DOI: 10.3724/SP.J.1087.2013.03506

Journal of Computer Applications (计算机应用) 2013/33:12 PP.3506-3510

Network security situational awareness method of multi-period assessment

After analyzing and comparing the existing security situation assessment methods, a network security situation assessment method was proposed based on time dimension, which focused on the necessity of using different methods for short-term and long-term assessment respectively. Based on the alarm information which came from security device such as firewall and Intrusion Detection Systems (IDS), the whole short-term situation was got according to the score of destination host. Combining the result of short-term assessment and static index, the weight of long-term assessment system was determined by entropy method. The proposed assessment method divides network security situation into short-term and long-term, and makes up for the lack of setting situation assessment boundaries in terms.

Key words:network security situation,host assessment,dynamic correction,audit log,entropy

ReleaseDate:2014-07-21 16:59:06