Incident prioritisation using analytic hierarchy process (AHP): Risk Index Model (RIM)

Authors

  • Nor Badrul Anuar,

    Corresponding author
    1. Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur, Malaysia
    • Centre for Security, Communications and Network Research, University of Plymouth, Plymouth, Devon, U.K.
    Search for more papers by this author
  • Maria Papadaki,

    1. Centre for Security, Communications and Network Research, University of Plymouth, Plymouth, Devon, U.K.
    Search for more papers by this author
  • Steven Furnell,

    1. Centre for Security, Communications and Network Research, University of Plymouth, Plymouth, Devon, U.K.
    Search for more papers by this author
  • Nathan Clarke

    1. Centre for Security, Communications and Network Research, University of Plymouth, Plymouth, Devon, U.K.
    Search for more papers by this author

Correspondence: Nor Badrul Anuar, University of Malaya, Kuala Lumpur, Malaysia.

E-mail: badrul@um.edu.my

ABSTRACT

The landscape of security threats continues to evolve, with attacks becoming more serious and the number of vulnerabilities rising. For these threats to be managed, many security studies have been undertaken in recent years, mainly focusing on improving detection, prevention and response efficiency. This paper proposes an incident prioritisation model, the Risk Index Model (RIM), which is based on risk assessment and the analytic hierarchy process. For incidents to be prioritised, the model uses indicators, such as criticality, as decision factors to calculate incidents' risk index. The model also adopts different strategies to enhance the prioritisation process. To evaluate the model, two stages of evaluation study were conducted. The first stage aims to validate the model by comparing its results with the Common Vulnerability Scoring System and Snort. The second stage aims to enhance RIM by analysing the effect of using different strategies in the model. The experimental results in the first stage have shown that 100% of incidents could be rated with RIM, compared with only 17.23% with the Common Vulnerability Scoring System. The experiments in the second stage have shown significant changes in the resultant risk index as well as some of the top-priority incidents. Copyright © 2012 John Wiley & Sons, Ltd.

Ancillary