Zhijun Zhang

2011-01-01

Abstract:As the use of distributed deployment of a large number of heterogeneous security devices in order to build network security defense system generates a mass of security event information which is difficult to effectively manage and the security monitoring systems that are deployed in different places are difficult to manage integratedly, united platform model for network security management is proposed. According to the actual distribution of Yunnan security monitoring systems, the platform establish a level of information system by the use of distributed technology. Platform designs and analyzes its oriented network security managers system architecture and uses risk assessment and event correlation to analyze network operating conditions in real-time, reduce false alarm ratio so that network security managers can find security accidents precisely and respond promptly. And then the paper describes key technologies such as distributed data model,secure event standardization model,secure communication and control protocol in detail.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

ZHANG Yan,GUO Shi-ze,HUANG Shu-guang,WANG Yong-yi

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.01.079

2012-01-01

Abstract:In order to analyze the influence of security incidents on a network system and accurately evaluate system security,this paper proposed a new network security situation awareness model based on multi-heterogeneous sensors.Firstly,by using improved DS fusion rules and combining with AHP algorithm,it fused security data submitted from different sources.Secondly,to deal with the potential missing report problem,it performed global fusion using predefined security policy so as to get the current security situation of the whole network.The evaluation of a simulated network indicates that this approach is suitable for real network environment,and the evaluation result is precise and efficient.

HUANG Jia-Lin,Liu Hai-Tao,Mei Zhen-Kun,Gan Miao-Jin,Sun Qian

2008-01-01

Periodical of Ocean University of China

Abstract:The management of a large campus network is complex and difficult.An effective network management system is basical for secure and steady network.The current network management systems focus on the management of the equipment,they have not related network management to the network user behavior.The System Based on User Network Behavior Monitoring and Controlling amalgamated the technical character of various system manufacturer.Because of making use of the functions and the management messages of the present network equipments and systems,analyzing and ruling the user's network behavior,and eliminating the effect of the bad network behavior,it can maintain a secure and steady network and reduce the network manager's workload.

Yu Sun,Xiaorong Liu,Xiaoli Shen

DOI: https://doi.org/10.1155/2022/3170164

IF: 1.968

2022-11-19

Security and Communication Networks

Abstract:With the rapid advancement of society and the level of programming and the rapid development of computer technology, networking and information are playing an increasingly important role in the social life of the masses. Creating and developing a network information security monitoring system have become one of the most important ways to keep a computer running smoothly. Traditional information security systems cannot adapt to the ever-changing network environment. If only relying on it to maintain network security, it will be far from effective monitoring and defense. Based on the theory of network information security, this study analyzes the characteristics of network information and the information security monitoring technology at the current stage. Based on the background of big data era, a new type of computer network information security monitoring system is proposed. This system is compared with the traditional network information security monitoring system, and the performance and stability of the system are investigated, respectively. The experimental data show that the network information security monitoring system designed in this study can achieve more than 99% detection rate of external attacks in a network environment with a background traffic of 10M. Its false alarm rate is lower than 4%, and the false alarm rate is lower than 7%. The qualitative mean reaches 93.02%, indicating its good monitoring accuracy and stability. By popularizing it in the current network environment, it can effectively identify and defend information attacks and maintain the development of network information security.

computer science, information systems,telecommunications

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan,Chenguang Lin

DOI: https://doi.org/10.3321/j.issn:0253-987X.2004.04.019

2004-01-01

Abstract:Aiming at the deficiency that is unable to provide useful security situation information encountered in the cur2 rent security evaluation systems , a hierarchical and quantitative model , which is used to evaluate security situation of net2 worked systems , and its corresponding computation method are proposed based on the importance of service , host , and the structure of the network system. This model adopts the evaluation policy from bottom to top and from local to global , calculates the risk indexes of service , host and whole network system by weighting the importance of service and host based on the analysis of attack frequency and its severity , and further evaluates their security situation. Experiments on the HoneyNet dataset show that this system can evaluate the security situation in three levels : service , host and local area network system. It provides system administrators with system intuitive security situation curve and releases them from the exhausting task of alert analysis.

MA Yang-ming,LI Zhi-tang,LEI Jie,PAN An-qun

DOI: https://doi.org/10.3969/j.issn.1002-2279.2006.06.012

2006-01-01

Microprocessors

Abstract:A personified network security intelligent centralized management mechanism is proposed in this paper,and a system model using the mechanism and the analysis of the performance and realization are presented.In this mechanism,each agent which behaves like a human worker deals with security events separately and communicates with other agents if necessary and it reports to Security Intelligent Management Center unauthorized or unidentified security events.The Security Intelligent Management Center makes a correlative analysis in received security events(combining relevant information in its memory),setting up a whole view according to emergency degrees of alarms,which is followed by relevant responses and report systems.It helps to reduce system wastage,eliminate error reports and find out missing reports which benefits security administrators with security events management easily.

Jie Ma,Shuanbao Li

DOI: https://doi.org/10.1155/2022/7300977

2022-05-13

Scientific Programming

Abstract:This article proposes a computer network security defense system model based on multisource big data, which makes the security of computer networks more complete because of the shortage of current computer network security defense systems. The current network security situation is analyzed, and the problems faced in the field of network security are pointed out; then, multisource big data is introduced, and the characteristics of the multisource big data model are analyzed. This article proposes an information system network security model, which formally describes the relationship between network behavior among nodes, security threats, network attacks, and defense capability of security devices in an information system. After that, a network security defense system measurement scheme is constructed based on hierarchical analysis, and quantitative indicators of defense effectiveness are defined in two dimensions: risk severity of security threats and defense response actions of security devices, which enables quantitative evaluation of the security defense system, and then identifies omissions and defects of the network security defense system. A defense system measurement and optimization system is designed based on the proposed network security system measurement and optimization scheme. The application analysis of the project is combined with the actual scenarios. Through the evaluation and optimization of the security defense system in the natural methods, it is proved that the network security defense system evaluation and optimization scheme proposed in this article has reasonableness and effectiveness in the actual application.

computer science, software engineering

LIN Lei,LIN Dong-dai,WAN Li

DOI: https://doi.org/10.3969/j.issn.1001-3695.2008.05.076

2008-01-01

Abstract:In order to discover normal and abnormal running patterns of large-scale network,and to analyze its security situation,this paper introduced a paradigm to illustrate how to design security data mining system of large-scale network.The system collected many kinds of large-scale network security data,and did data mining and situation assessment on those data,and then presented analyzed results via the graphic user interfaces.The design focused on technical scheme,method of collecting security data,system modules,realization technique and system evaluation.

Wang Yilei,Gao Xianfeng,Li Tao,Sun Yujuan

DOI: https://doi.org/10.3969/j.issn.1009-3044.2008.25.014

2008-01-01

Abstract:This paper presents a design of network security audit and monitoring system, including the design of monitoring module in Proxy and network capability, etc. And it also proposes the implement flow of these function models including the implement flow of security audit model and network monitoring model. This system has greatly improved the level of safety management of network through the practice for an application case and has good actual effect.

Bing Yang,Huaping Hu,Xiangwen Duan,Shiyao Jin

DOI: https://doi.org/10.1007/978-3-540-76969-9_9

2007-01-01

Abstract:Over the past decades more and more network security devices, such as IDS, Firewall and scanner, are distributed in the network. So superfluous alerts are generated, and do not have unified format. How to organize and utilize those alerts to enhance network security becomes a hot topic of research. Network-warning system, which can correlate alerts and predict future attacks, appears as one promising solution for the problem. In this paper, an intelligent strong-survivability network-warning model is introduced, which consists of a lot of intelligent agents. And a prototype is implemented based on the model. We propose a self-adaptive data-processing algorithm for classifying and reducing alerts automatically, and design a strong-survivability structure. The intelligence of self-adaptive algorithm depends on machine learning. In the prototype we adopt three methods (C5.0, Neural Net and CART) to construct the self-adaptive algorithm, and choose the best method fitting the algorithm, which is CART. The prototype can not only reduce and classify the original alert data from different network security devices, but also correlate alerts and generate intrusion scenario graphs. The equality of all agents makes the model strong-survivable. Furthermore, the model can predict potential attacks based on scenario graphs and track the attack sources(1).

Xuesong Huo,Ming Zhang,Hongqin Zhu,Wei Li

DOI: https://doi.org/10.1109/cbd54617.2021.00052

2021-01-01

Abstract:At present, most of the security situation assessment methods for the power monitoring system only consider the network factors, ignore the security factors inside the system, and the weight distribution of assessment indicators is subjective. This paper analyzes the security factors affecting the power monitoring system, and gives the security situation assessment indicator system of the power monitoring system. On this basis, the security situation of each equipment is assessed based on Support Vector Regression, and the weight is calculated according to the importance of the security area division of the power monitoring system where different equipment is located. Finally, the overall security situation of the power monitoring system is comprehensively evaluated through weighted summation. On the one hand, it can improve the accuracy, the flexibility and the expansibility of the security situation assessment for the power monitoring system. On the other hand, it can also trace the source of security problems in the power monitoring system, which is convenient for managers to isolate risks quickly and efficiently or take defense strategies.

WANG Cheng,CHEN Shu-yu

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.19.014

2007-01-01

Abstract:Because of the lack of data exchange mechanism,security product can't sharing the security information each other.In order to resolve the large volume of alarm message or false alarm,discovery the immanent relationship in detected data and effectively detect diversified attack,a network security management and analysis system is put forward,simultaneously,analytical method of data fusion and data association is discussed and the security event information can be gathered,all what are taken to achieve the all-around analysis about security information.

SONG Zhi-gang,CAI Jian-wei,QIU Wei-dong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2008.03.023

2008-01-01

Abstract:In the light that the network security devices all work alone and cack coordinated monitoring mechanism, this paper brings foreword Extended STAT Based Network Security Monitoring to manage all the devices together. A unified standard format is used to describe all the events. By data aggregation, the number of redundant alerts is reduced. In addition, the impact of a single event is evaluated by multiple factors and the network security evaluated by statistic based risk assessment technology. These help user find out the network situation and the weakness and thus take effective protective measures.

Wei-wei Xia,Hai-feng Wang

DOI: https://doi.org/10.1109/WCINS.2010.5541853

2010-01-01

Abstract:This paper analyses and compares the existing network security situation evaluation methods, defines various network security evaluation concepts, and proposes a method for network security situation evaluation using virtual Honeynet. With the relationships among Honeynet active, host active of computer networks and IP active when network intrusion occurs, a binary linear regression prediction model is proposed. In the end, a prototype system is designed for data collection and regression fitting, and the validity of the regression prediction model is proved.

Dong Wang,Y. Li,Gang Li,Li Yan,Min Zhao,Chao Han,W. Zhao,Min Cui

2018-01-01

Abstract:Internet technology has significantly increased the automation of power systems, but at the same time increased the risk of attacks on power systems. The log data generated in the operation of power information system is an important basis for the state analysis of power information system,the original log of power information system is used as the analysis data, and a model of security situation awareness of power information system is proposed. In the model, firstly, various situation prediction models are used to predict the state of the power system respectively. Then, the gray correlation algorithm is used to combine the individual predictions to complete the prediction of the security situation of the power information system. Finally, the power information system log data is analyzed and verified. Simulation results show that, combined forecasting model has more accurate prediction results than the single prediction model, at the same time, it can effectively predict the safety situation of the power information system.

Yongzheng Zhang,Xiaochun Yun

DOI: https://doi.org/10.1007/978-3-642-35795-4_73

2013-01-01

Abstract:An index system of network operation security is a necessary technical means for reflecting and measuring network operation security macro-situation. On the basis of introducing a concept of network operation security index and its application senses, this paper proposes a general architecture model of security index system (MSIS) with computing ability. An instance of IP data network of China Telecommunications Corporation is given to illustrate the modeling method and process, so as to validate the feasibility and effectivity of MSIS on the level of instances. The analysis of the application instance indicates that MSIS is able to provide a uniform modeling methodology and computing standard for establishment of index system examples to meet the needs of different applications. © Springer-Verlag Berlin Heidelberg 2013.

WANG Chun-lei,FANG Lan,WANG Dong-xia,DAI Yi-qi

DOI: https://doi.org/10.1109/iccet.2010.5486194

2012-01-01

Computer Science

Abstract:Network security situation awareness provides the unique high level security view based upon the security alert events. But the complexities and diversities of security alert data on modern networks make such analysis extremely difficult. In this paper, we analyze the existing problems of network security situation awareness system and propose a framework for network security situation awareness based on knowledge discovery. The framework consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the D-S evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The generation of network security situation is to extract the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery method and transform these patterns to the correlation rules of network security situation, and finally to automatically generate the network security situation graph. Application of the integrated Network Security Situation Awareness system (Net-SSA) shows that the proposed framework supports for the accurate modeling and effective generation of network security situation.

Chenghua Tang,Shunzheng Yu

DOI: https://doi.org/10.1109/NPC.2008.41

2008-01-01

Abstract:Using high-level security policy rules to regulate low-level system, the security management system with a high level of expansibility and flexibility was made. For purpose of managing network security policy duly and flexibly in the complex network environment, and resolving its issue efficiency, a dynamic and self-adaptive security policy realization mechanism is proposed. The accident monitor and policy life-cycle are put forward, and the impact of safety equipment or user requests, such as system resources found on the flow control can be calculated automatically. The system can independently carry out a dynamic, flexible and real-time to adjust and control in the network environment and security needs change. The distribution model is given to response policy request rapidly, take the appropriate policy dissemination methods, and reduce PDP computing tasks, system resource consumption, which introduces the concepts of issue affecting factors, security domain addresses allocation, etc. Expression and making ways of the structure-dissimilarity policy faced on attribute characters and operation are analyzed emphatically. The effectiveness of the proposed model and algorithms is proved by experiments.