Research Article Open Access

An Adaptive Assessment and Prediction Mechanism in Network Security Situation Awareness

Yu-Beng Leau1, Ali Abdulrazzaq Khudher2, Selvakumar Manickam3 and Samer Al-Salem3
  • 1 Universiti Malaysia Sabah, Malaysia
  • 2 Cihan University-Sulaimaniya, Iraq
  • 3 Universiti Sains Malaysia, Malaysia
Journal of Computer Science
Volume 13 No. 5, 2017, 114-129

DOI: https://doi.org/10.3844/jcssp.2017.114.129

Submitted On: 21 December 2016 Published On: 22 May 2017

How to Cite: Leau, Y., Khudher, A. A., Manickam, S. & Al-Salem, S. (2017). An Adaptive Assessment and Prediction Mechanism in Network Security Situation Awareness. Journal of Computer Science, 13(5), 114-129. https://doi.org/10.3844/jcssp.2017.114.129

Abstract

Network intrusion attempts have reached an alarming level. Cisco's 2014 Security Report indicated that 50,000 network intrusions were detected and 80 million suspicious web requests were blocked daily. Hence, Intrusion Prevention System (IPS) had been chosen as a defence mechanism in many organizations. However, the University of South Wales reported that seven big-brand IPS had failed to detect and block 34-49% of attacks in web-based applications. The accuracy of IPS can be improved if the network situation is also considered in preventing intrusion attempts. Knowledge about current and incoming network security situation is required before any precaution can be taken. Situation assessment and prediction are two main phases of Network Security Situation Awareness. This paper presents a network security situation assessment and prediction mechanism that proposes an Entropy-based situation assessment scheme to assess current network security status with the aid of the Analytical Hierarchy Process and the introduction of an adaptive situation prediction mechanism based on Grey Verhulst and Kalman Filtering to predict the incoming security situation. The effectiveness of the mechanism is evaluated using National Advanced IPv6 Center (NAv6) 2015 dataset. The findings demonstrated that Entropy-based Network Security Situation Assessment (E-NESSAS) assessed more comprehensively network security situation by using Entropy concept. Meanwhile, Adaptive Grey Verhulst-Kalman Network Security Situation Prediction (AGVK-NESSIP) provided high predictive accuracy with accuracy of 82.77%. The results clearly revealed that the proposed mechanism could assess current security situation systematically by E-NESSAS and was able to predict the situation more accurately by AGVK-NESSIP regardless of the time intervals and behaviour of the data sequence.

  • 1,018 Views
  • 1,202 Downloads
  • 0 Citations

Download

Keywords

  • Situation Assessment
  • Situation Prediction
  • Grey Verhulst
  • Kalman Filtering
  • Analytical Hierarchy Process