Asset risk scoring in enterprise network with mutually reinforced reputation propagation

Xin Hu, Ting Wang, Marc Ph Stoecklin, Douglas L. Schales, Jiyong Jang, Reiner Sailer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

Cyber security attacks are becoming ever more frequent and sophisticated. Enterprises often deploy several security protection mechanisms, such as anti-virus software, intrusion detection prevention systems, and firewalls, to protect their critical assets against emerging threats. Unfortunately, these protection systems are typically 'noisy', e.g., regularly generating thousands of alerts every day. Plagued by false positives and irrelevant events, it is often neither practical nor cost-effective to analyze and respond to every single alert. The main challenge faced by enterprises is to extract important information from the plethora of alerts and to infer potential risks to their critical assets. A better understanding of risks will facilitate effective resource allocation and prioritization of further investigation. In this paper, we present MUSE, a system that analyzes a large number of alerts and derives risk scores by correlating diverse entities in an enterprise network. Instead of considering a risk as an isolated and static property, MUSE models the dynamics of a risk based on the mutual reinforcement principle. We evaluate MUSE with real-world network traces and alerts from a large enterprise network, and demonstrate its efficacy in risk assessment and flexibility in incorporating a wide variety of data sets.

Original languageEnglish (US)
Title of host publicationProceedings - 2014 IEEE Security and Privacy Workshops, SPW 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages61-64
Number of pages4
ISBN (Electronic)9781479951031
DOIs
StatePublished - Nov 13 2014
Event2014 IEEE Computer Society's Security and Privacy Workshops, SPW 2014 - San Jose, United States
Duration: May 17 2014May 18 2014

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
Volume2014-January
ISSN (Print)1081-6011

Conference

Conference2014 IEEE Computer Society's Security and Privacy Workshops, SPW 2014
Country/TerritoryUnited States
CitySan Jose
Period5/17/145/18/14

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Asset risk scoring in enterprise network with mutually reinforced reputation propagation'. Together they form a unique fingerprint.

Cite this