Detriment evaluation method for application security incidents based on service correlation

Detriment evaluation is the foundation of risk management and defense strategy adjustment. More and more security incidents which target services occur in the application layer and cause great harm to the system and data. This paper analyzes the correlations between services, including interface correlation, application correlation and statistics correlation to evaluate the detriment caused by the incidents mentioned above, with a quantitative evaluation method then proposed. In this method, indirect detriment caused by security incidents is calculated based on network layers to obtain the comprehensive detriments so that administrators have an overall view of the detriments and enhance the protection to the services having significant influence to the network and other services based on the severity and spread path of detriments. This method also helps administrators to prioritize treatment to incidents and prevent the security situation from getting worse. The method has been implemented and verified in experimental environment with its effectiveness and feasibility being approved.