Donghang Liu,Lihua Dong,Shaoqing Lv,Ying Dong,Fannv He,Chensi Wu,Yuqing Zhang,Hua Ma

DOI: https://doi.org/10.1007/978-3-319-64701-2_33

2017-01-01

Abstract:As an active topic in the research field, network security situation assessment can reflect the security situation from a global perspective. However, existing assessment approaches rely on detection threshold to make decisions, leading to massive false positives and false negatives. This paper proposes a confidence-based network security situation assessment approach that preserves the probability information in attack detection. We use the ensemble learning algorithm and D-S evidence theory to obtain the attack confidence, and calculate the network security situation value through the situation elements fusion. Experiment results demonstrate that this approach is effective and accurate.

Lina Zhu,Guoen Xia,Zuochang Zhang,Jianhua Li,Renjie Zhou

DOI: https://doi.org/10.14257/ijsia.2016.10.11.14

2016-01-01

International Journal of Security and Its Applications

Abstract:Network security situation awareness is vital important for network security supervision. In order to obtain the network security situation effectively, a multidimensional assessment method is proposed in this paper. The method is composed of three dimensions at different levels, namely vulnerability, threat and basic operation, with quantitative calculation method for each index. In the service layer, CVSS standard is adopted to assess the vulnerability situation, and simplified DREAD model is chosen for the threat situation. In the node layer, the vulnerability situation in the service layer is added with a weight, the threat situation in the service layer is accumulated according to attack paths based on Markov model, and the basic operation situation is evaluated by DS evidence fusion of several host and network performance index. In the network layer, each situation equals to weighted summation of corresponding situation in the node layer. Experimental results show the ease of use of this method, and multi-dimensional situation depicts the overall safety evolution process of network system accurately and intuitively.

Yehong Yang

DOI: https://doi.org/10.2991/WARTIA-16.2016.25

2016-05-14

Abstract:With the popularity of computers, the Internet has entered the production and all aspects of social life, but the attendant problem of network security has become the focus of widespread concern. Network security situation awareness to effectively respond to network security issues provide a viable solution: for complex network environments and malicious attacks, a comprehensive analysis of attacks against various parts of the network system, from a macro point of view of network security situation be assess and predict the future of network security situation based on this information. For the predictive accuracy of prediction system for network security situation has improved significantly, and network security situation prediction method based on machine learning for the network security situation prediction have a high degree feasible, in the real network security situation awareness applications have certain research and practical value. Introduction of Network Security Situational Awareness Network security situation is the current status and trends of the entire information from a variety of factors operating conditions of various network devices, network behavior and user behavior constituted. Network security situational awareness can acquire, understand and display the network environment of security elements. Through a series of technical means in time and space, are fully aware of network security and access and associated elements as possible in a pluralistic, and the establishment of a network based on complex behaviors modeling and simulation situational analysis and pre-side system, and then integrate and analyze vast amounts of security associated with the network-related data. Network security situation awareness is a scientific and effective network security situation assessment and use of relevant technologies to make reasonable predictions about trends over time network security, network management personnel in advance to remind the network system for network equipment, network peer node hosts and data resources to make reasonable adjustments, upgrades and backup, network environment to address the risk of possible future harm to the network system, losses may result down to an acceptable range . Extract information network security situation is carried out on the basis of situational awareness that only a comprehensive collection of data and the use of sophisticated index system, to ensure the correctness of the results of the assessment. Therefore, in the design process model or system must pay attention to select a metric system. Network security situation is a source of diverse, different collection methods, different devices collect data formats, network security situation letter from mainly contains configuration, operating status, traffic, user behavior and other information.

Computer Science

Hongbin Gao,Shangxing Wang,Hongbin Zhang,Bin Liu,Dongmei Zhao,Zhen Liu

DOI: https://doi.org/10.1109/nana56854.2022.00102

2022-01-01

Abstract:This paper has a new network security evaluation method as an absorbing Markov chain-based assessment method. This method is different from other network security situation assessment methods based on graph theory. It effectively refinement issues such as poor objectivity of other methods, incomplete consideration of evaluation factors, and mismatching of evaluation results with the actual situation of the network. Firstly, this method collects the security elements in the network. Then, using graph theory combined with absorbing Markov chain, the threat values of vulnerable nodes are calculated and sorted. Finally, the maximum possible attack path is obtained by blending network asset information to determine the current network security status. The experimental results prove that the method fully considers the vulnerability and threat node ranking and the specific case of system network assets, which makes the evaluation result close to the actual network situation.

WANG Chun-lei,FANG Lan,WANG Dong-xia,DAI Yi-qi

DOI: https://doi.org/10.1109/iccet.2010.5486194

2012-01-01

Computer Science

Abstract:Network security situation awareness provides the unique high level security view based upon the security alert events. But the complexities and diversities of security alert data on modern networks make such analysis extremely difficult. In this paper, we analyze the existing problems of network security situation awareness system and propose a framework for network security situation awareness based on knowledge discovery. The framework consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the D-S evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The generation of network security situation is to extract the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery method and transform these patterns to the correlation rules of network security situation, and finally to automatically generate the network security situation graph. Application of the integrated Network Security Situation Awareness system (Net-SSA) shows that the proposed framework supports for the accurate modeling and effective generation of network security situation.

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

Mixia Liu,Dongmei Yu,Qiuyu Zhang,Honglei Zhu

DOI: https://doi.org/10.1109/IWASID.2007.373676

2007-01-01

Abstract:With the development of computer networks, the spread of malicious network activities poses great risks to the operational integrity of many organizations and imposes heavy economic burdens on life and health. Therefore, risk assessment is very important in network security management and analysis. Network security situation analysis not only can describe the current state but also project the next behavior of the network. Alerts coming from IDS, Firewall, and other security tools are currently growing at a rapid pace. Large organizations are having trouble keeping on top of the current state of their networks. In this paper, we described cyberspace situational awareness from formal and visual methods. Next, to make security administrator comprehend security situation and project the next behaviors of the whole network, we present using parallel axes view to give expression clearly of security events correlations. At last, we concluded that visualization is an important research of risk evaluation and situation analysis of network.

Kun Yin,Yu Yang,Jinwei Yang,Chengpeng Yao

DOI: https://doi.org/10.1088/1742-6596/2258/1/012039

2022-04-01

Journal of Physics: Conference Series

Abstract:Abstract Traditional networks rely heavily on the distribution of expert experience when assessing complex network security situations, resulting in low assessment accuracy, which has been unable to adapt to the current network security needs of the big data era, and has unavoidable problems such as low efficiency and poor flexibility. In response to these problems, this paper proposes a network security situation assessment method based on D-S evidence theory to optimize neural networks. First establish the CS-BP neural network model, enhance the local search ability of the cuckoo algorithm through conjugate gradient calculation, and then introduce it into the BP neural network to improve the training convergence speed and overcome the local minimum problem; finally, in order to reduce the basic probability distribution (BPA) subjective impact, using DS evidence theory to optimize the CS-BP neural network, determine the degree of impact of each attack, and evaluate the value of the network security situation. The experimental results show that the network situation assessment model of CS-BP neural network optimized based on D-S evidence theory can effectively assess the network security situation in the environment of trusted equipment.

Jinwei Yang,Yu Yang,Lu Zheng,Ruixia Cheng,Shengnan Lin

DOI: https://doi.org/10.1088/1742-6596/2310/1/012071

2022-10-11

Journal of Physics: Conference Series

Abstract:Network security situation awareness (NSSA) can analyze current network status and predict trends. Intrusion detection systems are used as sources of security factor in situational awareness, and their accuracy affects the assessment of network security. The attack graph can filter out key nodes and enumerate possible attack paths, which has become the main method of risk assessment. Therefore, a network security situation assessment technology based on intrusion detection was proposed. The detection rate of the intrusion detection system was improved firstly, and then the attack graph was combined with the hidden Markov model (HMM) for network security assessment. The experimental results show that this method can effectively speculate the attack intention and reflect the results intuitively and roundly.

Kunfu Wang,Wei Feng,Xing Li

DOI: https://doi.org/10.12783/dtcse/ccnt2020/35444

2021-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:In order to assist network administrators to assess network security risks, a new Bayesian model of network risk assessment method is proposed. Firstly, the model designs the quantitative method of attack revenue and attack cost index, introduces the atomic attack efficiency variable, and integrates the variable into the calculation of probability, obtains the prior risk probability of each node in the network, so as to carry out the static evaluation of network risk. Secondly, DNO_Alg of deleting node order is proposed to determine the order of eliminating elements, so that Bayesian model can be transformed into cluster tree. Finally, combined with the detected attacks, the cluster tree propagation algorithm is used to dynamically calculate the posterior risk probability of nodes, so as to evaluate the network risk in real time.

Yuhe Wang,Yu Yang,Rencai Gao,Shiming Li,Yan Zhao

DOI: https://doi.org/10.1109/access.2023.3336698

IF: 3.9

2023-12-08

IEEE Access

Abstract:To solve the problem of industrial control network (ICN) security situation prediction, this paper proposes a security situation prediction model for ICN based on evidential reasoning (ER) and belief rule base (BRB). First, this paper analyzes multiple factors influencing the security situation of the ICN, establishes a framework for security situation assessment, employs the ER algorithm for attribute fusion, and derives the security situation value of the ICN. Second, using historical data combined with expert knowledge, a security situation prediction model for ICN based on the BRB is constructed. Additionally, an extended projection covariance matrix adaptive evolution strategy (EP-CMA-ES) optimization algorithm is proposed, which is employed to optimize the parameters of the prediction model. The model not only comprehensively uses qualitative knowledge and quantitative data, but also integrates more uncertain information, and the reasoning process is interpretable. It also solves the subjectivity problem of expert knowledge, overcomes the problem of small amount of data caused by the difficulty of collecting industrial control safety data, and improves the accuracy of model prediction. Finally, prediction experiments were conducted on industrial datasets, confirming the feasibility and effectiveness of the security situation prediction model for ICN and the EP-CMA-ES optimization algorithm proposed in this paper.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li,Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li

DOI: https://doi.org/10.1186/s13638-019-1506-1

2019-08-13

EURASIP Journal on Wireless Communications and Networking

Abstract:Information technology has penetrated into all aspects of politics, economy, and culture of the whole society. The information revolution has changed the way of communication all over the world, promoted the giant development of human society, and also drawn unprecedented attention to network security issues. Studies, focusing on network security, have experienced four main stages: idealized design for ensuring security, auxiliary examination and passive defense, active analysis and strategy formulation, and overall perception and trend prediction. Under the background of the new strategic command for the digital control that all countries are scrambled for, the discussion of network security situational awareness presents new characteristics both in the academic study and industrialization. In this regard, a thorough investigation has been made in the present paper into the literature of network security situational awareness. Firstly, the research status both at home and abroad is introduced, and then, the logical analysis framework is put forward concerning the network security situational awareness from the perspective of the data value chain. The whole process is composed of five successive stages: factor acquisition, model representation, measurement establishment, solution analysis, and situation prediction. Subsequently, the role of each stage and the mainstream methods are elaborated, and the application results on the experimental objects and the horizontal comparison between the methods are explained. In an attempt to provide a panoramic recognition of network security situational awareness, and auxiliary ideas for the industrialization of network security, this paper aims to provide some references for the scientific research and engineering personnel in this field.

telecommunications,engineering, electrical & electronic

shaojun zhang,lan li,jianhua li,shanshan song,xiuzhen chen

DOI: https://doi.org/10.1109/CHINACOM.2009.5339841

2009-01-01

Abstract:Network attack graphs are originally used to evaluate what the worst security state will be if a network is under attack. Along with observed intrusion evidences, we can further use attack graphs to extrapolate the current security state of a concerned network. Methods have been proposed in recent years to use observed intrusion evidences to compute the node belief metric of network attack graphs. However, these methods suffer either from low model generality, high computational complexity or immoderate dependence on empirical formulas. To overcome these obstacles, we improve one of the Bayesian network inference algorithms - the likelihood weighting algorithm into a novel node belief metric computation method. Experiment results show our method can achieve high computational accuracy in linear computational complexity, a feature making it feasible to be used to process large scale network attack graphs in real-time.

Dan Liu

DOI: https://doi.org/10.4218/etrij.2019-0147

2020-03-04

ETRI Journal

Abstract:Network security situation prediction is difficult due to its strong uncertainty, but DS evidence theory performs well in solving the problem of uncertainty. Based on DS evidence theory, this study analyzed the prediction of the network security situation, designed a prediction model based on the improved DS evidence theory, and carried out a simulation experiment. The experimental results showed that the improved method could predict accurately in the case of a large conflict, and had strong anti‐jamming abilities as compared with the original method. The experimental results prove the effectiveness of the improved method in the prediction of the network security situation and provide some theoretical basis for the further application of DS evidence theory.

telecommunications,engineering, electrical & electronic

Guozheng Yang,Yongheng Zhang,Yuliang Lu,Yi Xie,Jiayi Yu

DOI: https://doi.org/10.3390/e26040315

IF: 2.738

2024-04-05

Entropy

Abstract:Network security situational awareness (NSSA) aims to capture, understand, and display security elements in large-scale network environments in order to predict security trends in the relevant network environment. With the internet's increasingly large scale, increasingly complex structure, and gradual diversification of components, the traditional single-layer network topology model can no longer meet the needs of network security analysis. Therefore, we conduct research based on a multi-layer network model for network security situational awareness, which is characterized by the three-layer network structure of a physical device network, a business application network, and a user role network. Its network characteristics require new assessment methods, so we propose a multi-layer network link importance assessment metric: the multi-layer-dependent link entropy (MDLE). On the one hand, the MDLE comprehensively evaluates the connectivity importance of links by fitting the link-local betweenness centrality and mapping entropy. On the other hand, it relies on the link-dependent mechanism to better aggregate the link importance contributions in each network layer. The experimental results show that the MDLE has better ordering monotonicity during critical link discovery and a higher destruction efficacy in destruction simulations compared to classical link importance metrics, thus better adapting to the critical link discovery requirements of a multi-layer network topology.

physics, multidisciplinary

Chen,Lin Ye,Xiangzhan Yu,Bailang Ding

DOI: https://doi.org/10.1007/978-3-030-24268-8_10

2019-01-01

Abstract:With the increasing importance of cyberspace security, the research and application of network situational awareness is getting more attention. The research on network security situational awareness is of great significance for improving the network monitoring ability, emergency response capability and predicting the development trend of network security. This paper describes the development and evolution of network situational awareness and analyzes the basic architecture of the current situational awareness system. Based on the situational awareness conceptual model, four main research contents of situational awareness are elaborated: network data collection, situational understanding, situational prediction and situational visualization. This paper focuses on the core issues, main algorithms, and the advantages and disadvantages of each method that need to be addressed at each research point. Finally, under the current development trend of big data processing technology and artificial intelligence technology, the application realization and development trend of network situational awareness are analyzed and forecasted.

熊杰,刘湘伟,李俊

DOI: https://doi.org/10.3969/j.issn.1009-086x.2009.05.018

2009-01-01

Abstract:The advantages of expert system based on Bayesian network are presented. The inference model based on Bayesian network and the algorithm of information propagation based on the model are studied. The flow of decision making based on situation assessment is analyzed and the application of the situation assessment algorithm of counter air is demonstrated. The simulation result shows that the algorithm can reflect the real process of situation assessment and is effective for decision support system.

Dehua Kong,Huyuan li,Hongyan dong

DOI: https://doi.org/10.1088/1742-6596/1883/1/012108

2021-04-01

Journal of Physics: Conference Series

Abstract:Abstract With the development of Internet technology and the continuous improvement of social informatization, the network has gradually become an indispensable part of people’s production and life. The importance of network security has received more and more attention. A variety of security products have been applied to the network to strengthen and maintain the safe operation of the network. However, these security means can only play a specific role in a certain range, and lack of effective data fusion and collaborative management mechanism. In the face of many scattered information, network security managers cannot respond to security incidents in time. For the purpose of grasping the current situation and changes of network security, network security situation awareness technology came into being, it has become a new hotspot in network security research. This paper proposes a fuzzy comprehensive evaluation model which combines AHP and fuzzy evaluation method to evaluate network security situation.

Hongyu Yang,Zixin Zhang,Lixia Xie,Liang Zhang

DOI: https://doi.org/10.1002/int.22867

IF: 8.993

2022-03-02

International Journal of Intelligent Systems

Abstract:To solve the problems that existing network security situation assessment (NSSA) methods are difficult to extract features and have poor timeliness, an NSSA method with network attack behavior classification (NABC) is proposed. First, an NABC model is designed. The model combines features and advantages of a parallel feature extraction network (PFEN), a bidirectional gate recurrent unit (BiGRU), and the attention mechanism (ATT). The PFEN module is composed of parallel sparse autoencoders which extract key data from different network attack behaviors. The BiGRU module gets the time‐series relationship from the state of three different time periods, finds potential representation rules from network attack behaviors. The ATT module pays more attention to the network traffic key information and improves the NABC accuracy. Second, the NABC detects and classifies attacks from network behaviors, the occurrence number of each attack behavior, and the error probability matrix are counted. Finally, the occurrence number of each attack behavior is corrected according to the error probability matrix, and the network security situation value is calculated through combining the severity factor of each attack behavior. The experimental results show that the precision and recall of the NABC model are improved by 5.28% and 5.65%, respectively, compared with the conventional method. The comparison experiment with the classical situation assessment method also proves that the proposed method can assess the overall situation of network security more effectively and comprehensively.

computer science, artificial intelligence

Ruixiao Huang,Yifei Pu

DOI: https://doi.org/10.3390/fractalfract8100550

IF: 3.577

2024-09-25

Fractal and Fractional

Abstract:The evaluation process of the Fractional Order Model is as follows. To address the commonly observed issue of low accuracy in traditional situational assessment methods, a novel evaluation algorithm model, the fractional-order BP neural network optimized by the chaotic sparrow search algorithm (TESA-FBP), is proposed. The fractional-order BP neural network, by incorporating fractional calculus, demonstrates enhanced dynamic response characteristics and historical dependency, showing exceptional potential for handling complex nonlinear problems, particularly in the field of network security situational awareness. However, the performance of this network is highly dependent on the precise selection of network parameters, including the fractional order and initial values of the weights. Traditional optimization methods often suffer from slow convergence, a tendency to be trapped in local optima, and insufficient optimization accuracy, which significantly limits the practical effectiveness of the fractional-order BP neural network. By introducing cubic chaotic mapping to generate an initial population with high randomness and global coverage capability, the exploration ability of the sparrow search algorithm in the search space is effectively enhanced, reducing the risk of falling into local optima. Additionally, the Estimation of Distribution Algorithm (EDA) constructs a probabilistic model to guide the population toward the globally optimal region, further improving the efficiency and accuracy of the search process. The organic combination of these three approaches not only leverages their respective strengths, but also significantly improves the training performance of the fractional-order BP neural network in complex environments, enhancing its generalization ability and stability. Ultimately, in the network security situational awareness system, this integration markedly enhances the prediction accuracy and response speed.

mathematics, interdisciplinary applications