Yuanquan Shi,Tao Li,Wen Chen,Ruirui Zhang

DOI: https://doi.org/10.1109/cccm.2009.5267847

2009-01-01

Abstract:To effectively evaluate and predict network security situation, a quantitative model for network security situation awareness based on artificial immune system and grey theory is proposed. In this model, the formal definitions of self, non-self, antigen and detector is given. According to the relationship between the antibody-concentration of memory detector and the attack intensity of network, network security situation evaluation sub-model based on artificial immune system is given. And to forecast the attack intensity that the current network faces in the next step, network situation predication sub-model based on grey theory is given. Experimental results exhibit that the proposed model provides a novel approach for network security situation awareness, and holds better characters of self-adaptability and real-time processing.

LIU Nian,LIU Yong,LI Tao,LIU Sun-jun

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.01.030

2009-01-01

Abstract:In order to change the current passive network security defense situation depending on traditional network security tools,such as firewall,network vulnerability scanning and intrusion detection etc,the artificial immune technology is applied to network security situation awareness.This technology adopts intrusion detection model based on immune to realize the detection of known and unknown intrusion behaviors,and establishes real-time and quantitative network risk evaluation model based on the corresponding relationship between the antibody concentration variation of biological immune system and the intrusion rate of pathogen.During the trend forecast of network security situation,ARMA model based on time series is adopted to make real-time and quantitative analysis and forecast on network security situation and its future trend,in this way,it can reduce the risk of network attack effectively and improve the emergency logistic support ability of network information system.The experiment result shows that this system can adjust network security strategy timely and efficiently,provide overall security guarantee for the system and is a good solution to active network security defense.

Ruirui Zhang,Xin Xiao

DOI: https://doi.org/10.4028/www.scientific.net/amm.121-126.4926

2011-01-01

Applied Mechanics and Materials

Abstract:As a new research area of network security, network security situation evaluation is significant for achieving large-scale network security monitoring. In this paper, the artificial immune technology is applied to the study of situation evaluation for network security. Mathematical expressions of immune elements such as antibodies, antigens are established, and basic immune mechanism such as self-tolerance, clone selection, immune memory are achieved. According to the relationships between concentration changes of antibodies and attack intensity of pathogens in biological immune system, a situation evaluation model for network security is proposed. In addition, this paper adopts the uncertainty reasoning method in the cloud theory to make multi-granularity analysis for network security situation. By modeling the security situation indicator, and using cloud rules generator and reverse cloud generator, we can get qualitative results of hosts and network's security situation. Theoretical analysis and experimental results show that the model is effective to evaluate situation for network security with advantages of real-time, adaptability and high accuracy.

Yixiang Luo,Minghua Zhao,Qunyan Zhang,Ajin Zou

DOI: https://doi.org/10.4028/www.scientific.net/amr.267.635

2011-01-01

Advanced Materials Research

Abstract:Network security situation awareness is the pivotal technology of building the next generation active defensible network, which has been got widespread concerns by experts and scholars. Inspired-by artificial immune, an immune-inspired network security situation awareness model, referred as Ineim, was given. The real-time network security situation awareness equations were built up, which can exactly compute security situation awareness of the host and network. Both the theory analysis and experimental results prove that Ineim provides a positive and active network security method.

Yuanquan Shi,Tao Li,Renfa Li,Xiaoning Peng,Pengju Tang

DOI: https://doi.org/10.4236/jcc.2017.57016

2017-01-01

Journal of Computer and Communications

Abstract:To effectively perceive network security situation under IOT environment, an Immunity-based IOT Environment Security Situation Awareness (IIESSA) model is proposed. In IIESSA, some formal definitions for self, non-self, antigen and detector are given. According to the relationship between the antibody-concentration of memory detectors and the intensity of network attack activities, the security situation evaluation method under IOT environment based on artificial immune system is presented. And then according to the situation time series obtained by the mentioned evaluation method, the security situation prediction method based on grey prediction theory is presented for forecasting the intensity and security situation of network attack activities that the IOT environment will be suffered in next step. The experimental results show that IIESSA provides a novel and effective model for perceiving security situation of IOT environment.

Zhang Ruirui,Li Tao,Xiao Xin,Shi Yuanquan

DOI: https://doi.org/10.1007/978-3-642-24091-1_28

2010-01-01

Abstract:A new method of intrusion detection based on the danger theory and the cloud model is presented in this paper. The main idea of danger signal generation mechanism of this method is stated as follows. Antigen apoptosis and necrosis will affect antibody concentrations. This paper has defined the concentration variability functions concerned and divided the risk levels. Changes of antibody concentrations in the immune system are determined by the cloud model, and then danger signals will be sent according to the changes. This method has successfully solved the problems of high false positive rate and high false negative rate. The theoretical analysis and experimental results show that the method is effective to intrusion detection with advantages of diversity, real-time and adaptability.

Lu YU,Zhen-qiang WU

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2009.01.029

2009-01-01

Abstract:Through the research on the achievements of human immune system,a model of adaptive network security based on immune theory has been given.The model introduces the evaluation of system vulnerability level,and it can dynamically adapt its security policy according to the current security situation and performance of the system in order to achieve the network adaptive security.After the explanation of the functions of security risk assessment component,security level adjustment component and security operation execution component,the redesign of security risk assessment component is emphasized.This model is characterized by distributing,self-studying and adaptability.

Jin Yang,Cilin Wang,Le Yu,Caiming Liu,Lingxi Peng

DOI: https://doi.org/10.1007/978-3-642-34041-3_68

2012-01-01

Abstract:Cloud computing is an important innovation in the current computing model. The critical problem of cloud computing faced at present is the security issue. In the current network environment, that relying on a single terminal to check the Trojan virus is considered increasingly unreliable. Based on the correspondence between the artificial immune system antibody and pathogen invasion intensity, this paper is to establish a real-time network risk evaluation model in cloud computing. This paper builds a hierarchical, quantitative measurement indicator system, and a unified evaluation information base and knowledge base. The paper also combines assets evaluation system and network integration evaluation system, considering from the application layer, the host layer, network layer may be factors that affect the network risks. The experimental results show that the new model improves the ability of intrusion detection and prevention than that of the traditional intrusion prevention systems.

ZHANG Dan,ZHENG Ruijuan,WU Qingtao,DAI Yumei

DOI: https://doi.org/10.3724/sp.j.1087.2013.00404

2013-01-01

Journal of Computer Applications

Abstract:Concerning the complexity of network security management and the absence of self-adaptation on situation awareness process,a Network Security Situation Awareness Model(NSSAM) based on autonomic computing was proposed.The situation extraction was analyzed in real-time by an autonomic feedback law.From the perspectives of attack and defense,a multi-level and multi-angle network security situation assessment model employing Analytic Hierarchy Process(AHP) was established according to the extracted situation information.The model of future network security situation prediction adopting improved genetic neural network was built on the basis of the past and current network security situation.Test results show that NSSAM with autonomic feedback mechanism can effectively enhance self-adaptation of the system.

CHAI Zheng-yi,LIU Fang

DOI: https://doi.org/10.3969/j.issn.1007-5321.2010.03.008

2010-01-01

Abstract:In order to effectively assess the risk of network risk,and to take effective prevention measures,featuring with real-time and quantitative detection,a danger-theory and Antibody-concentration based perception model for network risk is proposed.Based on dynamic self-sets,the mathematical model and dynamic equations for self-tolerance and various antibody are designed.The quantify description of antibody concentration is given.The candidate detector is generated from both random and detector genelib.Furthermore,the vaccination are introduced to enhance the active detection.Simulations are done to test the model.The experiments prove that the model can detect the intrusion attacks effectively and evaluate the risk of both host and network including each attack and the whole attacks.If the model is transformed properly,it also can be applied to the fields of virus detection and spam mail recognition.

Shi Yuan-quan,Li Tao,Chen Wen,Zhang Rui-rui

DOI: https://doi.org/10.4028/www.scientific.net/amm.20-23.849

2010-01-01

Applied Mechanics and Materials

Abstract:To effectively prevent large-scale network security attacks, a novel Predication Approach for Network Security Situation inspired by Immunity (PANSSI) is proposed. In this predication approach, the concepts and formal definitions of antigen and antibody in the network security situation predication domain are given; meanwhile, the mathematical models of some antibody evolution operators being related to PANSSI are exhibited. By analyzing time series and computing the affinity between antigen and antibody in artificial immune system, network security situation predication model is established, and then the future situation of network security attacks is predicted by it. Experimental results prove that PANSSI can forecast the future network security situation real-timely and correctly, and provides a novel approach for network security situation predication.

SunJun Liu,Tao Li,DianGang Wang,Kui Zhao,Xun Gong,XiaoQing Hu,Chun Xu,Gang Liang

DOI: https://doi.org/10.1007/11903697_14

2006-01-01

Abstract:Inspired by the immune theory and multi-agent systems, an immune multi-agent active defense model for network intrusion is established. The concept of immune agent is introduced. While its logical structure and running mechanism are established. The method which uses antibody concentration to quantitatively describe the degree of intrusion danger is presented. The proposed model implements a multi-layer and distributed active defense mechanism for network intrusion, and it is a new way to the network security.

Guosheng Zhao,Huiqiang Wang,Jian Wang,Linshan Shen

DOI: https://doi.org/10.1007/978-3-540-72588-6_172

2007-01-01

Abstract:Building and maintaining the information superiority is the basis of the principle of active defense, integrated guarding in the cyberspace. In this paper, a novel method based on grey verhulst model was introduced to forecast the network system's security situation. Starting with unequal interval original risk data series, the proposed method choosed grey verhulst model or its inverse function to forecast the future risk value of network system, ant then it could modify the forecasting precision based on multilevel residual error. Simulation results reveal that the presented model not only gains the intuitionistic curve graph of network security situation, but also can achieve satisfactory precision. At the same time, it is simple in use and deserves further study to fully explore its potential for evaluation issues.

Yuanquan Shi,Tao Li,Wen Chen,Ruirui Zhang

DOI: https://doi.org/10.1109/peits.2009.5406845

2009-01-01

Abstract:Due to the randomicity of network suffered from security attacks and the uncertainty of network security situation, it is difficult to precisely predict network security situation in single predication model. Therefore, an immune-based combination predication model for network security situation (ICPM) is proposed by using GM(1,1) and artificial immune predication model (AIPM). In ICPM, the trend component of a time series of network security situation are predicted by GM(1,1) model, and the random component of that are predicated by AIPM model, and then the slide window mechanism is introduced to be used for dynamically predicting network security situation. Experimental results show that ICPM model can forecast the future network security situation real-timely and correctly, and simultaneity its results are more precise than that of GM(1,1) model and AIPM model.

Jinxiong Zhao,Sensen Guo,Dejun Mu

DOI: https://doi.org/10.1109/icaml51583.2020.00011

2020-01-01

Abstract:A key factor that affects the reliability of the power system is the robustness that supports the power data transmission network and an important indicator for evaluating the robustness of the power cyber is whether it has active defense capabilities. This paper introduces an artificial immune system into the power cyber security protection, and uses the theory of danger to construct a power network with artificial immunity. An artificial immune power cyber security model based on the theory of danger is proposed, the mapping relationship between the artificial immune model and the cyber behavior in the power system is analyzed, and a new power cyber model with self-adaptation, self-organization and high parallelism is established.

Bo Yang,Meifang Yang

DOI: https://doi.org/10.1007/s00521-020-05049-5

2020-06-15

Neural Computing and Applications

Abstract:Traditional network security detection models are trained offline using attack samples of known types. Although such models have high detection rates for known attack types, they cannot identify new attack types in the network layer. At present, these detection systems have the disadvantages of slow system construction and a high cost of model updating. Facing the increasing expansion of networks and endless attacks, these detection systems lack self-adaptability and expansibility, so it is difficult to detect complex and changeable attack events in networks. In this paper, the integrated use of immunology theory, complex adaptive system theory, and computational experiment technology is proposed to develop an Internet network layer security detection model based on an artificial immune system as an improvement over existing models of Internet network layer security. On the basis of testing knowledge, when a new type of attack is encountered, the online detection and learning process enables the dynamic extension of the network security detection model. Experimental calculations and an example analysis are presented to verify the scientific validity and feasibility of the model.

computer science, artificial intelligence

Xiaojie Liu

DOI: https://doi.org/10.1109/CEC.2008.4630978

2008-01-01

Abstract:An immune method for real-time computer network security risk evaluation is proposed. The concepts of self, nonself, antigen and immunocyte of computer immune system are defined. The dynamic model of self, marrow model, clone selection, learning scheme, life span of immunocyte are built. A computational model of risk evaluation based on the antibody concentration or memory immunocytes for network security is thus presented. The experiment shows that this method has the features of quantitative calculation and realtime processing ability.

Xiaowu Liu,Jiguo Yu,Weifeng Lv,Dongxiao Yu,Yinglong Wang,Yu Wu

DOI: https://doi.org/10.1016/j.jnca.2019.04.022

IF: 7.574

2019-01-01

Journal of Network and Computer Applications

Abstract:Network Security Situation Awareness (NSSA) is a security theory which can perceive the network threat from a global perspective. In this paper, we present a Cognitive Awareness-Control Model (CACM) for NSSA. CACM adopts the cross-layer architecture and cognitive circle which can break through the interactive barrier between different network layers. Firstly, we propose a decision-level fusion method in which different weights are assigned for different data sources so that the fusion accuracy can be improved. Secondly, a hierarchical quantification approach is discussed which can avoid inferring the complex memberships among network components. Finally, a cognitive regulation mechanism is analysed in order to solve the issue of automatic control. The simulation experiments show that our model can perceive and regulate the threat situation effectively. To the best of our knowledge, this is the first discussion which utilizes cognitive awareness-control to solve the regulation problem of NSSA.

RF Li,C Wang,XY Tu

DOI: https://doi.org/10.1109/icnsc.2005.1461170

2005-01-01

Abstract:Natural immune system has many features for inspirations to computer security. From this paradigm, a new multi-agent model for network-based intrusion detection system is presented. We briefly summarize the main mechanisms of immunology from information processing perspective and concisely review the related works. Moreover, some mechanisms, including cloning with hyper-mutation, affinity maturation, and stigmergy are incorporated to this new model for network intrusion detection. Its conceptual view and working mechanism are described, and its characteristics, autonomous, robust, adaptable, and lightweight, are discussed.

Maoli Wang,Guangxue Song,Yang Yu,Bowen Zhang

DOI: https://doi.org/10.3390/electronics12102309

IF: 2.9

2023-05-20

Electronics

Abstract:Network security situational awareness is based on the extraction and analysis of big data, and by understanding these data to evaluate the current network security status and predict future development trends, provide feedback to decision-makers to make corresponding countermeasures, and achieve security protection for the network environment. This article focuses on artificial intelligence, summarizes the related definitions and classic models of network security situational awareness, and provides an overview of artificial intelligence. Starting from the method of machine learning, it specifically introduces the research status of neural-network-based network security situational awareness and summarizes the research work in recent years. Finally, the future development trends of network security situational awareness are summarized, and its prospects.

engineering, electrical & electronic,computer science, information systems,physics, applied