In recent years, network technology has developed rapidly. However, the Internet has been subject to a variety of attacks. Several notable attack events have been reported, such as those involving the use of flooding flows on widely used message boards, installation of malware in an automated teller machine to steal more than 80 million, and use of WannaCry to encrypt users’ files and request for ransoms. The majority of the attacks cannot be defended using single methods. Network-based intrusion detection systems (NIDSs) and host-based IDSs (HIDSs) can determine whether a system has been attacked. A NIDS alone cannot detect web-based attacks or system vulnerabilities. Thus, this paper proposes a risk assessment system (RAS) that integrates a NIDS and HIDS to detect suspicious behaviors and assess the risk value of Internet protocols (IPs). The RAS focuses on the analysis of attack or suspicious behaviors using the NIDS and HIDS. Furthermore, the system quantizes the influence of attackers in suspicious events by using PageRank. Finally, the RAS derives the risk value of every IP to warn users of an attack and protect hosts or devices from the attacks.
All Science Journal Classification (ASJC) codes
- Computer Networks and Communications