Research on host-level security situational awareness

Situational assessment is significant for host-level security. Most existing approaches are generally limited to network security that is different from host-level security. In this paper, we introduce an approach to assess host security. Analyzing process and file behaviors, we propose a series of...

Full description

Saved in:
Bibliographic Details
Published in2010 3rd IEEE International Conference on Computer Science and Information Technology Vol. 1; pp. 575 - 579
Main Authors Zhou Ti, Wang Xiao-fei, Feng Li, Wang Jing
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.07.2010
Subjects
assesment
file
host
Monitoring
process
security
situational awareness
Variable speed drives
Online AccessGet full text
ISBN9781424455379
1424455375
DOI10.1109/ICCSIT.2010.5563826

Cover

More Information
Summary:Situational assessment is significant for host-level security. Most existing approaches are generally limited to network security that is different from host-level security. In this paper, we introduce an approach to assess host security. Analyzing process and file behaviors, we propose a series of security indices, based on which we compute the value of process situation (PS) and file situation (FS). To make the results more practical, we associate the process situation with its status in operating system, and then modify the file situation by associating it with the process situation. As an output, a situation curve is drew to display recent and past security situation. The experiment results show that the model can reflect host security situation effectively and dynamically.
ISBN:9781424455379
1424455375
DOI:10.1109/ICCSIT.2010.5563826