Network Situational Awareness and Quantitative Threat Assessment Based on Multi Sensor Information Fusion

Authors

1 Control and Intelligent Processing Center of Excellence ECE, University of Tehran, Tehran, Iran

2 Department of Information and Communication Technology, Malek Ashtar University of Technology, Tehran, Iran

Abstract

Threat assessment in the computer networks of organizations can reduce damage caused by attacks and unexpected events. Data fusion models such as the JDL model provide efficient and adequate sensors to gather the right information at the right time from the right components. This information then is refined and normalized to provide situational awareness and assess events that may be intended as a threat. This study suggests a new method based on the JDL model where data collected from different sources is normalized into an appropriate format. After normalization, Data is converted into the information. Threat assessment unit analyzes this information based on various algorithms. We use three algorithms to detect anomaly, one to correlate alerts, and one to determine the successfulness of an attack. The model is then evaluated based on a small simulated network threat to ascertain the efficacy of the proposed method. The results show that the method is an appropriate model for situational awareness and threat assessment.

Keywords