Detriment evaluation method for application security incidents based on service correlation
LV Yanli1,3, LI Yuanlong1,2, XIANG Shuang1, XIA Chunhe1
1. Beijing Key Laboratory of Network Technology, Beihang University, Beijing 100191, China;
2. School of Software, Beihang University, Beijing 100191, China;
3. Information Center of Ministry of Science and Technology, Beijing 100862, China
Abstract:Detriment evaluation is the foundation of risk management and defense strategy adjustment. More and more security incidents which target services occur in the application layer and cause great harm to the system and data. This paper analyzes the correlations between services, including interface correlation, application correlation and statistics correlation to evaluate the detriment caused by the incidents mentioned above, with a quantitative evaluation method then proposed. In this method, indirect detriment caused by security incidents is calculated based on network layers to obtain the comprehensive detriments so that administrators have an overall view of the detriments and enhance the protection to the services having significant influence to the network and other services based on the severity and spread path of detriments. This method also helps administrators to prioritize treatment to incidents and prevent the security situation from getting worse. The method has been implemented and verified in experimental environment with its effectiveness and feasibility being approved.
[1] 冯登国, 张阳, 张玉清. 信息安全风险评估综述 [J]. 通信学报, 2004, 25(7): 10-18.FENG Dengguo, ZHANG Yang, ZHANG Yuqing. Survey of information security risk assessment [J]. Journal of China Institute of Communications, 2004, 25(7): 10-18. (in Chinese)
[2] 张利, 彭建芬, 杜宇鸽, 等. 信息安全风险评估的综合评估方法综述 [J]. 清华大学学报: 自然科学版, 2012, 52(10): 1364-1369.ZHANG Li, PENG Jianfen, DU Yuge, et al. Information security risk assessment survey [J]. J Tsinghua Univ: Sci & Technol, 2012, 52(10): 1364-1369. (in Chinese)
[3] Gartner. Gartner[EB/OL]. (2014-10-10). http://www.gartner.com/technology/home.jsp.
[4] DoD 5200.28-STD. Trusted Computer System Evaluation Criteria (TCSEC) [S]. 1985.
[5] Commission of the European Communities. Information Technology Security Evaluation Criteria (ITSEC) [S]. 1991.
[6] National Security Agency. Common Criteria for Information Technology Security Evaluation (CC) [S]. 2002.
[7] GB/T 20984. 信息安全技术信息安全风险评估规范 [S]. 2007.
[8] Bass T. Multisensor data fusion for next generation distributed intrusion detection systems [C]//IRIS National Symp on Sensor and Data Fusion. 1999: 24-27.
[9] Hariri S, Qu G Z, Dharmagadda T, et al. Impact analysis of faults and attacks in large-scale networks [J]. IEEE Security & Privacy, 2003, 1(5): 49-54.
[10] 何慧, 张宏莉, 王星, 等. 网络安全事件危害度的量化评估 [J]. 哈尔冰工业大学学报, 2012, 44(5): 66-70.HE Hui, ZHANG Hongli, WANG Xing, et al. Detriment quantitative assessment of the network security incidents [J]. Journal of Harbin Institute of Technology, 2012, 44(5): 66-70. (in Chinese)
[11] 吴华, 张宏莉, 何慧, 等. 大规模网络安全事件威胁量化分析 [J]. 微计算机信息, 2008, 24(3): 44-46.WU Hua, ZHANG Hongli, HE Hui, et al. Threaten quantitative and analyse of a large-scale network security events [J]. Microcomputer Information, 2008, 24(3): 44-46. (in Chinese)
[12] 陈秀真, 郑庆华, 管晓宏, 等. 层次化网络安全威胁态势量化评估方法 [J]. 软件学报, 2006, 17(4): 885-897.CHEN Xiuzhen, ZHENG Qinghua, GUAN Xiaohong, et al. Quantitative hierarchical threat evaluation model for network security [J]. Journal of Software, 2006, 17(4): 885-897. (in Chinese)
[13] 余世舟, 赵振东, 钟江荣. 基于GIS的地震次生灾害数值模拟[J]. 自然灾害学报, 2003,12(4): 100-105.YU Shizhou, ZHAO Zhendong, ZHONG Jiangrong. Numerical simulation of secondary disasters of earthquake based on GIS [J]. Journal of Natural Disasters, 2003, 12(4): 100-105. (in Chinese)
[14] Desai N, Mazzonleni P, Tai S. Service communities: A structuring mechanism for service-oriented business ecosystems [C]//Proc the 2007 IEEE International Conference on Digital Ecosystems and Technologies. Washington, D.C., USA: IEEE, 2007: 122-127.
[15] Kohlborn T, Korthaus A, Riedl C, et al. Service aggregators in business network [C]//Proc the 1st Workshop on Service-Oriented Business Networks and Ecosystems. Auckland, New Zealand: University of Auckland, 2009: 195-202.
[16] GUO Hua, TAO Fei, ZHANG Lin, et al. Correlation-aware web services composition and QoS computation model in virtual enterprise [J]. The International Journal of Advanced Manufacturing Technology, 2010, 51(5): 817-827.
[17] Linstone H A, Turoff M. Delphi Method: Techniques and Applications [M]. Boston: Addison-Wesley Publishing, 1975.
[18] Saaty T. Modeling unstructured decision problem: A theory of analytical hierarchies [C]//Proc the 1st International Conference on Mathematical Modeling. 1977: 69-77.
[19] Saaty T. The seven pillars of the analytic hierarchy process [C]//Proc the 5th International Symposium on the Analytic Hierarchy Process. 1999.
[20] Lonvick C. RFC 3164: The BSD syslog protocol [R]. Network Working Group, 2001.