This method recognizes the current threats and predicts the subsequent threats by modeling attack scenarios and simulating attack state transferring.The threat identification model is called Attack State Transition Graph and Real-Time Attack State Graph, which is constructed by an Expanded Finite-State Automata.With this algorithm, various invalid threats are filtered; current valid threats are obtained by correlating the dynamic alarms with a static attack scenario.Network attack graphs are originally used to evaluate what the worst security state is when a concerned net-work is under attack. Once events are triggered by an attacker’s action or system response, the current states of the vulnerabilities are known.Then we calculate the transition probabilities of the vulnerability from the current state to security failure state.Keywords: firewall, defense in depth, network security.
*Prices in US$ apply to orders placed in the Americas only.Finally testing in a network shows that this method is reasonable and feasible, and can undertake tremendous analysis task to facilitate administrators’ work.© (2013) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Frincke, “Improving the Quality of Alerts and Predicting Intruder’s Next Goal with Hidden Colored Petri-Net,” Computer Networks, Vol. Defense in depth is vital as no single security product detects all of today’s attacks.