Shuang Xiang,Yanli Lv,Chunhe Xia,Yuanlong Li,Zhihuan Wang

DOI: https://doi.org/10.1007/978-981-10-0356-1_65

2016-01-01

Abstract:In the network security situation assessment based on hidden Markov model, the establish of state transition matrix is the key to the accuracy of the impact assessment. The state transition matrix is often given based on experience. However, it often ignores the current status of the network. In this paper, based on the game process between the security incidents and protect measures, we improve the efficiency of the state transition matrix by considering the defense efficiency. Comparative experiments show the probability of the network state generated by improved algorithm is more reasonable in network security situation assessment.

Ying Liang,Huiqiang Wang,Yonggang Pang

DOI: https://doi.org/10.1109/WAIM.2008.83

2008-01-01

Abstract:Hidden Markov model (HMM) was introduced to model network security situational awareness (NSSA). The model was built from a novel perspective, both the distributions of anomaly behaviour and operational states of main network services were abstracted by Markov chain, modelling objects of HMM's dual stochastic process were constructed, classic Baum-Welch algorithm was used to estimate the parameters of the established mathematical model, and then the formal model for network security situational awareness based on HMM was constructed. Simulation experiments were done in local area network (LAN), and the obtained experimental results showed that the model could achieve quantitative descriptions for attacks and their impacts on security more precisely and effectively than the existing solutions, which helps to realize quantitative awareness for network security situation.

Y. Liang,H. Q. Wang,H. B. Cai,Y. J. He

DOI: https://doi.org/10.1109/ICIEA.2008.4582951

2008-01-01

Abstract:Hidden Markov Model (HMM) is used to model network security situational awareness (NSA). Distribution of abnormal behaviors in networked system and operational states of key network services are abstracted by Markov chains, modeling objects of the HMM's dual stochastic processes are set up, and classic Baum-Welch algorithm is used to estimate the parameters of the established stochastic mathematical model, then the stochastic modeling for network security situational awareness based upon HMM is realized. The simulation experimental results in LAN show that the model can effectively analyze and validate network security situation, and it is a novel attempt in achieving network security situational awareness, which prompts the development of theoretical researches in the field of NSA at a certain degree.

Jian-tai WU,Guang-jie LIU,Wei-wei LIU,Yue-wei DAI

DOI: https://doi.org/10.3969/j.issn.1006-2475.2018.06.007

2018-01-01

Abstract:Most of the current network security situation assessment methods based on HMM are focused on the study of HMM pa-rameters, ignoring the impact of observation values on evaluation accuracy. This paper is based on the aggregation of alarm infor-mation, takes attack mode as a basis for association, combines the vulnerability information of network assets, identifies the at-tack phase of the host and converts it to the threat level of the host, and finally, uses HMM to evaluate the security situation of the host and network. Experiment based on DARPA2000 data set shows, compared with the general HMM method, this method can reflect the multi-step characteristics of the attack, and it can more accurately reflect the change of network situation.

Jianyi Liu,Fangyu Weng,Ru Zhang,Yunbiao Guo

DOI: https://doi.org/10.1007/978-3-030-00012-7_15

2018-01-01

Abstract:To analyze the influence of threat propagation on network system and accurately evaluate system security, this paper proposes an approach to improve the awareness of network security, based on Attack-Defense Stochastic Game Model (ADSGM). The variety of network security elements collected by multi-sensors are fused into a standard dataset such as assets, threats and vulnerabilities. For every threat, it builds a threat propagation network and propagation rule. By using the game theory to analyze the network offensive and defensive process, it establishes the ADSGM. The ADSGM can dynamically evaluate network security situation and provide the best reinforcement schema. Experimental results on a specific network indicate that the approach is more precise and more suitable for a real network environment. The reinforcement schema can effectively prevent the propagation of threats and reduce security risks.

ZHANG Yan,GUO Shi-ze,HUANG Shu-guang,WANG Yong-yi

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.01.079

2012-01-01

Abstract:In order to analyze the influence of security incidents on a network system and accurately evaluate system security,this paper proposed a new network security situation awareness model based on multi-heterogeneous sensors.Firstly,by using improved DS fusion rules and combining with AHP algorithm,it fused security data submitted from different sources.Secondly,to deal with the potential missing report problem,it performed global fusion using predefined security policy so as to get the current security situation of the whole network.The evaluation of a simulated network indicates that this approach is suitable for real network environment,and the evaluation result is precise and efficient.

XiaoLin Cui,Xiaobin Tan,Yong Zhang,Hongsheng Xi

DOI: https://doi.org/10.1109/CSSE.2008.949

2008-01-01

Abstract:Risk assessment is a very important tool to acquire a present and future security status of the network information system. Many risk assessment approaches consider the present system security status, while the future security status, which also has an impact on assessing the system risk, is not taken into consideration. In this paper we propose a novel risk assessment model based on Markov game theory. In this model, all of the possible risk in the future will impact on the present risk assessment. The farther away from now, the smaller impact on the risk assessment it has. After acquiring the system security status, we proposed an automatic generated reinforcement scheme which will provide a great convenience to the system administrator. A software tool is developed to demonstrate the performance of the risk assessment of a network information system and a simulation example shows the effectiveness of the proposed model. © 2008 IEEE.

Jinwei Yang,Yu Yang,Lu Zheng,Ruixia Cheng,Shengnan Lin

DOI: https://doi.org/10.1088/1742-6596/2310/1/012071

2022-10-11

Journal of Physics: Conference Series

Abstract:Network security situation awareness (NSSA) can analyze current network status and predict trends. Intrusion detection systems are used as sources of security factor in situational awareness, and their accuracy affects the assessment of network security. The attack graph can filter out key nodes and enumerate possible attack paths, which has become the main method of risk assessment. Therefore, a network security situation assessment technology based on intrusion detection was proposed. The detection rate of the intrusion detection system was improved firstly, and then the attack graph was combined with the hidden Markov model (HMM) for network security assessment. The experimental results show that this method can effectively speculate the attack intention and reflect the results intuitively and roundly.

Wei Tang,Hui Yang,Jinxiu Pi,Chun Wang

DOI: https://doi.org/10.1016/j.jksuci.2023.101840

2023-01-01

Abstract:The security situation of the network is determined by the observation state and hidden state of a complex virus system. To analyze the relationship between the two states and evaluate the trends in the security situation of the system, we construct a new model for security situation awareness based on Hidden Markov Model (HMM). Firstly, the paper examines the impact of virus propagation on network security and proposes a new SIR (Susceptible–Infected–Recovered) virus propagation model on scale-free networks. Secondly, we construct a Hidden Markov Model for network security, and this model designs and utilizes the Forward Algorithm and Viterbi Algorithm to assess the security status of epidemic networks. Finally, we ascertain the effectiveness of the model and algorithms through model examples and simulation experiments. The results show that the proposed algorithm is highly efficient in analyzing the security of virus systems and has great application value in predicting the security trends of networks.

Liang Ying,Li Bingyang,Wang Huiqiang

2010-01-01

Abstract:Stochastic game theory is proposed to apply in the research on network security situational awareness (NSSA), which is a research focus in network security field at present. A novel dynamic awareness method of network security situation (NSS) based on analyses of network service states is proposed in this paper. Realizing situation awareness is a dynamic process, and the diverse states of network services are just direct mirrors of the whole network security situation. Network security situation reflects what is happening in the network, including both the offense and defense behaviors in it. Stochastic game model of network security system is constructed in this paper, and network security situation is quantified by the game mathematical formulation, costs or rewards of attackers and defenders are established, and finally non-linear programming is used to compute the Nash equilibrium points, at which point both of the two sides get a balance between their benefits. Network security situation can then be dynamically achieved by visualizing the diverse metrics information of network services at Nash equilibrium during the operating of network system.

Hongbin Gao,Shangxing Wang,Hongbin Zhang,Bin Liu,Dongmei Zhao,Zhen Liu

DOI: https://doi.org/10.1109/nana56854.2022.00102

2022-01-01

Abstract:This paper has a new network security evaluation method as an absorbing Markov chain-based assessment method. This method is different from other network security situation assessment methods based on graph theory. It effectively refinement issues such as poor objectivity of other methods, incomplete consideration of evaluation factors, and mismatching of evaluation results with the actual situation of the network. Firstly, this method collects the security elements in the network. Then, using graph theory combined with absorbing Markov chain, the threat values of vulnerable nodes are calculated and sorted. Finally, the maximum possible attack path is obtained by blending network asset information to determine the current network security status. The experimental results prove that the method fully considers the vulnerability and threat node ranking and the specific case of system network assets, which makes the evaluation result close to the actual network situation.

WEN Zhicheng,CHEN Zhigang

DOI: https://doi.org/10.11817/j.issn.1672-7207.2015.10.019

2015-01-01

Abstract:In order to help network administrators make correct decisions and take effective defense measures, a hidden Markov prediction model was put forward. The characteristics of network security situation changes were investigated, the time series analysis method was used to describe the dependent relationship between the former and the latter’s security situations in different time. When the security situation was deviated from its normal state, the change law was analyzed, and system change trend and development direction of security situation in the future were predicted by the prediction model. Finally, the network security situation prediction algorithm was verified using the simulation data. The simulation results verify the correctness of the method.

Yehong Yang

DOI: https://doi.org/10.2991/WARTIA-16.2016.25

2016-05-14

Abstract:With the popularity of computers, the Internet has entered the production and all aspects of social life, but the attendant problem of network security has become the focus of widespread concern. Network security situation awareness to effectively respond to network security issues provide a viable solution: for complex network environments and malicious attacks, a comprehensive analysis of attacks against various parts of the network system, from a macro point of view of network security situation be assess and predict the future of network security situation based on this information. For the predictive accuracy of prediction system for network security situation has improved significantly, and network security situation prediction method based on machine learning for the network security situation prediction have a high degree feasible, in the real network security situation awareness applications have certain research and practical value. Introduction of Network Security Situational Awareness Network security situation is the current status and trends of the entire information from a variety of factors operating conditions of various network devices, network behavior and user behavior constituted. Network security situational awareness can acquire, understand and display the network environment of security elements. Through a series of technical means in time and space, are fully aware of network security and access and associated elements as possible in a pluralistic, and the establishment of a network based on complex behaviors modeling and simulation situational analysis and pre-side system, and then integrate and analyze vast amounts of security associated with the network-related data. Network security situation awareness is a scientific and effective network security situation assessment and use of relevant technologies to make reasonable predictions about trends over time network security, network management personnel in advance to remind the network system for network equipment, network peer node hosts and data resources to make reasonable adjustments, upgrades and backup, network environment to address the risk of possible future harm to the network system, losses may result down to an acceptable range . Extract information network security situation is carried out on the basis of situational awareness that only a comprehensive collection of data and the use of sophisticated index system, to ensure the correctness of the results of the assessment. Therefore, in the design process model or system must pay attention to select a metric system. Network security situation is a source of diverse, different collection methods, different devices collect data formats, network security situation letter from mainly contains configuration, operating status, traffic, user behavior and other information.

Computer Science

Luqin Lv,Yueming Lu

DOI: https://doi.org/10.1145/3444370.3444599

2020-01-01

Abstract:Aiming at the problem that single protection technology is difficult to meet the needs of network security, the rationality and accuracy of situation assessment index are poor, the multi-source and multi-dimensional network security situation awareness model and multi-source data association analysis method are proposed. This model combines with data acquisition, data preprocessing, abnormal analysis, security threat assessment and situation visualization. By using Apriori algorithm to mine the relationship between multiple sources of data, the strong rules are filtered out. The experimental results show that the model can accurately perceive known intrusion, unknown threat and its own vulnerability.

Juan Wang,Zhi-Guang Qin,Li Ye,Jing Jin

DOI: https://doi.org/10.1109/icccas.2008.4657814

2008-01-01

Abstract:Network situation awareness (NSA) is a new idea of network security, it is different from normal network security technique for its visualization and high-level data management, transform the abstract data to knowledge that human can understand, help network manager to make decision. Present NSA model have some weakness donpsilat fit to network security. This paper promote a improve model of the NSA, add privacy-preserving module, richen the data source, visualization (integrate GIS technique) and projection technique of situation awareness to improve abilities of emergences respond, reduce losses of network attacks, reveal abnormally intrusions.

Yixian Liu,Dejun Mu

DOI: https://doi.org/10.1007/978-3-030-03766-6_3

IF: 1.7

2018-01-01

Intelligent Data Analysis

Abstract:Network Security Situation Awareness (NSSA) can provide holistic status to administrator, and most related works rely on real time packet inspection technique to detect the security attacks which are happening and may already have caused some damage. In this paper, we propose the Risk Assessment NSSA model which collects the vulnerabilities information and uses corresponding risk level to qualitatively represent the security situation. This model is easy to apply and conveniently helps the administrator to monitor the whole network and be alerted to possible threat in future.

LIU Xiao-wu,WANG Hui-qiang,YU Ji-guo,CAO Bao-xiang

DOI: https://doi.org/10.1166/asl.2012.1852

2012-01-01

Abstract:Firstly,a network security situation awareness model based on multi-source fusion was presented in which the multisource fusion,attack track reconstruction and situation evaluation were considered.Under the instruction of the model,the optimized weights of the D-S evidence fusion were searched using particle swarm optimization in order to reduce the uncertainty in the procedure of fusion.Then,a hierarchy attack track oriented situation awareness method was proposed in combination with the reasoning of the function relation between the threat gene and the threat level.This method was able to accomplish the threat evaluation of the attack step,the attack track and the network.The simulation experiments show that the presented model and methods are effective and accurate and have the aware ness of the dynamic evolvement of the network system,which provides the administrators new method to monitor and administrate their networks.

Xinmiao Zhang

DOI: https://doi.org/10.2478/amns.2023.1.00434

2023-06-21

Applied Mathematics and Nonlinear Sciences

Abstract:Abstract In the era of people’s access to information, the network has undergone tremendous development, the connection patterns of network attacks have become endless, and the number of attack network methods is increasing year by year. Based on the Markov model, the author studies the problem of network security authentication and aims to determine the truth of network security. In this way, network security managers can identify current network security issues, and we can gain a better understanding of the current network situation so that we can update our current security network promptly. The development process proposed by the author is simulated and the obtained results are all compared and evaluated. The experimental results show that the hidden Markov model algorithm is improved, the network security situation is better recognized, and the accuracy of the n network security problem is better known. At the same time, it is known to predict network security problems in the future according to the application model of predicting network security problems. Tests have shown that the development process is feasible and effective.

Xiao-wu LIU,Hui-qiang WANG,Ji-bao LAI,Hai-zhi YE

DOI: https://doi.org/10.16182/j.cnki.joss.2010.06.038

2010-01-01

Abstract:Network security situation awareness is a hot research spot in the area of network security and it is of significance for improving the security level of network. A network security situation awareness model was proposed based on multi-sensor data fusion and this model employed support vector machine as its fusion engine to fuse the data acquired from heterogeneous sensors in combination with the feature reduction method which improved the real-time nature of the fusion engine. A generation algorithm was introduced to obtain the network security situation according to the fusion output. And several evaluating indicators were put forward to evaluate the awareness ability of the situation generation method. The model and the approach are proved to be feasible and effective through a series of simulation experiments.

Zhi-Yong Liu,Hong Qiao

DOI: https://doi.org/10.1007/11734628_26

2006-01-01

Abstract:Network security is an important issue for Intelligence and Security Informatics (ISI) [1-3]. As a complementary measure for traditional network security tools such as firewalls, the intrusion detection system (IDS) is becoming increasingly important and widely-used [4]. Generally speaking, the IDS works by building a model based on the normal data patterns and treating the operations that deviated significantly from the model as malicious. In its early stage of development, the IDS takes certain statistics (e.g., mean and variance) of the audit data to discriminate between the normal usage and attacks. Such systems are easy to construct; however, they suffer from a poor generalization ability to detect unknown or new attacks. Recently other models such as the finite Markov mode [5] and support vector machines [6] have been introduced into IDS, providing finer-grained characterization of normal users' behavior. In this report we investigate the potential application of the Hidden Markov Model (HMM) for intrusion detection.