جستجوی مقالات مرتبط با کلیدواژه « threat assessment » در نشریات گروه « فناوری اطلاعات »

Threat assessment in the computer networks of organizations can reduce damage caused by attacks and unexpected events. Data fusion models such as the JDL model provide efficient and adequate sensors to gather the right information at the right time from the right components. This information then is refined and normalized to provide situational awareness and assess events that may be intended as a threat. This study suggests a new method based on the JDL model where data collected from different sources is normalized into an appropriate format. After normalization, Data is converted into the information. Threat assessment unit analyzes this information based on various algorithms. We use three algorithms to detect anomaly, one to correlate alerts, and one to determine the successfulness of an attack. The model is then evaluated based on a small simulated network threat to ascertain the efficacy of the proposed method. The results show that the method is an appropriate model for situational awareness and threat assessment.

Service Availability is important for any organization. This has become more important with the increase of DoS attacks. It is therefore essential to assess the threat on service availability. We have proposed a new model for threat assessment on service availability with a data fusion approach. We have selected three more important criteria for evaluating the threat on service availability and used anomaly detection algorithms to evaluate the network behavior. Anomaly of each parameter over time was measured based on its past behavior. The results of each algorithm were aggregated using the order weighted average (OWA) and finally using fuzzy inference system (FIS), threat has been calculated. We have evaluated our proposed model with data from a web server monitoring. The results show that it can provide network administrator with useful information about the status of service availability and help them to reduce threats and losses due to their actual activation.