Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

Guangyang Zeng,Junfeng Wu,Xiufang Shi,Zhiguo Shi

DOI: https://doi.org/10.1109/ALLERTON.2018.8635875

2018-01-01

Abstract:Information fusion brings great advantages in multi-sensor detection systems and has attracted much attention. Regarding decision level fusion, in many existing literatures, the fusion center (FC) gives a global decision via a likelihood ratio (LR) test where the LR function is compared with a constant threshold. Most of these can be viewed as one-stage decision fusion schemes because the FC does not utilize the historical information in a continuous period of time. In this paper, we propose a novel multi-stage decision fusion scheme with feedback from the view of the Neyman-Pearson (N-P) criterion. In the proposed scheme, at each stage, the FC selects one threshold from two alternative values based on the feedback of the previous stage’s global decision to perform the LR test. Then we prove the convergence of the global detection probability and the false alarm probability when the true state of the target remains unchanged. For the decision fusion of two homogeneous sensors, we derive the optimal alternative thresholds under the N-P criterion. Simulation results show that the proposed scheme can effectively improve the performance of target detection.

Daojuan Zhang,Kexiang Qian,Wenhui Wang,Fuyang fang,Chonghua Wang,Xi Luo

DOI: https://doi.org/10.1145/3444370.3444607

2020-12-04

Abstract:With the development of information technology, the scale of the network continues to expand, and the security issues continue to increase. The complexity of the network security situation is increasing and the importance of the network security situational awareness continues to increase. The data sources are wide, the type and the number are large in a large-scale network environment currently. This paper comprehensively studies the network security situational awareness technology based on multi-source heterogeneous data. In addition, this paper introduces the origin, concept and the model of the network situational awareness, as well as the characteristics of network security situational awareness based on multi-source heterogeneous data fusion. Finally, the key technologies in the security situational awareness such as the extraction of situational elements, multi-source data fusion, situation assessment, situation prediction and visual display are introduced.

WANG Chun-lei,FANG Lan,WANG Dong-xia,DAI Yi-qi

DOI: https://doi.org/10.1109/iccet.2010.5486194

2012-01-01

Computer Science

Abstract:Network security situation awareness provides the unique high level security view based upon the security alert events. But the complexities and diversities of security alert data on modern networks make such analysis extremely difficult. In this paper, we analyze the existing problems of network security situation awareness system and propose a framework for network security situation awareness based on knowledge discovery. The framework consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the D-S evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The generation of network security situation is to extract the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery method and transform these patterns to the correlation rules of network security situation, and finally to automatically generate the network security situation graph. Application of the integrated Network Security Situation Awareness system (Net-SSA) shows that the proposed framework supports for the accurate modeling and effective generation of network security situation.

耿立中,贾惠波

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2011.04.010

2011-01-01

Abstract:The bottleneck formation of intrusion detection leaning in the network-attached storage（NAS） application was analyzed to increase the NAS security framework efficiency and show that the learning cost of intrusion detection methods shows exponential growth with increasing knowledge and the bottleneck seriously restricts the detection performance,which can be solved using information fusion technologies.A NAS security framework was then designed and implemented by fusing two different intrusion detection methods,the storage based intrusion detection method and the system call based intrusion detection method.The experimental results demonstrate that the framework can more effectively retard intrusion with the overall detection capability increasing by 15%.

Weijian Li,Qianqian Jin,Bo Zhang,Qiang Liu,Yuanyi Xia

DOI: https://doi.org/10.1109/iaeac.2018.8577470

2018-01-01

Abstract:With the rapid development of Internet, the occurrence of information security events is having been more and more frequent, and the impact of the events is becoming more and more serious. The linkage policy decision facing the alert of security events is widely concerned, and it's also a difficult problem. In this paper, a multi factor linkage policy decision model is proposed. First, base on the given network configuration, system setting, and vulnerability information, the network attack graph is generated by MulVAL multi-stage and multi-step security analyzer. Then, the combination of attack graph and alert information to generate candidate linkage policy is further integrated. The attack chain after the enforcement of the assumed linkage policy is given, and the security risk of the system is calculated based on the popularity, ease and influence of the vulnerability. Finally, a reasonable security linkage policy is given in combination with the enforcement of the linkage policy and the impact on the security risk of the system. The experimental test results show that the method can analyze the influence of security policy from the overall system, and provide a feasible and effective security linkage policy for security administrators, which makes the administrator get rid of the problem of the decision of the linkage response policy of security events.

Magnus Jändel,Pontus Svenson,Ronnie Johansson

DOI: https://doi.org/10.48550/arXiv.1706.05913

2017-05-18

Abstract:Information fusion deals with the integration and merging of data and information from multiple (heterogeneous) sources. In many cases, the information that needs to be fused has security classification. The result of the fusion process is then by necessity restricted with the strictest information security classification of the inputs. This has severe drawbacks and limits the possible dissemination of the fusion results. It leads to decreased situational awareness: the organization knows information that would enable a better situation picture, but since parts of the information is restricted, it is not possible to distribute the most correct situational information. In this paper, we take steps towards defining fusion and data mining processes that can be used even when all the underlying data that was used cannot be disseminated. The method we propose here could be used to produce a classifier where all the sensitive information has been removed and where it can be shown that an antagonist cannot even in principle obtain knowledge about the classified information by using the classifier or situation picture.

Cryptography and Security,Databases

Li-zhong Geng,Hui-bo Jia

DOI: https://doi.org/10.1109/CIS.2009.262

2009-01-01

Abstract:There are many researches which focus on the security of network-attached storages. The cryptology tools can protect the storages against non-authorized access, but turned out ineffective when malicious authenticated users attack inside. Also the intrusion detection methods are applied in the network-attached storages, such as, storage-based intrusion detection method and the intrusion detection method based on system calls. However, these methods couldn't obtain higher Detection Rates with lower False Positive Rates. This paper proposes a novel intrusion detection scheme to merge the two methods with multi-source information fusion technology. The fusion optimization strategy is provided to guarantee that the fusion scheme can make a more accuracy decision for the suspicious behaviors with more information gathered from different levels of the system. Also the intrusion detection modules in the new scheme can be "self-learning" and update the profiles by themselves. Experimental results demonstrate that the over capability of new fusion intrusion detection scheme increased by 15%. © 2009 IEEE.

Bichen Hua,Kanjian Zhang,Haikun Wei,Jinxia Zhang,Liping Xie

DOI: https://doi.org/10.1145/3415048.3416120

2020-01-01

Abstract:Photovoltaic power generation is an important part of the current new energy sources. With the development of photovoltaic power generation technology, the corresponding security operation technology has become a new research topic. In this paper, a multi-level fire detection platform based on multi-source heterogeneous information fusion is proposed. The platform includes two levels of detection, level 1 is smoke detection through video monitoring data. Level 2 is the fire detection of data collected by meteorological monitoring. Through the two-level detection, the fire hazard situation and fire hazard location can be accurately located.

Zeyi Liu,Yong Deng,Yi Zhang,Zhongjun Ding,Xiao He

DOI: https://doi.org/10.1109/tim.2021.3101317

IF: 5.6

2021-01-01

IEEE Transactions on Instrumentation and Measurement

Abstract:Considering the inherent unknown risks in the operation of complex dynamic system, it is very important to assess its safety accurately. Within the framework of human-in-the-loop, we propose a novel evidential group interaction-based (EGIB) safety assessment approach based on the evidence group interaction. With the analysis of safety assessment levels (SALs), the basic belief assignment (BBA) distribution of multiple safety indicators can be obtained. Fuzzy ranking technology is used to collect the individual’s cognition of these indicators. Using Shapley function in the framework of fuzzy measure and considering the cooperation effect, the peer importance is modeled. The collective group opinions of these indicators are obtained after the convergence process. The fusion procedure with weighted evidence combination is used to identify the safety state. To illustrate the effectiveness and practicability of the proposed method, we carry out simulation using real data obtained from electrical and observation communication system of deep-sea manned submersible, and comparsion is conducted between our approach and the baseline methods. Results show that the proposed approach can be applied to solve the safety assessment problems of complex dynamic systems in practice.

engineering, electrical & electronic,instruments & instrumentation

Hongwu Zhang,Kai Kang,Wei Bai

DOI: https://doi.org/10.3233/jcm-226542

2022-11-12

Journal of Computational Methods in Sciences and Engineering

Abstract:In order to improve the accuracy of hierarchical network security situational awareness data fusion and shorten the fusion time, this paper proposes a hierarchical network security situational awareness data fusion method in cloud computing environment. The hierarchical model is established to obtain the hierarchical structure of data fusion. Hierarchical network security situational awareness data are collected and processed in parallel by cloud computing technology. According to the data collection results, the similarity between security events is calculated by using the clustering idea, and the similar security events are merged to achieve the purpose of removing redundant events. The hierarchical network security situational awareness data is fused by grey relational analysis. Finally, the simulation results show that the accuracy of data fusion of this method is high, up to 98%, and the fusion time is short, the longest is 13 s. Compared with the comparison method, this method has a better performance, indicating that this method is suitable for data fusion of hierarchical network security situation awareness.

Huanhuan Gao,Qun Zhang,Mingjiang Wang,Ting Liu

DOI: https://doi.org/10.1117/12.3029381

2024-05-06

Abstract:Traditional engineering safety evaluation methods based on single sensor data fusion often have low reliability and lack the ability to comprehensively consider multiple factors, resulting in incomplete evaluation results. This study innovatively proposes a multi-source fusion model generation method, which combines advanced artificial intelligence algorithms and considers both structured monitoring information and unstructured detection information. Firstly, based on the structural characteristics of the building, a multi-source fusion system is constructed based on the target layer, location layer, and fusion layer. Before data fusion, the preprocessed multi-source data needs to be stored in the same type of database for physical fusion, and then input into the fusion model. Then, feature extractors based on bidirectional long short term memory network (BiLSTM) and coupled BiLSTM with adaptive weighted average method (AWAM) were constructed to achieve text vectorization and feature extraction of multi-source data. Then, by introducing the Bhattacharyya distance to improve the D-S evidence theory, multi-source heterogeneous data fusion is achieved, and the fusion result is the overall safety status of the building. Finally, the accuracy of this algorithm was verified through engineering examples, providing a new algorithm for engineering safety evaluation.

Computer Science,Environmental Science,Engineering

Xiu-Zhen Chen,Qing-Hua Zheng,Xiao-Hong Guan,Chen-Guang Lin,Jie Sun

DOI: https://doi.org/10.1016/j.cose.2004.08.009

IF: 5.105

2005-01-01

Computers & Security

Abstract:How to evaluate network security threat quantitatively is one of key issues in the field of network security, which is vital for administrators to make decision on the security of computer networks. A novel model of security threat evaluation with a series of quantitative indices is proposed on the analysis of prevalent network intrusions. This model is based on multiple behavior information fusion and two indices of privilege validity and service availability that are proposed to evaluate the impact of prevalent network intrusions on system security, so as to provide security evolution over time, i.e., monitor security changes with respect to modification of security factors. The Markov model and the algorithm of D-S evidence reasoning are proposed to measure these two indices, respectively. Compared with other methods, this method mitigates the impact of unsuccessful intrusions on threat evaluation. It evaluates the impact of important intrusions on system security comprehensively and helps administrators to insight into intrusion steps, determine security state and identify dangerous intrusion traces. Testing in a real network environment shows that this method is reasonable and feasible in alleviating the tremendous task of data analysis and facilitating the understanding of the security evolution of the system for its administrators.

GUO Shan-qing,YANG Xue-lin,ZENG Ying-pei,XIE Li,GAO Cong

2005-01-01

Abstract:security devices(e.g.firewalls,IDS's,anti-virus tools etc) that have been widely adopted in enterprise environments may generate huge amounts of independent,raw attack alerts,which are characterized by high false positive ratio and false negative ratio.As a result,it is difficult for users to understand these alerts and respond correspondingly.Therefore,handling the huge number of alerts produced by security devices is becoming a critical and challenging task in network security research.A general approach for solving this problem is to do some correlation analysis with these alerts and build attack scenario.A general survey of the contemporary alerts correlation algorithms was given in this paper by a straight forward classification paradigm,and some problems for future research were addressed.

Ling Hui Niu,Zhu Ge Hu

DOI: https://doi.org/10.4028/www.scientific.net/amr.846-847.883

2013-11-01

Advanced Materials Research

Abstract:In order to solve the problem, which is "the traditional fire alarm system is only used to detect a particular physical or chemical signal of the fire, moreover, false alarm and failure alarm can occur easily. We apply multi-sensor composite detection technology and wireless communication technology in the fire detection and alarm system,and design an intelligence distributed wireless fire detection alarm system, which is mainly based on STM32 control chip.

Guangjie Zhang,Xiaobo Tan

DOI: https://doi.org/10.1117/12.2675117

2023-05-25

Abstract:In the research of network security situational awareness, an important problem that needs to be solved urgently is that in the face of a large number of noisy multi-source data, the accuracy of obtaining network security situational awareness indicators will be affected. This paper proposes a data fusion processing method based on deep neural network to solve the above problems, which first uses natural language processing technology to process high-noise data in the data, and does a good job of word reduction of the data through the WordNetLemmatizer module. The TF-IDF feature extraction algorithm is applied to extract features through the frequency of data occurrence and the weight of the data. The experimental results show that the accuracy of obtaining network security situational awareness indicators by using the data fusion method based on deep neural network reaches more than 85% compared with the data fusion methods of other machine learning algorithms, and can be applied to the network security situational awareness model.

Computer Science,Engineering

Y. T. Chan,Chou Chia-Jung,R. Thiyagu

Abstract:The concept of Situation Awareness (SA) is initially from the aviation security territory. SA deal with complexity, dynamics, high-risk, and situation that requires intervention. The introduction of SA in Network Security Situation Awareness (NSSA) is to response to ‘Alert Conflict’, but still the problem remains on solved. Therefore, we proposed Heterogeneous Network Sensors Management Service (HNSMS), a method of analysing the Alert Conflict in a Heterogeneous Network Sensor Environment (HNSE) using different Alert Fusion technique to understand the security status of the whole network system. Thus, we use Fuzzy Cognitive Maps (FCM) and policy to fuse multiple inputs.

Engineering,Computer Science

Lianmeng Jiao

DOI: https://doi.org/10.3390/e26110945

IF: 2.738

2024-11-06

Entropy

Abstract:Information fusion is the combination of information from multiple sources, which aims to draw more comprehensive, specific, and accurate inferences about the world than are achievable from the individual sources in isolation [...]

physics, multidisciplinary

Ajay Modi,Zhibo Sun,Anupam Panwar,Tejas Khairnar,Ziming Zhao,Adam Doupe,Gail-Joon Ahn,Paul Black

DOI: https://doi.org/10.1109/cic.2016.060

2016-01-01

Abstract:The volume and frequency of new cyber attacks have exploded in recent years. Such events have very complicated workflows and involve multiple criminal actors and organizations. However, current practices for threat analysis and intelligence discovery are still performed piecemeal in an ad-hoc manner. For example, a modern malware analysis system can dissect a piece of malicious code by itself. But, it cannot automatically identify the criminals who developed it or relate other cyber attack events with it. Consequently, it is imperative to automatically assemble the jigsaw puzzles of cybercrime events by performing threat intelligence fusion on data collected from heterogeneous sources, such as malware, underground social networks, cryptocurrency transaction records, etc. In this paper, we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts of threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. To this end, ATIS consists of 5 planes, namely analysis, collection, controller, data and application planes. We discuss the design choices we made in the function of each plane and the interfaces between two adjacent planes. In addition, we develop two applications on top of ATIS to demonstrate its effectiveness.