Network Security Situation Assessment: A review and discussion

Abstract

The number of network intrusion attempts have reached an alarming level. Questions have been raised about the efficiency of deploying intrusion detection and prevention system which are more concern on single device instead of overall network security situation. Researchers have shown an increased interest in designing network security situation awareness which consists of event detection, situation assessment and situation prediction. Generally, Network Security Situation Assessment is a process to evaluate the entire network security situation in particular time frame and use the result to predict the incoming situation. In this paper, we review existing network security situation assessment methods from three major categories in the aspect of its strengths and limitations. A list of consideration criteria has been summarized for future situation assessment model design.