Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

Daojuan Zhang,Kexiang Qian,Wenhui Wang,Fuyang fang,Chonghua Wang,Xi Luo

DOI: https://doi.org/10.1145/3444370.3444607

2020-12-04

Abstract:With the development of information technology, the scale of the network continues to expand, and the security issues continue to increase. The complexity of the network security situation is increasing and the importance of the network security situational awareness continues to increase. The data sources are wide, the type and the number are large in a large-scale network environment currently. This paper comprehensively studies the network security situational awareness technology based on multi-source heterogeneous data. In addition, this paper introduces the origin, concept and the model of the network situational awareness, as well as the characteristics of network security situational awareness based on multi-source heterogeneous data fusion. Finally, the key technologies in the security situational awareness such as the extraction of situational elements, multi-source data fusion, situation assessment, situation prediction and visual display are introduced.

Guangjie Zhang,Xiaobo Tan

DOI: https://doi.org/10.1117/12.2675117

2023-05-25

Abstract:In the research of network security situational awareness, an important problem that needs to be solved urgently is that in the face of a large number of noisy multi-source data, the accuracy of obtaining network security situational awareness indicators will be affected. This paper proposes a data fusion processing method based on deep neural network to solve the above problems, which first uses natural language processing technology to process high-noise data in the data, and does a good job of word reduction of the data through the WordNetLemmatizer module. The TF-IDF feature extraction algorithm is applied to extract features through the frequency of data occurrence and the weight of the data. The experimental results show that the accuracy of obtaining network security situational awareness indicators by using the data fusion method based on deep neural network reaches more than 85% compared with the data fusion methods of other machine learning algorithms, and can be applied to the network security situational awareness model.

Computer Science,Engineering

Haonan Peng,Chunming Wu,Yanfeng Xiao

DOI: https://doi.org/10.3390/app132111629

2023-01-01

Applied Sciences

Abstract:The importance of network security has become increasingly prominent due to the rapid development of network technology. Network intrusion detection systems (NIDSs) play a crucial role in safeguarding networks from malicious attacks and intrusions. However, the issue of class imbalance in the dataset presents a significant challenge to NIDSs. In order to address this concern, this paper proposes a new NIDS called CBF-IDS, which combines convolutional neural networks (CNNs) and bidirectional long short-term memory networks (BiLSTMs) while employing the focal loss function. By utilizing CBF-IDS, spatial and temporal features can be extracted from network traffic. Moreover, during model training, CBF-IDS applies the focal loss function to give more weight to minority class samples, thereby mitigating the impact of class imbalance on model performance. In order to evaluate the effectiveness of CBF-IDS, experiments were conducted on three benchmark datasets: NSL-KDD, UNSW-NB15, and CIC-IDS2017. The experimental results demonstrate that CBF-IDS outperforms other classification models, achieving superior detection performance.

WANG Chun-lei,FANG Lan,WANG Dong-xia,DAI Yi-qi

DOI: https://doi.org/10.1109/iccet.2010.5486194

2012-01-01

Computer Science

Abstract:Network security situation awareness provides the unique high level security view based upon the security alert events. But the complexities and diversities of security alert data on modern networks make such analysis extremely difficult. In this paper, we analyze the existing problems of network security situation awareness system and propose a framework for network security situation awareness based on knowledge discovery. The framework consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the D-S evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The generation of network security situation is to extract the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery method and transform these patterns to the correlation rules of network security situation, and finally to automatically generate the network security situation graph. Application of the integrated Network Security Situation Awareness system (Net-SSA) shows that the proposed framework supports for the accurate modeling and effective generation of network security situation.

Zhao Yifan

DOI: https://doi.org/10.1109/WCCCT52091.2021.00015

2021-01-01

Abstract:Along with the advance of science and technology, informationization society construction is gradually perfect. The development of modern information technology has driven the growth of the entire network spatial data, and network security is a matter of national security. There are several countries included in the national security strategy, with the increase of network space connected point, traditional network security space processing way already cannot adapt to the demand. Machine learning can effectively solve the problem of network security. Around the machine learning technology applied in the field of network security research results, this paper introduces the basic concept of network security situational awareness system, the basic model, and system framework. Based on machine learning, this paper elaborates the network security situation awareness technology, including data mining technology, feature extraction technology and situation prediction technology. Recursive feature elimination, decision tree algorithm, support vector machine, and future research direction in the field of network security situational awareness are also discussed.

Computer Science

Fanyu Kong,Yufeng Zhou,Gang Chen

DOI: https://doi.org/10.1007/s11042-019-7614-4

IF: 2.577

2019-04-17

Multimedia Tools and Applications

Abstract:In order to realize the ubiquitous perception of urban traffic system integration, a universal technology architecture supporting multiple heterogeneous access, universalization and tailoring is needed to realize the interconnection and interoperability of perception systems in different application scenarios. Based on the analysis of typical application scenarios in traffic field and the performance characteristics of wireless and wired sensor networks, a method of bandwidth allocation for network resources in urban traffic application environment is proposed in this paper, especially in the scenario of high-speed train movement, in order to improve the transmission efficiency of wireless sensor networks. An information matching method for sensor networks is proposed. The correlation among multi-sensors is used to fuse the monitoring information in the coverage area of the sensing system, which is helpful to improve the resolution and accuracy of the system. The theory is applied to vehicle type recognition in traffic flow detection. The simulation results show that the proposed data fusion scheme has obvious advantages over the similar LEACH protocol in terms of energy consumption and fusion accuracy of common nodes.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Rixin Xue,Peng Tang,Shudong Fang

DOI: https://doi.org/10.1155/2022/2794889

2022-02-09

Wireless Communications and Mobile Computing

Abstract:Traditional NSSA (network security situational awareness) systems have significant equipment limitations, poor data fusion capabilities, and a low level of analysis and evaluation, making them difficult to adapt to large-scale and complex network environments. This paper proposes the study of computer NSS (network security situation) prediction technology based on AR (association rules) mining to solve this problem. The support-confidence framework is improved by introducing an interest evaluation standard, and the value of AR is re-evaluated, based on a discussion of traditional concepts and algorithms related to AR mining. The MFP-interest algorithm proposed in this paper is a combination of alarm AR template and interest degree. The MFP-interest algorithm was put to the test. We discovered that the MFP-interest algorithm can effectively predict NSS and indicate its development trend when run in a real-world network environment. Most time points have a relative error range of less than 0.035.

computer science, information systems,telecommunications,engineering, electrical & electronic

Satyanarayana Gunupusala,Shahu Chatrapathi Kaila

DOI: https://doi.org/10.37256/cm.5220243723

2024-06-19

Contemporary Mathematics

Abstract:Computer networks rely on Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) to ensure the security, reliability, and availability of an organization. In recent years, various approaches were developed and implemented to create effective IDSs and IPSs. This paper specifically focuses on IDSs that utilize Machine Learning (ML) techniques for improved accuracy. ML-based IDSs have verified to be successful in discovering network attacks. However, their performance tends to decline when dealing with high-dimensional data spaces. It is essential to develop a suitable feature extraction strategy that could identify and remove irrelevant features that do not significantly classification process to address this issue. Additionally, many ML-based IDSs exhibit high false positive rates and poor detection accuracy when trained on unbalanced datasets. In this study, we analyze the UNSW-NB15 IDS, which will serve as the training and testing data for our models. In order to reduce the feature space and improve the efficiency of our analysis, we leverage a filter-based feature reduction method utilizing the Pearson correlation coefficient algorithm. By identifying and selecting only the most relevant features, we are able to streamline our dataset and focus on the variables that have the highest impact on our analysis. This approach not only reduces computational complexity but also improves the interpretability of our results by eliminating unnecessary noise from the data. After applying the feature reduction technique, we proceed to implement a range of machine learning methods to perform our classification task. These include well-known algorithms such as Stacking, Extra Trees, Multi-Layer Perceptron, XGBoost, K-Nearest Neighbors, Logistic Regression, Naïve Bayes, Support Vector Machine, Random Forest, and Decision Tree. By employing a diverse set of algorithms, we are able to explore different modeling approaches and evaluate their effectiveness in accurately classifying the various types of assaults. In order to assess the performance of our classification models, we utilize a range of specialized evaluation metrics such as Root Mean Square Error (RMSE), Mean Absolute Error (MAE), R2-Score, Mean Squared Error (MSE), Precision, F1-Score, Recall, and Accuracy. These metrics provide us with a comprehensive understanding of how well our models are performing across different dimensions, including the accuracy of predictions, the level of precision in classifying different assault types, and the overall goodness-of-fit of our models. By considering multiple evaluation metrics, we are able to gain a more nuanced understanding of the strengths and weaknesses of each algorithm and make informed decisions about their suitability for our classification task. These metrics deliver a complete evaluation of the classifiers’ effectiveness in detecting community intrusions.

Junwei Zhang,Huamin Feng,Biao Liu,Dongmei Zhao

DOI: https://doi.org/10.3390/s23052608

IF: 3.9

2023-02-27

Sensors

Abstract:Network security situation awareness (NSSA) is an integral part of cybersecurity defense, and it is essential for cybersecurity managers to respond to increasingly sophisticated cyber threats. Different from traditional security measures, NSSA can identify the behavior of various activities in the network and conduct intent understanding and impact assessment from a macro perspective so as to provide reasonable decision support, predicting the development trend of network security. It is a means to analyze the network security quantitatively. Although NSSA has received extensive attention and exploration, there is a lack of comprehensive reviews of the related technologies. This paper presents a state-of-the-art study on NSSA that can help bridge the current research status and future large-scale application. First, the paper provides a concise introduction to NSSA, highlighting its development process. Then, the paper focuses on the research progress of key technologies in recent years. We further discuss the classic use cases of NSSA. Finally, the survey details various challenges and potential research directions related to NSSA.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yehong Yang

DOI: https://doi.org/10.2991/WARTIA-16.2016.25

2016-05-14

Abstract:With the popularity of computers, the Internet has entered the production and all aspects of social life, but the attendant problem of network security has become the focus of widespread concern. Network security situation awareness to effectively respond to network security issues provide a viable solution: for complex network environments and malicious attacks, a comprehensive analysis of attacks against various parts of the network system, from a macro point of view of network security situation be assess and predict the future of network security situation based on this information. For the predictive accuracy of prediction system for network security situation has improved significantly, and network security situation prediction method based on machine learning for the network security situation prediction have a high degree feasible, in the real network security situation awareness applications have certain research and practical value. Introduction of Network Security Situational Awareness Network security situation is the current status and trends of the entire information from a variety of factors operating conditions of various network devices, network behavior and user behavior constituted. Network security situational awareness can acquire, understand and display the network environment of security elements. Through a series of technical means in time and space, are fully aware of network security and access and associated elements as possible in a pluralistic, and the establishment of a network based on complex behaviors modeling and simulation situational analysis and pre-side system, and then integrate and analyze vast amounts of security associated with the network-related data. Network security situation awareness is a scientific and effective network security situation assessment and use of relevant technologies to make reasonable predictions about trends over time network security, network management personnel in advance to remind the network system for network equipment, network peer node hosts and data resources to make reasonable adjustments, upgrades and backup, network environment to address the risk of possible future harm to the network system, losses may result down to an acceptable range . Extract information network security situation is carried out on the basis of situational awareness that only a comprehensive collection of data and the use of sophisticated index system, to ensure the correctness of the results of the assessment. Therefore, in the design process model or system must pay attention to select a metric system. Network security situation is a source of diverse, different collection methods, different devices collect data formats, network security situation letter from mainly contains configuration, operating status, traffic, user behavior and other information.

Computer Science

Rasheed Ahmad,Izzat Alsmadi,Ahmad, Rasheed

DOI: https://doi.org/10.1007/s10586-024-04365-y

2024-03-27

Cluster Computing

Abstract:The increasing frequency and sophistication of cyber-attacks pose significant threats to organizational entities and critical national infrastructure, leading to substantial financial and operational consequences. Detecting such attacks early and accurately remains a complex endeavour, compounded by challenges in intrusion detection system (IDS) design, the exploitation of zero-day attacks, and issues of reliability and resiliency in physical systems. This research addresses these challenges through a two-fold approach: firstly, implementing input data fusion from diverse and heterogeneous sources, and secondly, fusing classifiers from multiple deep learning (DL)-based algorithms. The success of machine learning (ML) and DL models for IDS relies on meticulous data collection and classifier selection. The paper underscores the limitations of relying on single datasets and ML/DL algorithms, emphasizing potential biases and training restrictions. Rigorous experiments were conducted to identify optimal DL architectures, ensuring the creation of models that exhibit robust generalization on new traffic instances, leading to trusted and unbiased results. The study demonstrates the efficacy of the proposed models through comprehensive evaluations and metrics. Results indicate that the fusion of data and classifiers significantly improves model generalization. The paper also outlines key challenges and future trends in data fusion, emphasizing its role in enhancing IDS performance for securing critical infrastructure.

computer science, information systems, theory & methods

Yiyang Yao,Zhiqiang Wang,Chun Gan,Qian Kang,Xuejiao Liu,Yingjie Xia,Luming Zhang

DOI: https://doi.org/10.1016/j.neucom.2015.12.127

IF: 6

2016-01-01

Neurocomputing

Abstract:To secure the network system, a large number of different information security devices, e.g., intrusion detection system, firewall, etc., have been deployed in the network. These devices can protect the network system from all aspects, but also bring new problems for information security administration. Massive alert data from different devices are increasingly generated and some real alerts are buried with the overwhelming alerts, which are mixed with a large amount of repetitive and false alerts. In this paper, we propose a multi-source alert data understanding scheme based on rough set theory for security semantic discovery. Firstly, we classify the alert data according to the data features to merge the multi-source alerts. Then, we calculate the weight for each classification of alerts by applying the rough set theory to historical data. Then we perform data aggregation by alert similarity computation to reduce repetitive alerts from different sources. Also, we introduce reliability metrics to measure the credibility of different alerts for further correlation and semantic analysis according to the network background information. We perform experiments on the collected data set in the real network system and DARPR 2000 data set. Experimental results show that our proposed method could reduce more than 80% repetitive alerts in the data sets.

Yating Liu,Yuantao Gu,Xinyue Shen,Qingmin Liao,Quan Yu

DOI: https://doi.org/10.1109/tnse.2022.3206353

IF: 6.6

2023-01-01

IEEE Transactions on Network Science and Engineering

Abstract:Anomaly detection is a crucial topic in network security which refers to automatically mining known and unknown attacks or threats. Many detectors have been proposed in the last decade. Nonetheless, a practical solution, which is able to provide a high True Positive Rate (TPR) with an acceptable False Positive Rate (FPR) without any prior information, is still challenging due to the complexity and variability of anomaly pattern. In this article, we propose a novel unsupervised detection system called MSCA which applies multiple sketches, K-means++ unsupervised clustering, and association rule mining to detect traffic anomalies and analyze anomalous features and correlations. It can blindly identify known and unknown traffic anomalies without any labeled traffic or prior signatures about data distribution. Rich traffic data is first aggregated and compacted to traffic flows by sketches, and further detected by the combination of clustering algorithm and voting strategy. Then association rule mining is finally utilized to find the anomalous frequent item-sets and association rules. Numerical experiments on MAWILAB datasets demonstrate that the proposed detection method outperforms other reference unsupervised detection methods. It achieves an accuracy of 99.86%, 99.97%, 97.08%, and 95.19% in overall four detection types including IP and port of source and destination.

Abiodun Ayantayo,Amrit Kaur,Anit Kour,Xavier Schmoor,Fayyaz Shah,Ian Vickers,Paul Kearney,Mohammed M. Abdelsamea

DOI: https://doi.org/10.1186/s40537-023-00834-0

2023-11-09

Journal Of Big Data

Abstract:Network intrusion detection systems (NIDSs) are one of the main tools used to defend against cyber-attacks. Deep learning has shown remarkable success in network intrusion detection. However, the effect of feature fusion has yet to be explored in how to boost the performance of the deep learning model and improve its generalisation capability in NIDS. In this paper, we propose novel deep learning architectures with different feature fusion mechanisms aimed at improving the performance of the multi-classification components of NIDS. We propose three different deep learning models, which we call early-fusion, late-fusion, and late-ensemble learning models using feature fusion with fully connected deep networks. Our feature fusion mechanisms were designed to encourage deep learning models to learn relationships between different input features more efficiently and mitigate any potential bias that may occur with a particular feature type. To assess the efficacy of our deep learning solutions and make comparisons with state-of-the-art models, we employ the widely accessible UNSW-NB15 and NSL-KDD datasets specifically designed to enhance the development and evaluation of improved NIDSs. Through quantitative analysis, we demonstrate the resilience of our proposed models in effectively addressing the challenges posed by multi-classification tasks, especially in the presence of class imbalance issues. Moreover, our late-fusion and late-ensemble models showed the best generalisation behaviour (against overfitting) with similar performance on the training and validation sets.

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

Y. T. Chan,Chou Chia-Jung,R. Thiyagu

Abstract:The concept of Situation Awareness (SA) is initially from the aviation security territory. SA deal with complexity, dynamics, high-risk, and situation that requires intervention. The introduction of SA in Network Security Situation Awareness (NSSA) is to response to ‘Alert Conflict’, but still the problem remains on solved. Therefore, we proposed Heterogeneous Network Sensors Management Service (HNSMS), a method of analysing the Alert Conflict in a Heterogeneous Network Sensor Environment (HNSE) using different Alert Fusion technique to understand the security status of the whole network system. Thus, we use Fuzzy Cognitive Maps (FCM) and policy to fuse multiple inputs.

Engineering,Computer Science

Song Hao,Wentao Fu,Xuanze Chen,Chengxiang Jin,Jiajun Zhou,Shanqing Yu,Qi Xuan

2024-09-12

Abstract:Traditional anomalous traffic detection methods are based on single-view analysis, which has obvious limitations in dealing with complex attacks and encrypted communications. In this regard, we propose a Multi-view Feature Fusion (MuFF) method for network anomaly traffic detection. MuFF models the temporal and interactive relationships of packets in network traffic based on the temporal and interactive viewpoints respectively. It learns temporal and interactive features. These features are then fused from different perspectives for anomaly traffic detection. Extensive experiments on six real traffic datasets show that MuFF has excellent performance in network anomalous traffic detection, which makes up for the shortcomings of detection under a single perspective.

Machine Learning

Yu Guangxu

DOI: https://doi.org/10.3233/jifs-189520

2021-04-12

Abstract:The 21st century is an era of rapid development of the Internet. Internet technology is widely used in various fields. With the rapid development of network, the importance of network information security is also highlighted. The traditional network information security technology has been difficult to ensure the security of network information. Therefore, we mainly study the application of machine learning feature extraction method in situational awareness system. A feature selection method based on machine learning is proposed to extract situational features.By analyzing whether the background of network information is safe or not, and according to the current research situation at home and abroad and the trend of Internet development, this paper tries out the practical application of machine learning feature extraction method in a certain perception system. Based on the above points, a selection method based on machine learning is proposed to extract situational features. The accuracy and timeliness of situational awareness system detection are seriously affected by the high dimension, noise and redundant features of massive network traffic data.Therefore, it is of great value to further study network intrusion detection technology on the basis of machine learning.

Qingyan Meng,Maofan Zhao,Linlin Zhang,Wenxu Shi,Chen Su,Lorenzo Bruzzone

DOI: https://doi.org/10.1109/lgrs.2022.3173473

IF: 5.343

2022-05-28

IEEE Geoscience and Remote Sensing Letters

Abstract:Remote sensing (RS) scene classification has attracted extensive attention due to its large number of applications. Recently, convolutional neural network (CNN) methods have shown impressive ability of feature learning in the RS scene classification. However, the performance is still limited by large-scale variance and complex background. To address these problems, we present a multilayer feature fusion network with spatial attention and gated mechanism (MLF2Net_SAGM) for RS scene classification. First, the backbone is employed to extract multilayer convolutional features. Then, a residual spatial attention module (RSAM) is proposed to enhance discriminative regions of the multilayer feature maps, and the key areas can be harvested. Finally, the multilayer spatial calibration features are fused to form the final feature map, and a gated fusion module (GFM) is designed to eliminate feature redundancy and mutual exclusion (FRME). To verify the effectiveness of the proposed method, we conduct comparative experiments based on three widely used RS image scene classification benchmarks. The results show that the direct fusion of multilayer features via element-wise addition leads to FRME, whereas our method fuses multilayer features more effectively and improves the performance of scene classification.

imaging science & photographic technology,remote sensing,engineering, electrical & electronic,geochemistry & geophysics