International Journal of Network Security & Its Applications (IJNSA)

International Journal of Network Security & Its Applications (IJNSA)

ISSN: 0974 - 9330 (Online); 0975 - 2307 (Print)

http://airccse.org/journal/ijnsa.html

A Framework for Security Components Anomalies Severity Evaluation and Classification

Kamel Karoui, Fakher Ben Ftima and Henda Ben Ghezala, University of Manouba, Tunisia

ABSTRACT

Security components such as firewalls, IDS and IPS, are the most widely adopted security devices for network protection. These components are often implemented with several errors (or anomalies) that are sometimes critical. To ensure the security of their networks, administrators should detect these anomalies and correct them. Before correcting the detected anomalies, the administrator should evaluate and classify these latter to determine the best strategy to correct them. In this work, we propose a framework to assess and classify the detected anomalies using a three evaluation criteria: a quantitative evaluation, a semantic evaluation and multi-anomalies evaluation. The proposed process, convenient in an audit process, will be detailed by a case study to demonstrate its usefulness.

KEYWORDS

Anomaly severity evaluation, anomaly severity classification, semantic evaluation, quantitative evaluation, multi-anomalies evaluation.

Original Source URL: http://airccse.org/journal/nsa/5413nsa05.pdf

Volume Link: http://airccse.org/journal/jnsa13_current.html