Abstract:
To effectively evaluate the network risk of network information system, a Danger Theory based Network Risk Evaluation Model (DTREM) is proposed. With definitions of self, non-self, and immunocyte, the intrusion detection sub-model is given. DTERM is composed of memory detectors, mature detectors, and immature detectors. Furthermore, the danger theory based network risk evaluation sub-model is given. In the proposed model, the risk of each network attack, including holistic risk of the host and network, can be calculated in real time and quantificationally. Both the theory analysis and experimental results prove that DTERM provides an effective and novel approach for network risk evaluation.