computer, National University of Defense Technology, Changsha 410073)

More Information

Published Date: June 14, 2011

Graphical Abstract

Abstract

Abstract

Network system is generally faced with invasion of the external and internal threat agents. Moreover, threat agents have the capability of spreading threats via the interrelation among vulnerabilities and components in the network, bringing about potential threats. Designing a reasonable model to identify, analyze and quantitatively measure the consequences resulting from potential threats is one of the main challenges that the research of network security evaluation faces. For this issue, a hierarchical evaluation approach based on the threat spread model for the network security is proposed. Firstly the threat spread model is put forward to identify the threat agents, analyze the spread paths of threats, and predict potential threats. The threat spread model includes target network model, threat agent model, threat spread graphs and threat spread algorithm. On this basis, the security measure model is presented to compute the danger indexes of services, hosts and network system respectively. The security measure model is composed of spread graphs, metrics, metric computing functions and index computing functions. Based on the novel approach, the prototype system is implemented and applied by an enterprise local network system. The result demonstrates the correctness of the threat spread model and the advantage of the approach compared with traditional methods.
- network security,
- threat spread,
- security measure,
- danger index,
- hierarchical evaluation

FullText(HTML)

References (0)

[1]	Chen Yanmin, Wang Hao, Ma Jianhui, Du Dongfang, Zhao Hongke. A Hierarchical Attention Mechanism Framework for Internet Credit Evaluation[J]. Journal of Computer Research and Development, 2020, 57(8): 1755-1768. DOI: 10.7544/issn1000-1239.2020.20200217
[2]	Shen Jianliang, Li Sikun, Liu Lei, Wang Guanwu, Wang Xin, Liu Qinrang. Hierarchical Configuration Memory Design for Coarse-Grained Reconfigurable SoC[J]. Journal of Computer Research and Development, 2017, 54(5): 1121-1129. DOI: 10.7544/issn1000-1239.2017.20150889
[3]	Hou Xiaofeng, Song Pengtao, Tang Weichao, Li Chao, Liang Xiaoyao. Green Hierarchical Management for Distributed Datacenter Containers[J]. Journal of Computer Research and Development, 2016, 53(7): 1493-1502. DOI: 10.7544/issn1000-1239.2016.20160119
[4]	Zhao Bo, Huang Shujian, Dai Xinyu, Yuan Chunfeng, Huang Yihua. Parallel Algorithm for Hierarchical Phrase Machine Translation Based on Distributed Memory Storage[J]. Journal of Computer Research and Development, 2014, 51(12): 2724-2732. DOI: 10.7544/issn1000-1239.2014.20131335
[5]	Chen Shuming, Chen Shenggang, and Yin Yaming. Revisiting Amdahl’s Law in the Hierarchical Chip Multicore Processors[J]. Journal of Computer Research and Development, 2012, 49(1): 83-92.
[6]	Mu Chengpo, Huang Houkuan, Tian Shengfeng. Hierarchical Online Risk Assessment for Intrusion Scenarios[J]. Journal of Computer Research and Development, 2010, 47(10): 1724-1732.
[7]	Zhang Gang, Liu Yue, Guo Jiafeng, and Cheng Xueqi. A Hierarchical Search Result Clustering Method[J]. Journal of Computer Research and Development, 2008, 45(3): 542-547.
[8]	Zhang Hanwen, Zhang Yujun, Tian Ye, Xiao Wenshu, Li Zhongcheng. Hierarchical Access Authentication Method in Mobile IPv6 Networks[J]. Journal of Computer Research and Development, 2007, 44(1): 51-57.
[9]	Yu Manquan, Luo Weihua, Xu Hongbo, Bai Shuo. Research on Hierarchical Topic Detection in Topic Detection and Tracking[J]. Journal of Computer Research and Development, 2006, 43(3): 489-495.
[10]	Zhuo Jiliang, Li Xianxian, Li Jianxin, and Huai Jinpeng. A New Taxonomy of Attacks on Security Protocols and Their Security Evaluation[J]. Journal of Computer Research and Development, 2005, 42(7): 1100-1107.