Xiao-wu LIU,Hui-qiang WANG,Hong-wu LYU,Shu-zhao AN

DOI: https://doi.org/10.7964/jdxbgxb201306035

2013-01-01

Abstract:In order to solve the problems of multi-source fusion and quantitative awareness in the network security situation awareness,the particle swarm optimization is applied to search the exponent weight for different reliability data source for the D-S evidence fusion,and the multi-source fusion was obtained.Based on the fusion,the threaten gene acquisition method with adaptability was studied through the discretization to normal distribution,and the situation factor extraction was accomplished.According to the fusion and factor extraction,a formal network security situation awareness method was proposed.This method could generate service,host and network system level situation evolution curves.Simulation experiments show that the proposed fusion method can increase the detection rate and decrease the false detection rate.The formal quantitative method is able to be aware of the dynamic change of the threat and meets the goal of monitoring the network in an effective manner.

ZHANG Yan,GUO Shi-ze,HUANG Shu-guang,WANG Yong-yi

DOI: https://doi.org/10.3969/j.issn.1001-3695.2012.01.079

2012-01-01

Abstract:In order to analyze the influence of security incidents on a network system and accurately evaluate system security,this paper proposed a new network security situation awareness model based on multi-heterogeneous sensors.Firstly,by using improved DS fusion rules and combining with AHP algorithm,it fused security data submitted from different sources.Secondly,to deal with the potential missing report problem,it performed global fusion using predefined security policy so as to get the current security situation of the whole network.The evaluation of a simulated network indicates that this approach is suitable for real network environment,and the evaluation result is precise and efficient.

Luqin Lv,Yueming Lu

DOI: https://doi.org/10.1145/3444370.3444599

2020-01-01

Abstract:Aiming at the problem that single protection technology is difficult to meet the needs of network security, the rationality and accuracy of situation assessment index are poor, the multi-source and multi-dimensional network security situation awareness model and multi-source data association analysis method are proposed. This model combines with data acquisition, data preprocessing, abnormal analysis, security threat assessment and situation visualization. By using Apriori algorithm to mine the relationship between multiple sources of data, the strong rules are filtered out. The experimental results show that the model can accurately perceive known intrusion, unknown threat and its own vulnerability.

Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

Yan Zhang,Shuguang Huang,Shize Guo,Junmao Zhu

DOI: https://doi.org/10.1016/j.proenv.2011.09.165

2011-01-01

Procedia Environmental Sciences

Abstract:To analyze the influence of security incidents on a networked system and accurately evaluate system security, this paper proposes a novel cyber security situation assessment model, based on multi-heterogeneous sensors. By using D-S evidence theory, we fuse security data submitted from multi-sensors, according to the network topology and the importance of services and hosts. Moreover, we adopt the evaluation policy that from bottom to top and from local to global in this model. The evaluation of a simulated network indicates that the proposed approach is suitable for network environment, and the evaluation results are precise and efficient.

Xiao-wu LIU,Hui-qiang WANG,Ji-bao LAI,Hai-zhi YE

DOI: https://doi.org/10.16182/j.cnki.joss.2010.06.038

2010-01-01

Abstract:Network security situation awareness is a hot research spot in the area of network security and it is of significance for improving the security level of network. A network security situation awareness model was proposed based on multi-sensor data fusion and this model employed support vector machine as its fusion engine to fuse the data acquired from heterogeneous sensors in combination with the feature reduction method which improved the real-time nature of the fusion engine. A generation algorithm was introduced to obtain the network security situation according to the fusion output. And several evaluating indicators were put forward to evaluate the awareness ability of the situation generation method. The model and the approach are proved to be feasible and effective through a series of simulation experiments.

Xiao-Wu LIU,Hui-Qiang WANG,Hong-Wu L,Ji-Guo YU,Shu-Wen ZHANG

DOI: https://doi.org/10.13328/j.cnki.jos.004852

2016-01-01

Journal of Software

Abstract:For the purpose of exploring the evolution trend and analyzing the autonomous awareness and control problems, this paper proposes a cognitive awareness-control model for network security situation based on fusion. This model is characterized by the design of the cross-layer architecture and cognitive circle which can improve the interactive and cognitive ability between the different network layers. Based on the analysis of the model components and their functions, this paper uses the fusion algorithm to obtain the accurate decision on the security events made by heterogeneous multi-sensor. Combining with the reasoning of the relation between threat gene and threat level, a hierarchical quantification method is put forward, encompassing service layer, host layer and network layer. This approach has the advantage of overcoming the shortcoming of dealing with the complex memberships among network components and improving the expression ability against network threat. In addition, through establishing the bridge between dispersed computing and the continuous control, the close-up feedback structure is formed and the self-awareness and self-control problems are solved. The simulation experiments prove that the presented model and algorithms can fuse heterogeneous security data, dynamically perceive the evolution trend of network threat and possess the autonomous regulation and control ability. This study meets the research goal of cognitive awareness-control and it provides a new method of monitoring and administrating the networks.

张焱,黄曙光,朱俊茂,任飞飞

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2011.08.034

2011-01-01

Abstract:To deal with the mass alert data generated by heterogeneous network security equipments,this paper proposes a security data fusion algorithm based on weighted DS evidence theory and Fuzzy Cognitive Map.According to different weight and confidence of network security equipments,it initially fuses the alert data by DS evidence theory.Then it takes overall alert fusion through fuzzy reasoning of FCM.The proposed method overcomes the problem of high false negative rate and enhances the ability to cope with complex attacks.

Yong Peng,Jianhuan Huang,Zhe Wang

DOI: https://doi.org/10.1109/AIAM48774.2019.00063

2019-01-01

Abstract:In this paper, to control the development direction of network security situation more accurately and solve the forecasting problems in network security situation awareness (NSSA) a combined forecasting model of network security situation based on information fusion was proposed, in which sample set was firstly built according to the forecasted value and actual value of the situation of single forecasting model, and then the data set was used to calculate weight index, evaluation index and weight distribution of single forecasting model, and next the fusion characteristic of evidence theory was used to get the combination weight and carry out the combined forecasting, and finally each index was optimized by evidence discount method. The simulation results showed that the model can forecast the network security situation more effectively with the accuracy improved by about 8% on average compared with the existing forecast algorithms.

Qi Yong,Wang Yan,LI Qian-mu

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.04.037

2013-01-01

Abstract:In view of network security situation awareness framework's lack of a precise mathematical quantitative method to network information security risk assessment,a network risk assessment model based on network security situation awareness framework is proposed by combining DS evidence theory and Consultative Objective Risk Analysis System(CORAS).Network security threats information fusion and situation perception based on DS evidence theory,hierarchical risk quantitative analysis based on probabilistic risk analysis,and risk discrimination.Low earth orbit satellite communication network is taken as an example to make a simulation and assessment.Experimental results show the proposed model and method can effectively identify threat situation,and increase the accuracy of risk assessment discriminant.

Daojuan Zhang,Kexiang Qian,Wenhui Wang,Fuyang fang,Chonghua Wang,Xi Luo

DOI: https://doi.org/10.1145/3444370.3444607

2020-12-04

Abstract:With the development of information technology, the scale of the network continues to expand, and the security issues continue to increase. The complexity of the network security situation is increasing and the importance of the network security situational awareness continues to increase. The data sources are wide, the type and the number are large in a large-scale network environment currently. This paper comprehensively studies the network security situational awareness technology based on multi-source heterogeneous data. In addition, this paper introduces the origin, concept and the model of the network situational awareness, as well as the characteristics of network security situational awareness based on multi-source heterogeneous data fusion. Finally, the key technologies in the security situational awareness such as the extraction of situational elements, multi-source data fusion, situation assessment, situation prediction and visual display are introduced.

Xiu-Zhen Chen,Qing-Hua Zheng,Xiao-Hong Guan,Chen-Guang Lin,Jie Sun

DOI: https://doi.org/10.1016/j.cose.2004.08.009

IF: 5.105

2005-01-01

Computers & Security

Abstract:How to evaluate network security threat quantitatively is one of key issues in the field of network security, which is vital for administrators to make decision on the security of computer networks. A novel model of security threat evaluation with a series of quantitative indices is proposed on the analysis of prevalent network intrusions. This model is based on multiple behavior information fusion and two indices of privilege validity and service availability that are proposed to evaluate the impact of prevalent network intrusions on system security, so as to provide security evolution over time, i.e., monitor security changes with respect to modification of security factors. The Markov model and the algorithm of D-S evidence reasoning are proposed to measure these two indices, respectively. Compared with other methods, this method mitigates the impact of unsuccessful intrusions on threat evaluation. It evaluates the impact of important intrusions on system security comprehensively and helps administrators to insight into intrusion steps, determine security state and identify dangerous intrusion traces. Testing in a real network environment shows that this method is reasonable and feasible in alleviating the tremendous task of data analysis and facilitating the understanding of the security evolution of the system for its administrators.

Jie Ma,Zhi-tang Li,Hong-wu Zhang

DOI: https://doi.org/10.1109/AICI.2009.487

2009-01-01

Abstract:Current practice for real-time security risk assessment typically takes intrusion detection systems alerts as the only source of risk factor. Their assessment results are more likely to suffer from the impact of false positive alerts in the increasingly complex and severe network security environment. This paper proposes a novel online fusion model for dynamical network risk assessment by using multiple risk factors. The model is composed by three fusion levels. First, an online alert fusion algorithm is proposed and the redundancy of the raw alerts is dramatically reduced. Then, the model employs Dempster-Shafer theory to handle uncertainties and ignorance existed in the multiple risk factors. Threats in different kinds of severity levels are identified. Finally, the whole network risk distribution is dynamically calculated and reported by using HMM approach. Experiments show the effectiveness and validity of our method.

Xiaowu Liu,Jiguo Yu,Weifeng Lv,Dongxiao Yu,Yinglong Wang,Yu Wu

DOI: https://doi.org/10.1016/j.jnca.2019.04.022

IF: 7.574

2019-01-01

Journal of Network and Computer Applications

Abstract:Network Security Situation Awareness (NSSA) is a security theory which can perceive the network threat from a global perspective. In this paper, we present a Cognitive Awareness-Control Model (CACM) for NSSA. CACM adopts the cross-layer architecture and cognitive circle which can break through the interactive barrier between different network layers. Firstly, we propose a decision-level fusion method in which different weights are assigned for different data sources so that the fusion accuracy can be improved. Secondly, a hierarchical quantification approach is discussed which can avoid inferring the complex memberships among network components. Finally, a cognitive regulation mechanism is analysed in order to solve the issue of automatic control. The simulation experiments show that our model can perceive and regulate the threat situation effectively. To the best of our knowledge, this is the first discussion which utilizes cognitive awareness-control to solve the regulation problem of NSSA.

Tao Zhang,MingZeng Hu,Xiaochun Yun,Dong Li

2005-01-01

Journal of Computational Information Systems

Abstract:Due to the rapid development of computer network system, the traditional methods like vulnerability scanning to analyze network security are confronting large challenges, because it cannot consider the security information synthetically. To get the security situation of network, a system of network security analysis using information fusion is designed and implemented in this present study. The study implements the network data collection based on TCP/IP protocol utilizing multi-sensors which covers large scale domains. The data are fused in data layer, so the computer information and network information are collected. These include the operating system type, the network service and the simple network topology. By associating the information with vulnerability and attack method, the model for network security analysis is built. This study has generated a network attack graph to represent the security states of the computer network.

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

Lina Zhu,Guoen Xia,Zuochang Zhang,Jianhua Li,Renjie Zhou

DOI: https://doi.org/10.14257/ijsia.2016.10.11.14

2016-01-01

International Journal of Security and Its Applications

Abstract:Network security situation awareness is vital important for network security supervision. In order to obtain the network security situation effectively, a multidimensional assessment method is proposed in this paper. The method is composed of three dimensions at different levels, namely vulnerability, threat and basic operation, with quantitative calculation method for each index. In the service layer, CVSS standard is adopted to assess the vulnerability situation, and simplified DREAD model is chosen for the threat situation. In the node layer, the vulnerability situation in the service layer is added with a weight, the threat situation in the service layer is accumulated according to attack paths based on Markov model, and the basic operation situation is evaluated by DS evidence fusion of several host and network performance index. In the network layer, each situation equals to weighted summation of corresponding situation in the node layer. Experimental results show the ease of use of this method, and multi-dimensional situation depicts the overall safety evolution process of network system accurately and intuitively.

Hao Wu,Zhonghua Wang

DOI: https://doi.org/10.1016/j.cose.2018.01.003

IF: 5.105

2018-01-01

Computers & Security

Abstract:In this paper, multi-source fusion-based detection method for the security of heterogeneous network is investigated. Fusion-based detection method exploits multi-source profiles from the whole network to make decisions on whether intrusion incident happens. A game theoretic analysis method for the concerned detection strategy is presented, where the attacker and defender are thought to be rational humans and they always try their best to get their maximum payoffs. A nonzero-sum game model is established to formulate the confrontation between the defender and attacker by considering the detection threshold and attack resource allocation as their strategies. The optimal strategies are then solved by using Nash equilibrium theory. The local optimal attack allocation scheme is firstly presented for heterogeneous network, which shows that with limited resources the attacker should only launch attacks to more valuable nodes and more attack resources should be allocated to more valuable nodes also. Then a general conclusion about the existence of the Nash equilibrium is given, which indicates that the Nash equilibrium must exist despite the attacks types. After that, an iterative method is presented for the calculation of the Nash equilibrium by considering DDoS attack as an example. Numerical simulations are shown to validate our theoretical results.

Guosheng Zhao,Huiqiang Wang,Jian Wang,Linshan Shen

DOI: https://doi.org/10.1007/978-3-540-72588-6_172

2007-01-01

Abstract:Building and maintaining the information superiority is the basis of the principle of active defense, integrated guarding in the cyberspace. In this paper, a novel method based on grey verhulst model was introduced to forecast the network system's security situation. Starting with unequal interval original risk data series, the proposed method choosed grey verhulst model or its inverse function to forecast the future risk value of network system, ant then it could modify the forecasting precision based on multilevel residual error. Simulation results reveal that the presented model not only gains the intuitionistic curve graph of network security situation, but also can achieve satisfactory precision. At the same time, it is simple in use and deserves further study to fully explore its potential for evaluation issues.

Guangjie Zhang,Xiaobo Tan

DOI: https://doi.org/10.1117/12.2675117

2023-05-25

Abstract:In the research of network security situational awareness, an important problem that needs to be solved urgently is that in the face of a large number of noisy multi-source data, the accuracy of obtaining network security situational awareness indicators will be affected. This paper proposes a data fusion processing method based on deep neural network to solve the above problems, which first uses natural language processing technology to process high-noise data in the data, and does a good job of word reduction of the data through the WordNetLemmatizer module. The TF-IDF feature extraction algorithm is applied to extract features through the frequency of data occurrence and the weight of the data. The experimental results show that the accuracy of obtaining network security situational awareness indicators by using the data fusion method based on deep neural network reaches more than 85% compared with the data fusion methods of other machine learning algorithms, and can be applied to the network security situational awareness model.

Computer Science,Engineering