Network Situational Awareness and Quantitative Threat Assessment Based on Multi Sensor Information Fusion

Threat assessment in the computer networks of organizations can reducedamage caused by attacks and unexpected events. Data fusion models such as theJDL model provide efficient and adequate sensors to gather the right information atthe right time from the right components. This information then is refined andnormalized to provide situational awareness and assess events that may be intendedas a threat. This study suggests a new method based on the JDL model where datacollected from different sources is normalized into an appropriate format. Afternormalization, Data is converted into the information. Threat assessment unitanalyzes this information based on various algorithms. We use three algorithms todetect anomaly, one to correlate alerts, and one to determine the successfulness ofan attack. The model is then evaluated based on a small simulated network threat toascertain the efficacy of the proposed method. The results show that the method isan appropriate model for situational awareness and threat assessment.