Event prioritisation using a fuzzy risk analysis approach

PDF

Authors
  1. Dondo, M.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN)
Abstract
Analysts handle multitudes of computer network security events on a daily basis. They must make an assessment on the potential impact these events have on their organization’s assets. As the number of events increases, it becomes increasingly difficult for the analyst to make an assessment as to which events to handle first. This can be resolved by calculating a potential risk metric associated with each event, and then prioritizing the events based on the calculated risk values. Most risk analysis approaches available are based on models which require historical data. In many cases, numerical data related to uncertainty factors about the risk calculations is not available, but the experiential expertise of analysts is. This experiential expertise can be modeled as linguistic variables and functions about an event, and be used to model the risk value associated with each event. In this paper, we present an approach to determine the potential risk value associated with each computer security event by modeling the experiential expertise of analysts though fuzzy linguistic declarations about an event. We then rank these events based on the relative calculated risk values for each. We test our approach on a prototype network using real vulnerability data.

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-TM-2009-287 — Technical Memorandum
Date of publication
01 Mar 2010
Number of Pages
68
DSTKIM No
CA034135
CANDIS No
533528
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: