Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

Guozheng Yang,Yongheng Zhang,Yuliang Lu,Yi Xie,Jiayi Yu

DOI: https://doi.org/10.3390/e26040315

IF: 2.738

2024-04-05

Entropy

Abstract:Network security situational awareness (NSSA) aims to capture, understand, and display security elements in large-scale network environments in order to predict security trends in the relevant network environment. With the internet's increasingly large scale, increasingly complex structure, and gradual diversification of components, the traditional single-layer network topology model can no longer meet the needs of network security analysis. Therefore, we conduct research based on a multi-layer network model for network security situational awareness, which is characterized by the three-layer network structure of a physical device network, a business application network, and a user role network. Its network characteristics require new assessment methods, so we propose a multi-layer network link importance assessment metric: the multi-layer-dependent link entropy (MDLE). On the one hand, the MDLE comprehensively evaluates the connectivity importance of links by fitting the link-local betweenness centrality and mapping entropy. On the other hand, it relies on the link-dependent mechanism to better aggregate the link importance contributions in each network layer. The experimental results show that the MDLE has better ordering monotonicity during critical link discovery and a higher destruction efficacy in destruction simulations compared to classical link importance metrics, thus better adapting to the critical link discovery requirements of a multi-layer network topology.

physics, multidisciplinary

Qilei Wang

DOI: https://doi.org/10.1038/s41598-022-08079-2

IF: 4.6

2022-03-08

Scientific Reports

Abstract:Abstract In order to effectively assess all types of security risks in the important event, the important decision-making basis for security risk warning and emergency management of important event is provided by analyzing the coupling relationship and evolution mechanism between various risks. The criminal causes, management defects, security and emergency system construction are analyzed from the possibility of accidents and risks. The multi-source data risk assessment system based on five subsystems and its index set of human factors, management factors, site factors, event factors and audit factors are proposed. The weight of each index in the assessment system is determined by the method of information entropy, and then the risk grade of important event is determined according to the weight calculation function and the improved fuzzy matter element model. The verification with an example shows that: the risk assessment model is optimized by combining entropy weight with fuzzy matter-element model, the influence of weight data extreme value was weakened, the qualitative description and quantitative analysis of multi-source data could be combined, and the subjective error was reduced. The risk grade of important event is reasonably evaluated, and the assessment effect is basically consistent with the expert inspection analysis, which shows that the method had certain application value.

multidisciplinary sciences

Jie Ma,Zhi-tang Li,Hong-wu Zhang

DOI: https://doi.org/10.1109/AICI.2009.487

2009-01-01

Abstract:Current practice for real-time security risk assessment typically takes intrusion detection systems alerts as the only source of risk factor. Their assessment results are more likely to suffer from the impact of false positive alerts in the increasingly complex and severe network security environment. This paper proposes a novel online fusion model for dynamical network risk assessment by using multiple risk factors. The model is composed by three fusion levels. First, an online alert fusion algorithm is proposed and the redundancy of the raw alerts is dramatically reduced. Then, the model employs Dempster-Shafer theory to handle uncertainties and ignorance existed in the multiple risk factors. Threats in different kinds of severity levels are identified. Finally, the whole network risk distribution is dynamically calculated and reported by using HMM approach. Experiments show the effectiveness and validity of our method.

Lina Zhu,Guoen Xia,Zuochang Zhang,Jianhua Li,Renjie Zhou

DOI: https://doi.org/10.14257/ijsia.2016.10.11.14

2016-01-01

International Journal of Security and Its Applications

Abstract:Network security situation awareness is vital important for network security supervision. In order to obtain the network security situation effectively, a multidimensional assessment method is proposed in this paper. The method is composed of three dimensions at different levels, namely vulnerability, threat and basic operation, with quantitative calculation method for each index. In the service layer, CVSS standard is adopted to assess the vulnerability situation, and simplified DREAD model is chosen for the threat situation. In the node layer, the vulnerability situation in the service layer is added with a weight, the threat situation in the service layer is accumulated according to attack paths based on Markov model, and the basic operation situation is evaluated by DS evidence fusion of several host and network performance index. In the network layer, each situation equals to weighted summation of corresponding situation in the node layer. Experimental results show the ease of use of this method, and multi-dimensional situation depicts the overall safety evolution process of network system accurately and intuitively.

Xiu-Zhen Chen,Qing-Hua Zheng,Xiao-Hong Guan,Chen-Guang Lin,Jie Sun

DOI: https://doi.org/10.1016/j.cose.2004.08.009

IF: 5.105

2005-01-01

Computers & Security

Abstract:How to evaluate network security threat quantitatively is one of key issues in the field of network security, which is vital for administrators to make decision on the security of computer networks. A novel model of security threat evaluation with a series of quantitative indices is proposed on the analysis of prevalent network intrusions. This model is based on multiple behavior information fusion and two indices of privilege validity and service availability that are proposed to evaluate the impact of prevalent network intrusions on system security, so as to provide security evolution over time, i.e., monitor security changes with respect to modification of security factors. The Markov model and the algorithm of D-S evidence reasoning are proposed to measure these two indices, respectively. Compared with other methods, this method mitigates the impact of unsuccessful intrusions on threat evaluation. It evaluates the impact of important intrusions on system security comprehensively and helps administrators to insight into intrusion steps, determine security state and identify dangerous intrusion traces. Testing in a real network environment shows that this method is reasonable and feasible in alleviating the tremendous task of data analysis and facilitating the understanding of the security evolution of the system for its administrators.

Cheng Yexia,Jiang Wen,Xue Zhi,Cheng Yejian

2012-01-01

Journal of Computer Research and Development

Abstract:In order to improve network security and take evaluation to give security solution, a novel method of network security evaluation based on attack graph model is proposed. Using attack graph model and combining with characteristics of Markov Chain and Bayesian Network, we propose four security evaluation metrics and the method to compute them, including attack probability parameter, attack realization parameter, vulnerability level parameter and criticality parameter of vulnerability. Based on this, we research on a model of multi-objective security evaluation method, which can help security administrators control the global network more effectively with security enhancement suggestions. Simulation results show that the method is well in expansibility and practicality.

LIU Jie-ling,LING Xiao-bo,ZHANG Lei,WANG Bo,WANG Zhi-liang,LI Zi-mu,ZHANG Hui,YANG Jia-hai,WU Cheng-nan

DOI: https://doi.org/10.11896/jsjkx.210600171

2022-01-01

Computer Science

Abstract:Power system network is one of the important targets of cyber attack.In order to ensure the safe operation of power system,network managers need to evaluate the network security risk.Usually,existing network security risk assessment framework only aims at a single scenario,and can not find the strategic attackers who use a variety of low-risk methods to achieve high-risk threat targets from large quantities of network security alerts.In order to meet the above challenges,this paper proposes a network security risk assessment method based on tactical correlation.In this method,the warning information generated on va-rious network security detection devices when an attacker implements a multi-step attack is associated to form an attack chain,and the security risk of the organization intranet is evaluated by calculating the threat,vulnerability,impact score of each node in the attack chain and the risk score of the whole attack chain.In order to verify the effectiveness and robustness of the proposed method,this paper selects a representative example to illustrate the specific implementation process of the proposed method for network security risk assessment in the organizational intranet.The example shows that the network security risk assessment framework based on the tactical association can correctly assess the harm of multi-step attack caused by low-risk alarm association to achieve high-risk targets,and is more robust than the traditional single scenario analysis method,which can better provide decision-making basis for organization decision-makers in network security risk management.

Tao Zhang,MingZeng Hu,Xiaochun Yun,Dong Li

2005-01-01

Journal of Computational Information Systems

Abstract:Due to the rapid development of computer network system, the traditional methods like vulnerability scanning to analyze network security are confronting large challenges, because it cannot consider the security information synthetically. To get the security situation of network, a system of network security analysis using information fusion is designed and implemented in this present study. The study implements the network data collection based on TCP/IP protocol utilizing multi-sensors which covers large scale domains. The data are fused in data layer, so the computer information and network information are collected. These include the operating system type, the network service and the simple network topology. By associating the information with vulnerability and attack method, the model for network security analysis is built. This study has generated a network attack graph to represent the security states of the computer network.

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

Dehua Kong,Huyuan li,Hongyan dong

DOI: https://doi.org/10.1088/1742-6596/1883/1/012108

2021-04-01

Journal of Physics: Conference Series

Abstract:Abstract With the development of Internet technology and the continuous improvement of social informatization, the network has gradually become an indispensable part of people’s production and life. The importance of network security has received more and more attention. A variety of security products have been applied to the network to strengthen and maintain the safe operation of the network. However, these security means can only play a specific role in a certain range, and lack of effective data fusion and collaborative management mechanism. In the face of many scattered information, network security managers cannot respond to security incidents in time. For the purpose of grasping the current situation and changes of network security, network security situation awareness technology came into being, it has become a new hotspot in network security research. This paper proposes a fuzzy comprehensive evaluation model which combines AHP and fuzzy evaluation method to evaluate network security situation.

Xiaochun Xiao,Huan Wang,Gendu Zhang

DOI: https://doi.org/10.1109/fcst.2008.26

2008-01-01

Abstract:The risk assessment for network information system has experienced a stage from rule-based questionnaire investigation to model-based assessment. Many graph-based models have been proposed and applied to risk assessment. Attack Graph is widely used one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities modeling and risk assessment by policy rules violations based on the access graph. As a complement to the attack graph approach, the access graph grows polynomially with the number of hosts and so has the benefit of scaling better to more practical, realistic size networks. This paper presents a novel risk assessment model for network information system based access graph. Compared with related works, our approach improves the performance and reduces the computational cost.

Yanli Liu,Meng Cui

DOI: https://doi.org/10.1007/978-3-030-51431-0_39

2020-07-24

Abstract:Since the new century, with the gradual popularization of computer networks around the world, network security defense methods have become more sophisticated and comprehensive, but they are still unable to defend against increasingly sophisticated and increasingly globalized virus attacks. In the process of network use and promotion, the influence of viruses on the network and hackers’ attacks have become an important factor threatening network security. Especially when people use the Internet to pay funds, remittances and other online financial activities, network security has become a constant topic. Establishing an efficient network security incident response system is of great significance for the network to better play its role. Based on the research of network security monitoring, network attack defense, network data backup and recovery theory and technology, this paper studies the strategy model of network security incident response, and uses relevant theories and methods of software engineering, combined with programming languages, to achieve Related application modules of this model. This article implements a low-cost, high-performance multi-data backup and recovery system that works in conjunction with other security devices and systems in the network. The overall structure and workflow are analyzed and designed to achieve multi-point backup and Fast recovery, efficient synchronization strategy for remote data, etc. The experimental research found that the network security incident response system can effectively reduce the security risk of the internal network, with a security proportion of more than 92%.

Yunpeng Li,Xi Li

DOI: https://doi.org/10.1155/2021/9921731

2021-05-07

Scientific Programming

Abstract:With the rapid development of the Internet, network attacks often occur, and network security is widely concerned. Searching for practical security risk assessment methods is a research hotspot in the field of network security. Network attack graph model is an active detection technology for the attack path. From the perspective of the attacker, it simulated the whole network attack scenario and then presented the dependency among the vulnerabilities in the target network in the way of directed graph. It is an effective tool for analyzing network vulnerability. This paper describes in detail the common methods and tools of network security assessment and analyzes the construction of theoretical model of attack graph, the optimization technology of attack graph, and the research status of qualitative and quantitative analysis technology of attack graph in network security assessment. The attack graph generated in the face of large-scale network is too complex to find the key vulnerability nodes accurately and quickly. Optimizing the attack graph and solving the key attack set can help the security manager better understand the security state of the nodes in the network system, so as to strengthen the security defense ability and guarantee the security of the network system. For all kinds of loop phenomena of directed attribute attack graph, the general method of eliminating loop is given to get an acyclic attack graph. On the basis of acyclic attack graph, an optimization algorithm based on path complexity is proposed, which takes atomic attack distance and atomic weight into consideration, and on the basis of simplified attack graph, minimum-cost security reinforcement is carried out for the network environment. Based on the ant colony algorithm, the adaptive updating principle of changing pheromone and the local searching strategy of the adaptive genetic algorithm are proposed to improve the ant colony algorithm. The experimental results show that compared with the ant colony algorithm, the improved ant colony algorithm can speed up the process of solving the optimal solution. When the number of attack paths is large, the advantages of the improved ant colony algorithm in solving accuracy and late search speed are more obvious, and it is more suitable for large-scale networks.

computer science, software engineering

Fan Lei,Qiang Cai,Guiwu Wei,Cun Wei

DOI: https://doi.org/10.3233/kes-230120

2024-01-10

International Journal of Knowledge-based and Intelligent Engineering Systems

Abstract:The increasingly large and complex network brings convenience to our life and production, but it also brings potential dangers. Any minor vulnerability may lead to failure of application software configuration, software maintenance, user management and system management. Eventually, our network is interrupted, and even life and production data are leaked. Therefore, establishing a scientific and effective network security evaluation model is an effective way to supervise, manage and improve network security; It is also an effective measure to reduce the loss of life and production. Therefore, we first selected six factors closely related to network security to form a complete network security evaluation index system. Then, the utility function in the traditional measurement of alternatives and ranking according to compromise solution (MARCOS) method is improved by using the value function in cumulative prospect theory (CPT), and a PDHL-MARCOS evaluation model that can reflect the decision-makers' (DMs') attitudes towards gains and losses is obtained in the probabilistic double hierarchy linguistic term set (PDHLTS). In addition, the relative entropy (RE) method is also used to obtain expert weights. The combination weights of attributes are obtained using the correlation coefficient and the standard deviation (CCSD) method and the weight function in CPT.

Jian Jiao,Wenhao Li,Dongchao Guo

DOI: https://doi.org/10.3390/electronics13173350

IF: 2.9

2024-08-25

Electronics

Abstract:Network risk assessment should include the impact of the relationship between vulnerabilities, in order to conduct a more in-depth and comprehensive assessment of vulnerabilities and network-related risks. However, the impact of extracting the relationship between vulnerabilities mainly relies on manual processes, which are subjective and inefficient. To address these issues, this paper proposes a dual-layer knowledge representation model that combines various attributes and structural information of entities. This article first constructs a vulnerability knowledge graph and proposes a two-layer knowledge representation learning model based on it. Secondly, in order to more accurately assess the actual risk of vulnerabilities in specific networks, this paper proposes a vulnerability risk calculation model based on impact relationships, which realizes the risk assessment and ranking of vulnerabilities in specific network scenarios. Finally, based on the research on automatic prediction of the impact relationship between vulnerabilities, this paper proposes a new Bayesian attack graph network risk assessment model for inferring the possibility of device intrusion in the network. The experimental results show that the model proposed in this study outperforms traditional evaluation methods in relationship prediction tasks, demonstrating its efficiency and accuracy in complex network environments. This model achieves efficient resource utilization by simplifying training parameters and reducing the demand for computing resources. In addition, this method can quantitatively evaluate the success probability of attacking specific devices in the network topology, providing risk assessment and defense strategy support for network security managers.

engineering, electrical & electronic,computer science, information systems,physics, applied

Liang Liang,Peng Wang,Lin Tan

2013-01-01

Disaster Advances

Abstract:The comprehensive evaluation of information security risk is the key for executives in complex organizations to make macro decisions. Modern organizations have complicated structures and many levels. In addition, the influencing factors of organizing information security risk involve techniques, staffs and management. Under consideration of uncertainty on decision information, an improved fuzzy multi-criteria decision method is proposed. It combines fuzzy mathematics with partitioning method of space region, and provides a computing method for criteria weights by fusing criterion, thus to realize the comprehensive evaluation of organizing information security risk. Finally, an example of information security risk management for some large joint research project is taken to illustrate the guidance for actual work by the proposed method.

Chun Shan,Yinghui Gong,Ling Xiong,Shuyan Liao,Yuyang Wang

DOI: https://doi.org/10.1155/2022/3024731

IF: 1.968

2022-05-12

Security and Communication Networks

Abstract:To find out whether there is any vulnerability in software programs where conditional judgment is ignored, this article proposes a software vulnerability detection method based on complex network community. First, the method abstracts the software system into a directed weighted graph by using the software algebraic component model and then preprocesses the directed weighted graph to get a complex network graph. Then, by using the partition algorithm, the complex network graph is divided into the communities, and the key nodes in communities are found by nRank algorithm. Finally, the graph of the key nodes with high influence is matched with the complex network graph that has been preprocessed. In order to evaluate the effectiveness of the community partition algorithm and the nRank algorithm, comparative experiments are carried out on two datasets. The experimental results show that the community partition algorithm is better than the comparison algorithm in precision, recall, and comprehensive evaluation index, and the nRank algorithm is closer to the result of degree centrality measurement index than the PageRank algorithm and the LeaderRank algorithm. The spring-shiro-training project is used to verify the vulnerability detection method based on complex network community, and the results show that the method is effective.

computer science, information systems,telecommunications

Huan Wang,Zhanfang Chen,Xin Feng,Xiaoqiang Di,Dan Liu,Jianping Zhao,Xin Sui

DOI: https://doi.org/10.1007/s11277-017-5202-3

IF: 2.017

2018-01-03

Wireless Personal Communications

Abstract:In hierarchical network security situation assessment model, there are many problems, such as subjective index weight factor, large evaluation index system, large amount of calculation and low efficiency. A network security situation assessment model and quantification method based on AHP is proposed to solve this problem. The AHP analytic hierarchy process (AHP) is combined with the hierarchical model of situation assessment to simplify the situation assessment problem. The D–S evidence theory is used to fuse the fuzzy results of multi-source equipment to solve the problem of single information source and large deviation of accuracy. Through the construction of three evaluation indexes of risk situation, basic operation situation and damage situation, the problem of large evaluation index system and low evaluation efficiency is solved. AHP analytic hierarchy process is used to determine the weights of different index items, so as to avoid the subjectivity and randomness of weighting factors. The simulation results show that the model can reflect the security status of the network as a whole, and the situation assessment is accurate and can better serve the high-level decision-making.

telecommunications

Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li,Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li

DOI: https://doi.org/10.1186/s13638-019-1506-1

2019-08-13

EURASIP Journal on Wireless Communications and Networking

Abstract:Information technology has penetrated into all aspects of politics, economy, and culture of the whole society. The information revolution has changed the way of communication all over the world, promoted the giant development of human society, and also drawn unprecedented attention to network security issues. Studies, focusing on network security, have experienced four main stages: idealized design for ensuring security, auxiliary examination and passive defense, active analysis and strategy formulation, and overall perception and trend prediction. Under the background of the new strategic command for the digital control that all countries are scrambled for, the discussion of network security situational awareness presents new characteristics both in the academic study and industrialization. In this regard, a thorough investigation has been made in the present paper into the literature of network security situational awareness. Firstly, the research status both at home and abroad is introduced, and then, the logical analysis framework is put forward concerning the network security situational awareness from the perspective of the data value chain. The whole process is composed of five successive stages: factor acquisition, model representation, measurement establishment, solution analysis, and situation prediction. Subsequently, the role of each stage and the mainstream methods are elaborated, and the application results on the experimental objects and the horizontal comparison between the methods are explained. In an attempt to provide a panoramic recognition of network security situational awareness, and auxiliary ideas for the industrialization of network security, this paper aims to provide some references for the scientific research and engineering personnel in this field.

telecommunications,engineering, electrical & electronic