ETA: A method of Dynamic Network Device Security Assessment

Abstract

The normal operation of network devices is an important cornerstone of network security. The security evaluation of network device is very important to prevent network security problem. In order to dynamically evaluate the security level of network device and quantify the state, a method of dynamic network device security assessment is proposed. Firstly, this method makes full use of the alert log which includes state information of network device and combines with the idea of TF-IDF algorithm to analyze the frequency and the distribution of alert. Then, it puts forward a new algorithm ETA to calculate the value of event threat. Finally, these values are used for calculating the security index of network device. The experiment shows that the proposed method in this paper can find the network device in low-level security and provide effective decision support for network security administrator.