Abstract
Network intrusion attempts have reached an alarming level. Cisco's 2014 Security Report indicated that 50,000 network intrusions were detected and 80 million suspicious web requests were blocked daily. Hence, Intrusion Prevention System (IPS) had been chosen as a defence mechanism in many organizations. However, the University of South Wales reported that seven big-brand IPS had failed to detect and block 34-49% of attacks in web-based applications. The accuracy of IPS can be improved if the network situation is also considered in preventing intrusion attempts. Knowledge about current and incoming network security situation is required before any precaution can be taken. Situation assessment and prediction are two main phases of Network Security Situation Awareness. This paper presents a network security situation assessment and prediction mechanism that proposes an Entropy-based situation assessment scheme to assess current network security status with the aid of the Analytical Hierarchy Process and the introduction of an adaptive situation prediction mechanism based on Grey Verhulst and Kalman Filtering to predict the incoming security situation. The effectiveness of the mechanism is evaluated using National Advanced IPv6 Center (NAv6) 2015 dataset. The findings demonstrated that Entropy-based Network Security Situation Assessment (E-NESSAS) assessed more comprehensively network security situation by using Entropy concept. Meanwhile, Adaptive Grey Verhulst-Kalman Network Security Situation Prediction (AGVK-NESSIP) provided high predictive accuracy with accuracy of 82.77%. The results clearly revealed that the proposed mechanism could assess current security situation systematically by E-NESSAS and was able to predict the situation more accurately by AGVK-NESSIP regardless of the time intervals and behaviour of the data sequence.
Highlights
The Internet infiltrates our lives with offering convenient services and information sharing
Intrusion detection system was created to detect the attack packets from outsiders in a particular time period and victim machines which represent the servers in National Advanced IPv6 Center (NAv6) Centre such as web server, database server, mail server and Domain Name System (DNS) server were connected to the outsiders through intrusion detection system and they act as attack targets in this testbed
The research commenced with an investigation into the concept of network security situation awareness, exploring issues related to the network security situation assessment and prediction stages
Summary
The Internet infiltrates our lives with offering convenient services and information sharing. With the Asset Threat, AT in all detected alerts from previous component, Security Situation Assessment applied the concept of information entropy to measure the uncertainty degree of the network assets. After calculating the Information Entropy of all the assets, the value of Network Security Situation Assessment (NESSAS) for each time interval can be evaluated. Once the network security situation assessment has been computed, a sequence of situational values from E-NESSAS module is built in order based on the time interval. Adaptive Grey Verhulst-Kalman Network Security Situation Prediction module is a core methodology in the proposed mechanism. To increase the precision of prediction, the value of forecasted network security situation in this module is a combination of preliminary situation prediction and its residual prediction in a particular time interval. All the processes in the proposed mechanism will be repeated and the sequences are keep updating timely
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
