Research Cell: An International Journal of Engineering Sciences

Pardeep Bhandari ¹, Manpreet Singh ²

Affiliations
1 Doaba College, Jalandhar, IN
2 Punjabi University, Patiala, IN

Abstract

As the computer network has evolved to provide the user many services, the attacks on these networks to disrupt the services and to gain access to resources has also evolved. New entities in form of services, hardware, network protocols etc. are being added to the network, which is leading to new ways to attack the network. The complexity of the system is increasing so fast that it is becoming increasingly difficult for network administrator to comprehend the situation and react in an appropriate manner. Situation becomes more complex as there is not uniform terminology. Though serious efforts in form of Common Vulnerability Enumeration (CVE), Common Weakness Enumeration (CWE), Common Attack Pattern Enumeration and Classification(CAPEC) etc. has been made, still a long way is to go. In this paper we model a computer network by modelling its components i.e. hardware, software, services using ontology. Also vulnerabilities and attacks on these computers are modelled. We populate our ontology with various instances of vulnerabilities, CVSS scores, attacks and possible services in the network. Knowledge representation methods are used in order to provide Description Logic reasoning and inference over network security status concept. Secondly we propose an ontology based system which predicts probable attacks using inference and information provided by the environment. Results show that proposed method is scalable for large systems and also flexible to incorporate new evolutions in the field of study.

Full Text

   

Pardeep Bhandari ¹

Affiliations
1 Doaba College, Jalandhar, IN

Abstract

The research on Network Security Situational Awareness has become hot area because of increase in reliance on computer networks. The variety of services being provided on the networks has increased many folds. Major problem in this field is to perceive the security situation of the network because of large volume of data produced per unit time, even in a moderate size network. Though the computing capacities of modern machines have increased but to perceive the security situation, very heavy real time data is to processed, which has become a challenge even for modern computing facilities. In this paper data preprocessing technique based feature selection has been proposed. Features reduction is performed using chisquare attribute evaluation and ranker search method. To ascertain the classification performance using reduced feature set Bayesnet and Naivebayes classifiers are used. Current study uses KDD Cup 1999 Train+ data sets as experimental data and comes to conclusion that better situation perception may be achieved by using a small subset of the attributes of dataset. The members of the selected dataset may then be used as situational factors for further analysis of security situation.

Keywords

Bayesnet Classification Algorithm, Feature Selection, Situational Awareness, Situation Prediction.

Full Text

   

Pardeep Bhandari ¹, Manpreet Singh ²

Affiliations
1 Doaba College, Jalandhar, Punjab, IN
2 Punjabi University, Patiala, Punjab, IN

Abstract

Traditionally network security deals with maintaining the confidentiality of information, authenticating the user and making the resources available reliably to the intended user, but now apart from these concerns which are at the stake in public networks other important factors are availability and survivability of services which are available on the computer networks. The current generation network security means like intrusion detection system, firewalls, virus detection system etc. present only one of the dimensions of a multidimensional problem of overall network security status. These tools provide detailed information about one aspect of the network security. The task of correlating the events happening in the network and being reported by these tools is left to network administrator. The number of services being made available through these networks is increasing exponentially and so is the number of users of these networks. This paper explores a new concept Network Security Situational Awareness (NSSA). Network Security Situational Awareness is a discipline which focuses on perception, evaluation, projection and resolution of the security risk to computer networks. In this paper the term situational Awareness is explained in context of computer network security. So the ischolar_main of the term NSSA is explored. Various techniques employed to achieve NSSA have been explored in this survey paper. The conceptual model for NSSA and its functional requirements are also discussed.

Keywords

Situational Awareness, NSSA, Multi Sensor Data.

Full Text