缪嘉嘉,张瞩熹,贾焰,吴泉源

DOI: https://doi.org/10.3969/j.issn.1007-130x.2009.12.007

2009-01-01

Abstract:Computer networks have become a ubiquitous and integral part of the nation's critical infrastructure. In this paper,we propose a novel solution called GS-TMS (Global Stream-based Threat Monitoring System) which reuses the log data generated by the existing widely-spread security systems. Based on the data stream and data integration technologies,GS-TMS provides a desirable capability in quickly building a large-scale distributed network monitoring system. Furthermore,GS-TMS has additional notable advantages over the current monitoring systems in scalability and flexibility.

Li Dong,Xue Yibo

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.12.093

2008-01-01

Abstract:Network applications such as network behaviour and traffic analysis,etc.,have raised higher demands for handling the network stream along with the deepened research and application in information security fields.Stream analysis was re-characterized in terms of data stream management system,and the Data Stream Management System for Information Security(IS-DSMS) which could fit the gigabyte network was designed and implemented.The technologies of sample,synopsis and sliding windows were adopted to optimize five common aggregated queries in the system.The test experiments have proved that it has practical performance in gigabyte network condition and can be used as the real-time engine to query and make statistic of the network data flow.Meanwhile,it may provide a high and effective support to network invasion and network monitoring.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

Yu Sun,Xiaorong Liu,Xiaoli Shen

DOI: https://doi.org/10.1155/2022/3170164

IF: 1.968

2022-11-19

Security and Communication Networks

Abstract:With the rapid advancement of society and the level of programming and the rapid development of computer technology, networking and information are playing an increasingly important role in the social life of the masses. Creating and developing a network information security monitoring system have become one of the most important ways to keep a computer running smoothly. Traditional information security systems cannot adapt to the ever-changing network environment. If only relying on it to maintain network security, it will be far from effective monitoring and defense. Based on the theory of network information security, this study analyzes the characteristics of network information and the information security monitoring technology at the current stage. Based on the background of big data era, a new type of computer network information security monitoring system is proposed. This system is compared with the traditional network information security monitoring system, and the performance and stability of the system are investigated, respectively. The experimental data show that the network information security monitoring system designed in this study can achieve more than 99% detection rate of external attacks in a network environment with a background traffic of 10M. Its false alarm rate is lower than 4%, and the false alarm rate is lower than 7%. The qualitative mean reaches 93.02%, indicating its good monitoring accuracy and stability. By popularizing it in the current network environment, it can effectively identify and defend information attacks and maintain the development of network information security.

computer science, information systems,telecommunications

秦元坤,彭乐,薛一波

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.13.020

2008-01-01

Abstract:Many of the current information security applications are typical data-flow applications,which require high performance of data flow queries.On data flow management systems in the field of information security is researched,a statistical analysis method is provided which is efficient and flexible for data flow queries and are very important for improving the efficiency of these application sys-tems.The design and implementation of Tsinghua stream system is described,which could perform real time queries and analysis on high speed network data flow,and provide strong supports to a variety of applications.Furthermore,in particular,this system optimizes the five common aggregating queries,which meets the requirements of applications in Gigabit network.

沈建宇,李建华,张月国

DOI: https://doi.org/10.3969/j.issn.1009-8054.2010.02.041

2010-01-01

Abstract:Complex and various network attacks have occurred frequently, thus the people begin to realize the importance of real-time supervision on the network security. The event-stream technology is applied to process the security events, and the framework model of security supervision system is designed. This system has the function of immediately collecting and parsing alert events from different network security devices when some attacks occur suddenly, meanwhile, in this model system, the EQL interface language-based rule engine is used to manage the event-stream, this could effectively support the real-time query and analysis on large-scale network events.

Xiaoyu Jiang,Zhiqiang Ge

DOI: https://doi.org/10.1109/tai.2022.3145335

2022-01-01

IEEE Transactions on Artificial Intelligence

Abstract:With the rapid development of information technology, intelligent upgrading of the manufacturing industry has broken the closed environment of traditional industrial control systems (ICS); thus, the information security of ICS has been seriously threatened. As part of ICS, the process monitoring system (PMS) is heavily subject to external risks. Data-driven PMSs have been widely used as initial lines of defense to ensure ICS safety. Once the PMS is under attack, the consequences on the whole ICS will be unimaginable. Unfortunately, the safety issues of the PMS have received inadequate attention. This article reveals PMS’s vulnerabilities through effective attacks. A novel method called subspace transfer network (STN) is proposed to conduct adversarial and poisoning attacks on the PMS simultaneously. Then the attack task flow is defined and explained to make online adversarial attacks and data poisoning on PMS. Meanwhile, aiming at two poisoning goals, targeted and untargeted attacks of STN are designed, respectively. Finally, the PMS’s fragility is verified in two industrial benchmarks.

Martin Andreoni Lopez,Diogo M. F. Mattos,Otto Carlos M. B. Duarte,Guy Pujolle

DOI: https://doi.org/10.1002/cpe.5344

2019-05-21

Concurrency and Computation: Practice and Experience

Abstract:<p>The late detection of security threats causes a significant increase in the risk of irreparable damages and restricts any defense attempt. In this paper, we propose a s<b>CA</b>lable <b>TR</b>Affic <b>C</b>lassifier and <b>A</b>nalyzer (CATRACA). CATRACA works as an efficient online Intrusion Detection and Prevention System implemented as a Virtualized Network Function. CATRACA is based on Apache Spark, a Big Data Streaming processing system, and it is deployed over the Open Platform for Network Functions Virtualization (OPNFV), providing an accurate real‐time threat‐detection service. The system presents a friendly graphical interface that provides real‐time visualization of the traffic and the attacks that occur in the network. Our prototype can differentiate normal traffic from denial of service (DoS) attacks and vulnerability probes over 95% accuracy under three different datasets. Moreover, CATRACA handles streaming data under concept drift detection with more than 85% of accuracy.</p>

GAN Liang,LI Run-heng,JIA Yan,LIU Jian

DOI: https://doi.org/10.3969/j.issn.1007-130X.2013.03.012

2013-01-01

Abstract:In the applications of large-scale network security monitoring,data stream of security events is analysised real-timely to acquire the characteristic of current security in the network and to assess dynamically the current security situation with Stream OLAP by building Stream Cube.Because of the limited memory capacity, Stream Cube only concerned about the current data within the time window,but expired data is stored approximately or simply discarded,so it do not support the query with time beyond the scope of current time window.We propose a real-time StreamCube-based multi-dimensional and multi-level analysis framework on security event stream, Hybrid Storage-StreamCube,which is implemented by a two-tier (memory and disk) storage model.On the basis of characteristics of data stream,we focus on the modeling,building,storing and querying of HS-StreamCube within the two-tier storage model.Efficient experiments verify the availability and efficiency of the system.

Baojun Zhou,Jie Li,Xiaoyan Wang,Yu Gu,Li Xu,Yongqiang Hu,Lihua Zhu

DOI: https://doi.org/10.26599/bdma.2018.9020005

2018-01-01

Big Data Mining and Analytics

Abstract:Owing to the explosive growth of Internet traffic, network operators must be able to monitor the entire network situation and efficiently manage their network resources. Traditional network analysis methods that usually work on a single machine are no longer suitable for huge traffic data owing to their poor processing ability. Big data frameworks, such as Hadoop and Spark, can handle such analysis jobs even for a large amount of network traffic. However, Hadoop and Spark are inherently designed for offline data analysis. To cope with streaming data, various stream-processing-based frameworks have been proposed, such as Storm, Flink, and Spark Streaming. In this study, we propose an online Internet traffic monitoring system based on Spark Streaming. The system comprises three parts, namely, the collector, messaging system, and stream processor. We considered the TCP performance monitoring as a special use case of showing how network monitoring can be performed with our proposed system. We conducted typical experiments with a cluster in standalone mode, which showed that our system performs well for large Internet traffic measurement and monitoring.

Xingyu Li,Tingting Jiang

DOI: https://doi.org/10.1109/iweca.2014.6845571

2014-05-01

Abstract:With the development of computer and information technology, computer and network have been popular. At the same time, security problem has greatly aroused people&#x27;s attention, especially in campus environment. Campus network as an important part of the campus life, people also arouse enough attention to the problems of personal computer safety management. Running a set of effective campus network monitoring software is real needed for the campus network management and maintenance personal safety. In order to ensure the safety, reliability and steady running of the campus network, according to the present situation and development of the campus network, people plan and design to use network monitoring system on the campus network security management. The system can effectively control and manage the reliable operation of the campus network.

Xingshu CHEN,Xuemei ZENG,Wenxian WANG,Guolin SHAO

DOI: https://doi.org/10.15961/j.jsuese.201600352

2017-01-01

Abstract:With the development of IT and communication technology,the network environment is becoming more and more complicated,and the perimeters of host and network become dynamic and fuzzy due to the application of cloud computing and visualization technology.At the same time,network attacks become more frequent and advanced network threats with evasive and persistent behavior and profit-chasing are also increasing.However,due to the limit of data source and process ability and device deployment relied on physical environment,traditional network security and intelligence techniques are inefficient on the acquisition capability,analytical abilities and utilize capacity of threat intelligence,and the perception and prediction ability of the network security situation is limited,so it cannot solve the current and future network security challenges efficiently.The chances and challenges caused by big data for network security and intelligence analysis are took as this paper clue.first of all,the connotation of big data is reviewed,and the current dilemmas in network security and intelligence analysis are analyzed,and then the relationship between big data with network security and intelligence analysis is explored,and the changes of traditional security analysis brought by big data technologies are parsed.Big data security analysis,a new security method is formed after the big data technologies was applied in cyber security field.The value of big data security analysis embodies in solving practical problems in network security and intelligence analysis through the methods and technologies of big data analysis under sticking to the purpose of security analysis and the character of security data itself.On the one hand,big data processing technology,such as bulk data processing technology,streaming data processing technology,interactive data query technology,can solve the issues of data processing in the high-performance network traffic real-time restore and analysis,massive historical log data analysis and rapid retrieval,massive text data real-time processing.On the other hand,big data technologies are applied in security visual analysis,security event association and network user behavior analysis,a series research branch of big data security analysis are formed,such as big data interactive visual analysis,multi-source event correlation analysis,user entity behavior analysis,network behavior analysis and so on.Big data security analysis technologies have applied in APT attack detection,network anomaly detection,network security situation perception,network threat intelligence analysis,ere.Even though some achievements have been made in big data based network security and intelligence analysis,the current network security situation is still not optimistic.The effective detection method of advanced network threats and attacks is lacking.The detection and prediction result to unknown complex network attacks is undesirable.The measurement system for evaluation methods of network security situation awareness is needed,and large-scale network security situation awareness indicator system for key assets and entire network is incomplete yet,and the evaluation methods are no pertinence.It is difficult to acquire data from new type data sources of threat information and the standards of threat intelligence sharing are needed to be researched further.Large-scale and integrate threat intelligence center and open service platform aren't yet build.Around the above problems,it needs to be studied that the methods of advanced network threat discovery,complex network attack prediction,large-scale network security situational awareness and threat information collection and sharing technology and needs some key technical breakthroughs such as early detection of advanced network threats,concealment of continuous network communication behavior detection,big data analytics based network feature extraction technology,intelligent-based advanced network threat forecast,non-public network intelligence collection,so as to improve the big data supporting capability for network information security and enhance network information security risk perception and disposal capacity.

Zhi-Tang Li,Jie Lei,Li Wang,Dong Li,Yang-Ming Ma

DOI: https://doi.org/10.1007/978-3-540-71549-8_14

2007-01-01

Abstract:Among the challenges in the field of network security management, one significant problem is the increasing difficulty in identifying the security incidents which pose true threat to the protected network system from tremendous volume of raw security alerts. This paper presents our work on integrated management of network security data for true threat identification within the SATA (Security Alert and Threat Analysis) project. An algorithm for real-time threat analysis of security alerts is presented. Early experiments performed in a branch network of CERNET (China Education and Research Network) including an attack testing submnetwork have shown that the system can effectively identify true threats from various security alerts.

Sheng Zhang,Ronghua Shi,Jue Zhao

DOI: https://doi.org/10.3837/tiis.2016.06.019

2016-01-01

KSII Transactions on Internet and Information Systems

Abstract:Owing to their low scalability, weak support on big data, insufficient data collaborative analysis and inadequate situational awareness, the traditional methods fail to meet the needs of the security data analysis. This paper proposes visualization methods to fuse the multi-source security data and grasp the network situation. Firstly, data sources are classified at their collection positions, with the objects of security data taken from three different layers. Secondly, the Heatmap is adopted to show host status; the Treemap is used to visualize Netflow logs; and the radial Node-link diagram is employed to express IPS logs. Finally, the Labeled Treemap is invented to make a fusion at data-level and the Time-series features are extracted to fuse data at feature-level. The comparative analyses with the prize-winning works prove this method enjoying substantial advantages for network analysts to facilitate data feature fusion, better understand network security situation with a unified, convenient and accurate mode.

Anne Tall,Jun Wang,Dezhi Han

DOI: https://doi.org/10.1145/3006299.3006336

2016-12-06

Abstract:Data intensive computing research and technology developments offer the potential of providing significant improvements in several security log management challenges. Approaches to address the complexity, timeliness, expense, diversity, and noise issues have been identified. These improvements are motivated by the increasingly important role of analytics. Machine learning and expert systems that incorporate attack patterns are providing greater detection insights. Finding actionable indicators requires the analysis to combine security event log data with other network data such and access control lists, making the big-data problem even bigger. Automation of threat intelligence is recognized as not complete with limited adoption of standards. With limited progress in anomaly signature detection, movement towards using expert systems has been identified as the path forward. Techniques focus on matching behaviors of attackers to patterns of abnormal activity in the network. The need to stream, parse, and analyze large volumes of small, semi-structured data files can be feasibly addressed through a variety of techniques identified by researchers. This report highlights research in key areas, including protection of the data, performance of the systems and network bandwidth utilization.

WANG Cheng,CHEN Shu-yu

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.19.014

2007-01-01

Abstract:Because of the lack of data exchange mechanism,security product can't sharing the security information each other.In order to resolve the large volume of alarm message or false alarm,discovery the immanent relationship in detected data and effectively detect diversified attack,a network security management and analysis system is put forward,simultaneously,analytical method of data fusion and data association is discussed and the security event information can be gathered,all what are taken to achieve the all-around analysis about security information.

Li Zheng,Gang Yu,Yuntian Zheng

DOI: https://doi.org/10.1007/s11265-023-01836-0

2023-02-01

Journal of Signal Processing Systems

Abstract:Data visualization is an important approach for data analysis, which can reveal the patterns and characteristics of complex datasets through visual processing, and provide aid for data analysts. In recent years, with the expansion of Internet users and the rich diversity of various Internet applications, the importance of network security is increasing. In the field of network security data analysis, it is a developing direction to use data visualization methods and visual analysis tools to assist manual analysis. In this paper, a visualization system for network security data is designed and implemented, which is mainly based on network flow records and security policies. The node centrality measurement and high-dimensional data visualization methods are comprehensively applied, and an interactive visualization approach is proposed. The IP topology is presented in three different view modes: static analysis, temporal analysis and exploration analysis. In addition, the high-dimensional projection map takes flow, security policy and IP address as analysis objects and selects several dimensional features as indicators. After visual presentation, the distribution of the stream set and IP set contained in the record after projection in the selected dimension space can be obtained, so that the analyst can find the points with significant abnormal eigenvalue distribution, and deduce the possible situation based on this. After testing, the system can accept the new original data record file, and quickly generate the corresponding visualization content, which can be used for the visualization analysis of network security optimization tool software, and has been used in the actual system.

computer science, information systems,engineering, electrical & electronic

WU HUA,ZHANG HONGLI,HE HUI,ZHANG YU

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.09.018

2008-01-01

Abstract:Lots of intrusion and attack flooding over the Internet everyday badly threaten to the network' s security. How to apperceive the current security posture and forecasting its developing trend has became one of research focuses among network emergency reponse at home and abroad. In this paper, combining active measure with anomaly detection, adopt from button to top model, com-pute the security events'threat index to network and visual the result. The result of this paper can provides direct decisive help to administrators.

Liang Hu,Rui Sun,Feng Wang,Xiuhong Fei,Kuo Zhao

DOI: https://doi.org/10.1155/2016/4287834

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:With the rapid development of the Internet of Things (IoT), a variety of sensor data are generated around everyone's life. New research perspective regarding the streaming sensor data processing of the IoT has been raised as a hot research topic that is precisely the theme of this paper. Our study serves to provide guidance regarding the practical aspects of the IoT. Such guidance is rarely mentioned in the current research in which the focus has been more on theory and less on issues describing how to set up a practical system. In our study, we employ numerous open source projects to establish a distributed real time system to process streaming data of the IoT. Two urgent issues have been solved in our study that are (1) multisource heterogeneous sensor data integration and (2) processing streaming sensor data in real time manner with low latency. Furthermore, we set up a real time system to process streaming heterogeneous sensor data from multiple sources with low latency. Our tests are performed using field test data derived from environmental monitoring sensor data collected from indoor environment for system validation. The results show that our proposed system is valid and efficient for multisource heterogeneous sensor data integration and streaming data processing in real time manner.

YU Yang,YANG Ze-hong,JIA Pei-fa

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.24.051

2007-01-01

Abstract:As information security is challenged by the development of information technology,computer monitor system may be an effective solution to this problem.A monitor process is composed of data collection and analysis,rule-based discrimination,possible danger interception and whole process log recording.Its key features are the monitor technology for file,text and user operations.By experiments of comparing and analyzing,a research is made on the theory and application of the key features.Research of the key technologies will improve the efficiency and stability of the system.