| With the rapid development of computer technology and cloud computing technology, the Internet has changed people’s lives. However, in recent years, the number of serious security issues bringing a confidence crisis of the network. User’s information is stored in a data center, whose safety relies on a variety of security technologies. With the development of cloud computing, the scale and complexity of the data center has risen to a new level. Limited administrators are hard to monitor the entire information system. If security events occur, how can we predict the hazards it brings. How can quickly to locate the source of the problem and to take effective measures to control the risks. Or how can we get the real-time risk status of the system. Real-time security risk assessment is a good way to solve these problems.Our laboratory cooperates with China UnionPay XX Datacenter to promote this project. We propose a real-time risk assessment schema (RRAS) which acquiring real customers’actual needs, combining risk assessment theory and taking advantage of logs can prove everything. RRAS contains host-based IDS, vulnerability scanning tool, and four risk factors which are alert number, alert category, alert level and alert severity. Alert severity can judge the influence causing by every alarm to improve the accuracy of risk assessment result. The four factors can regard as the "evidences" to prove the asset’s risk situation. And this paper present DSFM algorithm by combining evidence theory and fuzzy mathematics to integrate these evidences to get the asset’s risk index. Plus the asset value, we can get the risk value of this asset. And then we can get the whole data center’s risk value after knowing all the assets’risk value.Finally, we build the experiment environment and simulate three types of attacks to verify RRAS. Experimental results show that RRAS can assess the entire system’s risk situation for real-time with high accuracy. |
PDF Full Text Request