A tutorial on hidden Markov models and selected applications in speech recognition
Readings in speech recognition
Designing a Web of Highly-Configurable Intrusion Detection Sensors
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Designing and implementing a family of intrusion detection systems
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Risk-based Systems Security Engineering: Stopping Attacks with Intention
IEEE Security and Privacy
A mission-impact-based approach to INFOSEC alarm correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Real-time risk assessment with network sensors and intrusion detection systems
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
Distributed and control theoretic approach to intrusion detection
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
A model-based semi-quantitative approach for evaluating security of enterprise networks
Proceedings of the 2008 ACM symposium on Applied computing
Multisensor Real-Time Risk Assessment Using Continuous-Time Hidden Markov Models
Computational Intelligence and Security
Asset priority risk assessment using hidden markov models
Proceedings of the 10th ACM conference on SIG-information technology education
A framework for security quantification of networked machines
COMSNETS'10 Proceedings of the 2nd international conference on COMmunication systems and NETworks
Assessing security risk to a network using a statistical model of attacker community competence
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Hi-index | 0.00 |
Security-oriented risk assessment tools are used to determine the impact of certain events on the security status of a network. Most existing approaches are generally limited to manual risk evaluations that are not suitable for real-time use. In this paper, we introduce an approach to network risk assessment that is novel in a number of ways. First of all, the risk level of a network is determined as the composition of the risks of individual hosts, providing a more precise, fine-grained model. Second, we use Hidden Markov models to represent the likelihood of transitions between security states. Third, we tightly integrate our risk assessment tool with an existing framework for distributed, large-scale intrusion detection, and we apply the results of the risk assessment to prioritize the alerts produced by the intrusion detection sensors. We also evaluate our approach on both simulated and real-world data.