Journal of Computer Science

An Adaptive Assessment and Prediction Mechanism in Network Security Situation Awareness

Yu-Beng Leau, Ali Abdulrazzaq Khudher, Selvakumar Manickam and Samer Al-Salem

DOI : 10.3844/jcssp.2017.114.129

Journal of Computer Science

Volume 13, Issue 5

Pages 114-129

Abstract

Network intrusion attempts have reached an alarming level. Cisco's 2014 Security Report indicated that 50,000 network intrusions were detected and 80 million suspicious web requests were blocked daily. Hence, Intrusion Prevention System (IPS) had been chosen as a defence mechanism in many organizations. However, the University of South Wales reported that seven big-brand IPS had failed to detect and block 34-49% of attacks in web-based applications. The accuracy of IPS can be improved if the network situation is also considered in preventing intrusion attempts. Knowledge about current and incoming network security situation is required before any precaution can be taken. Situation assessment and prediction are two main phases of Network Security Situation Awareness. This paper presents a network security situation assessment and prediction mechanism that proposes an Entropy-based situation assessment scheme to assess current network security status with the aid of the Analytical Hierarchy Process and the introduction of an adaptive situation prediction mechanism based on Grey Verhulst and Kalman Filtering to predict the incoming security situation. The effectiveness of the mechanism is evaluated using National Advanced IPv6 Center (NAv6) 2015 dataset. The findings demonstrated that Entropy-based Network Security Situation Assessment (E-NESSAS) assessed more comprehensively network security situation by using Entropy concept. Meanwhile, Adaptive Grey Verhulst-Kalman Network Security Situation Prediction (AGVK-NESSIP) provided high predictive accuracy with accuracy of 82.77%. The results clearly revealed that the proposed mechanism could assess current security situation systematically by E-NESSAS and was able to predict the situation more accurately by AGVK-NESSIP regardless of the time intervals and behaviour of the data sequence.

Copyright

© 2017 Yu-Beng Leau, Ali Abdulrazzaq Khudher, Selvakumar Manickam and Samer Al-Salem. This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.