Research And Realization Of Risk Assessment Methodology Of Network Security Based On Real-time Security Alert

The network security risk assessment is the basis of the network security management. The rationality and accuracy of risk assessment approach are having direct impact on the results of the requirements analysis and the accuracy of security policy. Because of the extremely strong timeliness and increasingly enhanced interaction of the modern network, thus fast and overall monitoring of the network security risk is especially important. It's also the hot topic in the Information security field .Based on alert correlation ,the evaluation method of network security risk can avoid the limitations of the risk evaluation results which can not keep up with the dynamic changes and quantify the evaluation metrics of network security risk real-time. The main ideas behind the method are: first, using security alert for risk evaluation; second, assigning evaluation parameters of related resource in analyzing security alerts, based on the evaluation of assets, threats and vulnerabilities; third, dividing the network system into system service, host and network, based on the hierarchical evaluation model of network security risk. The risk value of each alert can reflect the risk suffered by the host system service and accumulating it can quantify the threats imposed on the system service and thereby calculate the service security risk index. Likewise, host security risk index can be calculated by the index of the host service security risk and network security risk index can be calculated by the risk index of host in the network.Based on the method discussed above, the RASA system is implemented. It can collect data from log and alert information produced by firewall, IDS and anti-virus device etc. And format it which is used to aggregate alerts using the alert similarity method. Then RASA will confirm alerts using the cross-correlation method. Following this step, RASA will do the rule correlation of the alerts and extract assigning information of the evaluation parameters. And lastly, RASA will quantify the evaluation index and generate risk evaluation reports of all levels. Experimental results show that the method is effective in calculating the quantitative risk of the current network system, helping administrators to manage network security.