Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Yehong Yang

DOI: https://doi.org/10.2991/WARTIA-16.2016.25

2016-05-14

Abstract:With the popularity of computers, the Internet has entered the production and all aspects of social life, but the attendant problem of network security has become the focus of widespread concern. Network security situation awareness to effectively respond to network security issues provide a viable solution: for complex network environments and malicious attacks, a comprehensive analysis of attacks against various parts of the network system, from a macro point of view of network security situation be assess and predict the future of network security situation based on this information. For the predictive accuracy of prediction system for network security situation has improved significantly, and network security situation prediction method based on machine learning for the network security situation prediction have a high degree feasible, in the real network security situation awareness applications have certain research and practical value. Introduction of Network Security Situational Awareness Network security situation is the current status and trends of the entire information from a variety of factors operating conditions of various network devices, network behavior and user behavior constituted. Network security situational awareness can acquire, understand and display the network environment of security elements. Through a series of technical means in time and space, are fully aware of network security and access and associated elements as possible in a pluralistic, and the establishment of a network based on complex behaviors modeling and simulation situational analysis and pre-side system, and then integrate and analyze vast amounts of security associated with the network-related data. Network security situation awareness is a scientific and effective network security situation assessment and use of relevant technologies to make reasonable predictions about trends over time network security, network management personnel in advance to remind the network system for network equipment, network peer node hosts and data resources to make reasonable adjustments, upgrades and backup, network environment to address the risk of possible future harm to the network system, losses may result down to an acceptable range . Extract information network security situation is carried out on the basis of situational awareness that only a comprehensive collection of data and the use of sophisticated index system, to ensure the correctness of the results of the assessment. Therefore, in the design process model or system must pay attention to select a metric system. Network security situation is a source of diverse, different collection methods, different devices collect data formats, network security situation letter from mainly contains configuration, operating status, traffic, user behavior and other information.

Computer Science

Guang Kou,Shuo Wang,Guangming Tang

DOI: https://doi.org/10.1049/cje.2018.10.007

IF: 1.019

2019-01-01

Chinese Journal of Electronics

Abstract:This paper analyzed the existing network security situation evaluation methods and discovered that they cannot accurately reflect the features of large-scale, synergetic, multi-stage gradually shown by network attack behaviors. For this purpose, the association between attack intention and network configuration information was deep analyzed. Then a network security situation evaluation method based on attack intention recognition was proposed. Unlike traditional method, the evaluation method was based on intruder. This method firstly made causal analysis of attack event and discovered and simplified intrusion path to recognize every attack phases, then realized situation evaluation based on the attack phases. Lastly attack intention was recognized and next attack phase was forecasted based on achieved attack phases, combined with vulnerability and network connectivity. A simulation experiments for the proposed network security situation evaluation model is performed by network examples. The experimental results show that this method is more accurate on reflecting the truth of attack. And the method does not need training on the historical sequence, so the method is more effective on situation forecasting.

engineering, electrical & electronic

Hongbin Gao,Shangxing Wang,Hongbin Zhang,Bin Liu,Dongmei Zhao,Zhen Liu

DOI: https://doi.org/10.1109/nana56854.2022.00102

2022-01-01

Abstract:This paper has a new network security evaluation method as an absorbing Markov chain-based assessment method. This method is different from other network security situation assessment methods based on graph theory. It effectively refinement issues such as poor objectivity of other methods, incomplete consideration of evaluation factors, and mismatching of evaluation results with the actual situation of the network. Firstly, this method collects the security elements in the network. Then, using graph theory combined with absorbing Markov chain, the threat values of vulnerable nodes are calculated and sorted. Finally, the maximum possible attack path is obtained by blending network asset information to determine the current network security status. The experimental results prove that the method fully considers the vulnerability and threat node ranking and the specific case of system network assets, which makes the evaluation result close to the actual network situation.

Jinwei Yang,Yu Yang,Lu Zheng,Ruixia Cheng,Shengnan Lin

DOI: https://doi.org/10.1088/1742-6596/2310/1/012071

2022-10-11

Journal of Physics: Conference Series

Abstract:Network security situation awareness (NSSA) can analyze current network status and predict trends. Intrusion detection systems are used as sources of security factor in situational awareness, and their accuracy affects the assessment of network security. The attack graph can filter out key nodes and enumerate possible attack paths, which has become the main method of risk assessment. Therefore, a network security situation assessment technology based on intrusion detection was proposed. The detection rate of the intrusion detection system was improved firstly, and then the attack graph was combined with the hidden Markov model (HMM) for network security assessment. The experimental results show that this method can effectively speculate the attack intention and reflect the results intuitively and roundly.

LIN Chuang,WANG Yang,LI Quan-Lin

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.12.001

2005-01-01

Chinese Journal of Computers

Abstract:Network systems are becoming more complex and larger, and specifically network attacks and security destroy is also increasingly prevalent and multiple. Network security is being confronted with many significant challenges. Network security is one of the most important scientific issues in the world and has been an important factor which effects on social improvement and national develop strategy. In this paper, we provide a complete overview on stochastic models and evaluation techniques for network security. The authors indicate the present status and evolvement in the area of network security. The authors provide several effective and efficient methods for modeling and analysis of network security, and also analyze network survivability. Finally, the authors give some concluding remarks on new and challenging directions for future and potential research of network security.

Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li,Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li

DOI: https://doi.org/10.1186/s13638-019-1506-1

2019-08-13

EURASIP Journal on Wireless Communications and Networking

Abstract:Information technology has penetrated into all aspects of politics, economy, and culture of the whole society. The information revolution has changed the way of communication all over the world, promoted the giant development of human society, and also drawn unprecedented attention to network security issues. Studies, focusing on network security, have experienced four main stages: idealized design for ensuring security, auxiliary examination and passive defense, active analysis and strategy formulation, and overall perception and trend prediction. Under the background of the new strategic command for the digital control that all countries are scrambled for, the discussion of network security situational awareness presents new characteristics both in the academic study and industrialization. In this regard, a thorough investigation has been made in the present paper into the literature of network security situational awareness. Firstly, the research status both at home and abroad is introduced, and then, the logical analysis framework is put forward concerning the network security situational awareness from the perspective of the data value chain. The whole process is composed of five successive stages: factor acquisition, model representation, measurement establishment, solution analysis, and situation prediction. Subsequently, the role of each stage and the mainstream methods are elaborated, and the application results on the experimental objects and the horizontal comparison between the methods are explained. In an attempt to provide a panoramic recognition of network security situational awareness, and auxiliary ideas for the industrialization of network security, this paper aims to provide some references for the scientific research and engineering personnel in this field.

telecommunications,engineering, electrical & electronic

Tingting Yao,Qinghua Zheng,Xiaohong Guan,Xiuzhen Chen

DOI: https://doi.org/10.3321/j.issn:0253-987X.2006.04.011

2006-01-01

Abstract:After analyzing malicious attacks against network that affect the service availability and would lead to the abnormal change of the network traffic, a method to evaluate the security situation of real-time traffic of hosts is presented. A group of statistic that can reflect the network traffic features in a fixed time window are selected as the evaluation metrics. Based on the large samples, the information entropy gain method is applied to determine the importance of evaluation results for different metrics. Then, using hierarchical weighted method, the evaluation results are regarded as the normalized abnormality value to evaluate the real time traffic of host networks. Experiments and testing show that this method can reasonably evaluate the host network abnormal flows caused by the DDoS, DoS worm and other attacks, and has good evaluation results for new attacks that cause abnormal change of network traffic.

Jun'e Li,Jiaqi Liang,Quanying Liu,Donglian Qi,Jianliang Zhang,Yangrong Chen

DOI: https://doi.org/10.3389/fenrg.2022.971725

IF: 3.4

2022-01-01

Frontiers in Energy Research

Abstract:With the rapid development of integrated energy system, the large-scale and high-permeability access of distributed generations (DGs) is making the distribution networks develop into active distribution networks (ADNs). The increased complexity of ADNs also increases the vulnerabilities for cyberattacks. It is a new challenge how to evaluate the situation of an ADN so as to support the decision-making of grid control policies in the condition of cyberattacks probably occur. Hence, in this paper, we proposed a method of situation assessment for ADNs considering cyberattacks. This method is aggregated by two parts. 1) An index system is presented, which includes the indexes of DGs stability, the indexes of security risk considering cyberattacks along with the traditional safety indexes. 2) The entropy weight method is used to assign weights to each index, and taking the normal operation status of ADNs as the reference scenario, an operating situation assessment method for ADNs is proposed based on grey correlation analysis method. Finally, in order to verify the effectiveness of the proposed index system and assessment method, 12 attack scenarios are established from three categories: attacks on DGs, attacks on controllable loads and attacks on both of them, and the situation of the ADN, a case based on IEEE 33-node standard distribution system, is evaluated under each scenario.

Yunpeng Li,Xi Li

DOI: https://doi.org/10.1155/2021/9921731

2021-05-07

Scientific Programming

Abstract:With the rapid development of the Internet, network attacks often occur, and network security is widely concerned. Searching for practical security risk assessment methods is a research hotspot in the field of network security. Network attack graph model is an active detection technology for the attack path. From the perspective of the attacker, it simulated the whole network attack scenario and then presented the dependency among the vulnerabilities in the target network in the way of directed graph. It is an effective tool for analyzing network vulnerability. This paper describes in detail the common methods and tools of network security assessment and analyzes the construction of theoretical model of attack graph, the optimization technology of attack graph, and the research status of qualitative and quantitative analysis technology of attack graph in network security assessment. The attack graph generated in the face of large-scale network is too complex to find the key vulnerability nodes accurately and quickly. Optimizing the attack graph and solving the key attack set can help the security manager better understand the security state of the nodes in the network system, so as to strengthen the security defense ability and guarantee the security of the network system. For all kinds of loop phenomena of directed attribute attack graph, the general method of eliminating loop is given to get an acyclic attack graph. On the basis of acyclic attack graph, an optimization algorithm based on path complexity is proposed, which takes atomic attack distance and atomic weight into consideration, and on the basis of simplified attack graph, minimum-cost security reinforcement is carried out for the network environment. Based on the ant colony algorithm, the adaptive updating principle of changing pheromone and the local searching strategy of the adaptive genetic algorithm are proposed to improve the ant colony algorithm. The experimental results show that compared with the ant colony algorithm, the improved ant colony algorithm can speed up the process of solving the optimal solution. When the number of attack paths is large, the advantages of the improved ant colony algorithm in solving accuracy and late search speed are more obvious, and it is more suitable for large-scale networks.

computer science, software engineering

Xiaohu Li,Timothy Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/tdsc.2008.75

2011-01-01

Abstract:Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system:1) the strength of deployed security mechanisms such as intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.

Binbin Liu

DOI: https://doi.org/10.1088/1742-6596/2037/1/012126

2021-09-01

Journal of Physics: Conference Series

Abstract:At present, network security is a problem that needs to be solved urgently in the current network era. In order to reduce the loss caused by network security threats, and also use limited computer resources to select the best defense strategy, a set of network attack and defense game models are designed to identify the situation of network security threats. Aiming at the unstable problem of the security quantification process of traditional network node information, a network security threat situation identification based on the offensive and defensive game model is proposed. First, build an offensive and defensive game model, design the corresponding situation identification strategy, and calculate the overall utility and expected output of both offensive and defensive parties while clarifying the changes in the authority of both sides during the offensive and defensive process. This paper takes the offensive and defensive game model as the theoretical basis of the research, uses the algorithm as the auxiliary research, and integrates its important content to analyze and research the optimization of the algorithm to improve the network security threat situation identification. This paper uses the classic offensive and defensive game model as the research object to identify the threat situation of network security. In the process of selecting the offensive and defensive game model, it is necessary to have a better grasp of the relevant algorithms. This article introduces the offensive and defensive game model into the network security threat situation identification, and on this basis, it deeply discusses the applicability and effectiveness of the offensive and defensive game model in the complex network security threat situation identification, and provides better for the establishment of future network security systems. Reference. The experimental results show that this study is effective and feasible in the offensive and defensive game model in the network security threat situation identification. It should be noted that in the defense process, the probability of success and the degree of damage of the attack path must be grasped to ensure that the optimal offensive and defensive decision-making meets the actual needs of network security.

Hao Hu,Hongqi Zhang,Yingjie Yang

DOI: https://doi.org/10.1007/s11042-017-5602-0

IF: 2.577

2018-01-15

Multimedia Tools and Applications

Abstract:Multimedia communication network has gained remarkable popularity by a wide spectrum of users nowadays. It is easier that the potential threats conceal within the large-scale net flow of multimedia communication traffic. Once vulnerability exploitation occurs, the latent risk will be brought to the surface, causing a series of safety problems. Thus, the vulnerability analysis and threat prediction are becoming critical issues. Recently years, many investigations have been made. However, they are not sufficient. To provide a comprehensive view of the threat scenario and present a quantitative risk-aware approach, we propose a novel method for threat identification, and further we build a quantitative security risk model with it. Actually, two algorithms are proposed, namely dynamic Bayesian attack graph based threat prediction algorithm, and threat prediction based security risk quantification algorithm. The first algorithm aims to provide full prediction information with threat scenario. The second algorithm quantifies the threat in the first algorithm into the security risk from two levels: host and network. The examples indicate that our method is feasible and scalable, which enables a manager to quantify the risks of any identified threat or ongoing attack and to recognize the vulnerable multimedia devices to keep secure multimedia communication.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

LIU Jie-ling,LING Xiao-bo,ZHANG Lei,WANG Bo,WANG Zhi-liang,LI Zi-mu,ZHANG Hui,YANG Jia-hai,WU Cheng-nan

DOI: https://doi.org/10.11896/jsjkx.210600171

2022-01-01

Computer Science

Abstract:Power system network is one of the important targets of cyber attack.In order to ensure the safe operation of power system,network managers need to evaluate the network security risk.Usually,existing network security risk assessment framework only aims at a single scenario,and can not find the strategic attackers who use a variety of low-risk methods to achieve high-risk threat targets from large quantities of network security alerts.In order to meet the above challenges,this paper proposes a network security risk assessment method based on tactical correlation.In this method,the warning information generated on va-rious network security detection devices when an attacker implements a multi-step attack is associated to form an attack chain,and the security risk of the organization intranet is evaluated by calculating the threat,vulnerability,impact score of each node in the attack chain and the risk score of the whole attack chain.In order to verify the effectiveness and robustness of the proposed method,this paper selects a representative example to illustrate the specific implementation process of the proposed method for network security risk assessment in the organizational intranet.The example shows that the network security risk assessment framework based on the tactical association can correctly assess the harm of multi-step attack caused by low-risk alarm association to achieve high-risk targets,and is more robust than the traditional single scenario analysis method,which can better provide decision-making basis for organization decision-makers in network security risk management.

Haofang Zhang,Chunying Kang,Yao Xiao

DOI: https://doi.org/10.3390/s21144788

IF: 3.9

2021-07-13

Sensors

Abstract:To better understand the behavior of attackers and describe the network state, we construct an LSTM-DT model for network security situation awareness, which provides risk assessment indicators and quantitative methods. This paper introduces the concept of attack probability, making prediction results more consistent with the actual network situation. The model is focused on the problem of the time sequence of network security situation assessment by using the decision tree algorithm (DT) and long short-term memory(LSTM) network. The biggest innovation of this paper is to change the description of the network situation in the original dataset. The original label only has attack and normal. We put forward a new idea which regards attack as a possibility, obtaining the probability of each attack, and describing the network situation by combining the occurrence probability and attack impact. Firstly, we determine the network risk assessment indicators through the dataset feature distribution, and we give the network risk assessment index a corresponding weight based on the analytic hierarchy process (AHP). Then, the stack sparse auto-encoder (SSAE) is used to learn the characteristics of the original dataset. The attack probability can be predicted by the processed dataset by using the LSTM network. At the same time, the DT algorithm is applied to identify attack types. Finally, we draw the corresponding curve according to the network security situation value at each time. Experiments show that the accuracy of the network situation awareness method proposed in this paper can reach 95%, and the accuracy of attack recognition can reach 87%. Compared with the former research results, the effect is better in describing complex network environment problems.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

ZHANG Yong,TAN Xiao-Bin,CUI Xiao-Lin,XI Hong-Sheng

DOI: https://doi.org/10.3724/sp.j.1001.2011.03751

2011-01-01

Abstract:To accurately evaluate security situation states,this paper proposes an approach to network security situation awareness(NSSA) based on Hidden Markov Model(HMM).It gains standardized data of network structure information,assets,threats and vulnerabilities via fusing variety system security data collected by multi-sensors.For every asset,this paper associates its suffered threats with its vulnerabilities to analyze the sequence of its security incidents,establishes HMMs to analyze security situation factors of confidentiality,integrity and availability.Using sliding window mechanism it trains segmented sequence of security incidents and it gains the parameters of HMM's through update algorithm with forgetting factor.According to the HMMs and security incidents sequence it evaluates security situation factors of one asset's and entire network.Depending on the application background it evaluates security situation states of different network system.The investigation of evaluation to a specific network indicates that the approach is suitable for actual network environment and the evaluation result is precise and efficient.

Xiaohong Shi,Chenglong Liu,Gong Chen,Huihui Tang,Song He

DOI: https://doi.org/10.1109/icetci55101.2022.9832324

2022-05-27

Abstract:The development of the Internet has brought a lot of convenience to people, but it also has some drawbacks and threats. For netizens, the study of the network security situation(SS) is the protection of privacy and security, as well as the maintenance of basic rights. Therefore, the research on network security situation assessment(NSSA) is based on security considerations. It can help people better understand this problem and take corresponding measures to control and prevent possible dangers. This article mainly uses experimental method and data method to carry out relevant research on AHP and NSSA and prediction technology(PT). Experimental results show. In the second to third time periods, the number of messages collected and the number of Trojan horse attacks changed inversely, and the fluctuations changed sharply. This shows that it is necessary to apply the analytic hierarchy process(AHP) for situation assessment.

Computer Science

Lihua Wu,Tian Deng

DOI: https://doi.org/10.1088/1742-6596/1648/4/042111

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract With the computer network in the industry, business, politics, finance, military and other social fields in the application of more and more extensive, the society on the computer network is also more and more dependent. However, because of its wide area distribution, heterogeneity and dynamic characteristics, computer network is very vulnerable to security threats from various aspects. In order to better maintain computer network security, this paper studies computer network security analysis modeling based on space-time characteristics and deep learning algorithm. First of all, this article through to the computer network security connotation and the present situation analysis, points out the main problems of network security model, and thus build a combination of deep learning algorithm, a simulation model of network security analysis results show that the intercept network attack rate increased by 32.12% than that of the traditional model, verify the validity of the model. Through the construction of the model, it is expected to contribute to the improvement of computer network security analysis.