Amin Sardeh Moghadam - Control and Intelligent Processing Center of Excellence ECE, University of Tehran, Tehran, Iran
Behzad Moshiri - Control and Intelligent Processing Center of Excellence ECE, University of Tehran, Tehran, Iran
Ali Payandeh - Department of Information and Communication Technology, Malek Ashtar University of Technology, Tehran, Iran

Threat assessment in the computer networks of organizations can reducedamage caused by attacks and unexpected events. Data fusion models such as theJDL model provide efficient and adequate sensors to gather the right information atthe right time from the right components. This information then is refined andnormalized to provide situational awareness and assess events that may be intendedas a threat. This study suggests a new method based on the JDL model where datacollected from different sources is normalized into an appropriate format. Afternormalization, Data is converted into the information. Threat assessment unitanalyzes this information based on various algorithms. We use three algorithms todetect anomaly, one to correlate alerts, and one to determine the successfulness ofan attack. The model is then evaluated based on a small simulated network threat toascertain the efficacy of the proposed method. The results show that the method isan appropriate model for situational awareness and threat assessment.

threat assessment, data fusion, situation awareness, computer networks