Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

WANG Chun-lei,FANG Lan,WANG Dong-xia,DAI Yi-qi

DOI: https://doi.org/10.1109/iccet.2010.5486194

2012-01-01

Computer Science

Abstract:Network security situation awareness provides the unique high level security view based upon the security alert events. But the complexities and diversities of security alert data on modern networks make such analysis extremely difficult. In this paper, we analyze the existing problems of network security situation awareness system and propose a framework for network security situation awareness based on knowledge discovery. The framework consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the D-S evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The generation of network security situation is to extract the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery method and transform these patterns to the correlation rules of network security situation, and finally to automatically generate the network security situation graph. Application of the integrated Network Security Situation Awareness system (Net-SSA) shows that the proposed framework supports for the accurate modeling and effective generation of network security situation.

Genghong Lu,Dongqin Feng

DOI: https://doi.org/10.23919/icif.2018.8455208

2018-01-01

Abstract:Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

Chen,Lin Ye,Xiangzhan Yu,Bailang Ding

DOI: https://doi.org/10.1007/978-3-030-24268-8_10

2019-01-01

Abstract:With the increasing importance of cyberspace security, the research and application of network situational awareness is getting more attention. The research on network security situational awareness is of great significance for improving the network monitoring ability, emergency response capability and predicting the development trend of network security. This paper describes the development and evolution of network situational awareness and analyzes the basic architecture of the current situational awareness system. Based on the situational awareness conceptual model, four main research contents of situational awareness are elaborated: network data collection, situational understanding, situational prediction and situational visualization. This paper focuses on the core issues, main algorithms, and the advantages and disadvantages of each method that need to be addressed at each research point. Finally, under the current development trend of big data processing technology and artificial intelligence technology, the application realization and development trend of network situational awareness are analyzed and forecasted.

Juan Wang,Zhi-Guang Qin,Li Ye,Jing Jin

DOI: https://doi.org/10.1109/icccas.2008.4657814

2008-01-01

Abstract:Network situation awareness (NSA) is a new idea of network security, it is different from normal network security technique for its visualization and high-level data management, transform the abstract data to knowledge that human can understand, help network manager to make decision. Present NSA model have some weakness donpsilat fit to network security. This paper promote a improve model of the NSA, add privacy-preserving module, richen the data source, visualization (integrate GIS technique) and projection technique of situation awareness to improve abilities of emergences respond, reduce losses of network attacks, reveal abnormally intrusions.

Lina Zhu,Guoen Xia,Zuochang Zhang,Jianhua Li,Renjie Zhou

DOI: https://doi.org/10.14257/ijsia.2016.10.11.14

2016-01-01

International Journal of Security and Its Applications

Abstract:Network security situation awareness is vital important for network security supervision. In order to obtain the network security situation effectively, a multidimensional assessment method is proposed in this paper. The method is composed of three dimensions at different levels, namely vulnerability, threat and basic operation, with quantitative calculation method for each index. In the service layer, CVSS standard is adopted to assess the vulnerability situation, and simplified DREAD model is chosen for the threat situation. In the node layer, the vulnerability situation in the service layer is added with a weight, the threat situation in the service layer is accumulated according to attack paths based on Markov model, and the basic operation situation is evaluated by DS evidence fusion of several host and network performance index. In the network layer, each situation equals to weighted summation of corresponding situation in the node layer. Experimental results show the ease of use of this method, and multi-dimensional situation depicts the overall safety evolution process of network system accurately and intuitively.

Yehong Yang

DOI: https://doi.org/10.2991/WARTIA-16.2016.25

2016-05-14

Abstract:With the popularity of computers, the Internet has entered the production and all aspects of social life, but the attendant problem of network security has become the focus of widespread concern. Network security situation awareness to effectively respond to network security issues provide a viable solution: for complex network environments and malicious attacks, a comprehensive analysis of attacks against various parts of the network system, from a macro point of view of network security situation be assess and predict the future of network security situation based on this information. For the predictive accuracy of prediction system for network security situation has improved significantly, and network security situation prediction method based on machine learning for the network security situation prediction have a high degree feasible, in the real network security situation awareness applications have certain research and practical value. Introduction of Network Security Situational Awareness Network security situation is the current status and trends of the entire information from a variety of factors operating conditions of various network devices, network behavior and user behavior constituted. Network security situational awareness can acquire, understand and display the network environment of security elements. Through a series of technical means in time and space, are fully aware of network security and access and associated elements as possible in a pluralistic, and the establishment of a network based on complex behaviors modeling and simulation situational analysis and pre-side system, and then integrate and analyze vast amounts of security associated with the network-related data. Network security situation awareness is a scientific and effective network security situation assessment and use of relevant technologies to make reasonable predictions about trends over time network security, network management personnel in advance to remind the network system for network equipment, network peer node hosts and data resources to make reasonable adjustments, upgrades and backup, network environment to address the risk of possible future harm to the network system, losses may result down to an acceptable range . Extract information network security situation is carried out on the basis of situational awareness that only a comprehensive collection of data and the use of sophisticated index system, to ensure the correctness of the results of the assessment. Therefore, in the design process model or system must pay attention to select a metric system. Network security situation is a source of diverse, different collection methods, different devices collect data formats, network security situation letter from mainly contains configuration, operating status, traffic, user behavior and other information.

Computer Science

Jing Li,Ming Cheng,Jun Ni,Feng Qian

DOI: https://doi.org/10.1109/isdea.2013.523

2013-01-01

Abstract:Along with the development and application of computer network, the network security problem has become an urgent task, and the security problem research also becomes an important topic to the network development. The analytic hierarchy process as a powerful method in system science analyzing was introduced into the research of network security situation awareness. The common model of networks security situational awareness architecture is described, and studies the evaluation method relevantly: from security situation numeric computation, the analytic hierarchy process arithmetic is analysis. When a network includes multiple subnets, the network situation of the total network need to be further aggregated. So a new aggregation model and method was proposed.

Daojuan Zhang,Kexiang Qian,Wenhui Wang,Fuyang fang,Chonghua Wang,Xi Luo

DOI: https://doi.org/10.1145/3444370.3444607

2020-12-04

Abstract:With the development of information technology, the scale of the network continues to expand, and the security issues continue to increase. The complexity of the network security situation is increasing and the importance of the network security situational awareness continues to increase. The data sources are wide, the type and the number are large in a large-scale network environment currently. This paper comprehensively studies the network security situational awareness technology based on multi-source heterogeneous data. In addition, this paper introduces the origin, concept and the model of the network situational awareness, as well as the characteristics of network security situational awareness based on multi-source heterogeneous data fusion. Finally, the key technologies in the security situational awareness such as the extraction of situational elements, multi-source data fusion, situation assessment, situation prediction and visual display are introduced.

Rongrong Xi,Shuyuan Jin,Xiao-chun Yun,Yongzheng Zhang

DOI: https://doi.org/10.1109/TrustCom.2011.62

2011-01-01

Abstract:With tremendous attacks in the Internet, there is a high demand for network analysts to know about the situations of network security effectively. Traditional network security tools lack the capability of analyzing and assessing network security situations comprehensively. In this paper, we introduce a novel network situation awareness tool - CNSSA (Comprehensive Network Security Situation Awareness) - to perceive network security situations comprehensively. Based on the fusion of network information, CNSSA makes a quantitative assessment on the situations of network security. It visualizes the situations of network security in its multiple and various views, so that network analysts can know about the situations of network security easily and comprehensively. The case studies demonstrate how CNSSA can be deployed into a real network and how CNSSA can effectively comprehend the situation changes of network security in real time.

Wei HU,Jian-hua LI,Xiu-zhen CHEN,Xing-hao JIANG

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.01.028

2009-01-01

Abstract:Although network security situation (NSS) becomes a hot topic, the investigation on situation awareness (SA) still lacks an approbatory standard. Based on Endsley’s research, the paper presents a scalable NSS model, and improves situation extraction (SE) to fit the network environment. The proposed model utilizes knowledge bases to standardize the situation acquisition and model the situation as an entity. The incident frequency, incident time, and space information are contained in the model, and the situation acquisition is simplified. Finally, the simulation results prove the model’s feasibility and efficiency.

Mixia Liu,Dongmei Yu,Qiuyu Zhang,Honglei Zhu

DOI: https://doi.org/10.1109/IWASID.2007.373676

2007-01-01

Abstract:With the development of computer networks, the spread of malicious network activities poses great risks to the operational integrity of many organizations and imposes heavy economic burdens on life and health. Therefore, risk assessment is very important in network security management and analysis. Network security situation analysis not only can describe the current state but also project the next behavior of the network. Alerts coming from IDS, Firewall, and other security tools are currently growing at a rapid pace. Large organizations are having trouble keeping on top of the current state of their networks. In this paper, we described cyberspace situational awareness from formal and visual methods. Next, to make security administrator comprehend security situation and project the next behaviors of the whole network, we present using parallel axes view to give expression clearly of security events correlations. At last, we concluded that visualization is an important research of risk evaluation and situation analysis of network.

Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li,Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li

DOI: https://doi.org/10.1186/s13638-019-1506-1

2019-08-13

EURASIP Journal on Wireless Communications and Networking

Abstract:Information technology has penetrated into all aspects of politics, economy, and culture of the whole society. The information revolution has changed the way of communication all over the world, promoted the giant development of human society, and also drawn unprecedented attention to network security issues. Studies, focusing on network security, have experienced four main stages: idealized design for ensuring security, auxiliary examination and passive defense, active analysis and strategy formulation, and overall perception and trend prediction. Under the background of the new strategic command for the digital control that all countries are scrambled for, the discussion of network security situational awareness presents new characteristics both in the academic study and industrialization. In this regard, a thorough investigation has been made in the present paper into the literature of network security situational awareness. Firstly, the research status both at home and abroad is introduced, and then, the logical analysis framework is put forward concerning the network security situational awareness from the perspective of the data value chain. The whole process is composed of five successive stages: factor acquisition, model representation, measurement establishment, solution analysis, and situation prediction. Subsequently, the role of each stage and the mainstream methods are elaborated, and the application results on the experimental objects and the horizontal comparison between the methods are explained. In an attempt to provide a panoramic recognition of network security situational awareness, and auxiliary ideas for the industrialization of network security, this paper aims to provide some references for the scientific research and engineering personnel in this field.

telecommunications,engineering, electrical & electronic

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

Zehua Ren,Yang Liu,Huixiang Liu,Baoxiang Jiang,Xiangzhen Yao,Lin Li,Haiwen Yang,Ting Liu

DOI: https://doi.org/10.1109/infocomwkshps54753.2022.9798168

2022-01-01

Abstract:Traditional intrusion detection systems often deal with massive alarms based on specific filtering rules, which is complex and inexplicable. In this demo, we developed a network security situation awareness (NSSA) system based on the spatio-temporal correlation of alarms. It can monitor the security situation from the temporal dimension and discover abnormal events based on the time series of alarms. Also, it can analyze alarms from the spatial dimension on the heterogeneous alarm graph and handle alarms in batches of events. With this system, system operators can filter most irrelevant alarms quickly and efficiently. The rich visualization of alarm data could also help find hidden high-risk attack behaviors.

Ying Zhou,Guodong Zhao,Roobaea Alroobaea,Abdullah M. Baqasah,Rajan Miglani

DOI: https://doi.org/10.1515/jisys-2022-0037

2022-01-01

Journal of Intelligent Systems

Abstract:Abstract Due to the complexity and versatility of network security alarm data, a cloud-based network security data extraction method is proposed to address the inability to effectively understand the network security situation. The information properties of the situation are generated by creating a set of spatial characteristics classification of network security knowledge, which is then used to analyze and optimize the processing of hybrid network security situation information using cloud computing technology and co-filtering technology. Knowledge and information about the security situation of a hybrid network has been analyzed using cloud computing strategy. The simulation results show that a cyber security crash occurs in window 20, after which the protection index drops to window 500. The increase in the security index of 500 windows is consistent with the effectiveness of the concept of this document method, indicating that this document method can sense changes in the network security situation. Starting from the first attacked window, the defense index began to decrease. In order to simulate the added network defense, the network security events in the 295th time window were reduced in the original data, and the defense index increased significantly in the corresponding time period, which is consistent with the method perception results, which further verifies the effectiveness and reliability of this method on the network security event perception. This method provides high-precision knowledge of network security situations and improves the security and stability of cloud-based networks.

Yiyang Jia,Hanyan Wu,Dongxing Jiang

DOI: https://doi.org/10.1109/CyberC.2015.47

2015-01-01

Abstract:Security situation assessment is an effective way to analyze the situation of an information system, which helps administrator understand the current system risk status and make policy to response in time. However, the existing researches for security situation assessment mostly focus on network. The proposed methods for network are not so suitable for information systems. This paper proposes a hierarchical security situation analysis framework for information system, based on a classical NSSA [1] (network security situation analysis) model. The framework provides a standard flow for analyzing the security situation of information system. It consists a security situation analysis model of information system, an index system used in the model proposed, and a quantitative index fusion method to calculate a security situational value. We divided information system into 3 levels: sub-system level, composition level and index level. The collected information from the index level can be combined with grey model to determine the correlation degree between each major index and secondary index. Finally we calculate the whole system security situational value level by level. We use data from Tsinghua University information system to verify the proposed model and method. The result shows that this model can reflect the current security situation of information system comprehensively.

Guozheng Yang,Yongheng Zhang,Yuliang Lu,Yi Xie,Jiayi Yu

DOI: https://doi.org/10.3390/e26040315

IF: 2.738

2024-04-05

Entropy

Abstract:Network security situational awareness (NSSA) aims to capture, understand, and display security elements in large-scale network environments in order to predict security trends in the relevant network environment. With the internet's increasingly large scale, increasingly complex structure, and gradual diversification of components, the traditional single-layer network topology model can no longer meet the needs of network security analysis. Therefore, we conduct research based on a multi-layer network model for network security situational awareness, which is characterized by the three-layer network structure of a physical device network, a business application network, and a user role network. Its network characteristics require new assessment methods, so we propose a multi-layer network link importance assessment metric: the multi-layer-dependent link entropy (MDLE). On the one hand, the MDLE comprehensively evaluates the connectivity importance of links by fitting the link-local betweenness centrality and mapping entropy. On the other hand, it relies on the link-dependent mechanism to better aggregate the link importance contributions in each network layer. The experimental results show that the MDLE has better ordering monotonicity during critical link discovery and a higher destruction efficacy in destruction simulations compared to classical link importance metrics, thus better adapting to the critical link discovery requirements of a multi-layer network topology.

physics, multidisciplinary

Jinwei Yang,Yu Yang,Lu Zheng,Ruixia Cheng,Shengnan Lin

DOI: https://doi.org/10.1088/1742-6596/2310/1/012071

2022-10-11

Journal of Physics: Conference Series

Abstract:Network security situation awareness (NSSA) can analyze current network status and predict trends. Intrusion detection systems are used as sources of security factor in situational awareness, and their accuracy affects the assessment of network security. The attack graph can filter out key nodes and enumerate possible attack paths, which has become the main method of risk assessment. Therefore, a network security situation assessment technology based on intrusion detection was proposed. The detection rate of the intrusion detection system was improved firstly, and then the attack graph was combined with the hidden Markov model (HMM) for network security assessment. The experimental results show that this method can effectively speculate the attack intention and reflect the results intuitively and roundly.

ZHANG Yong,TAN Xiao-Bin,CUI Xiao-Lin,XI Hong-Sheng

DOI: https://doi.org/10.3724/sp.j.1001.2011.03751

2011-01-01

Abstract:To accurately evaluate security situation states,this paper proposes an approach to network security situation awareness(NSSA) based on Hidden Markov Model(HMM).It gains standardized data of network structure information,assets,threats and vulnerabilities via fusing variety system security data collected by multi-sensors.For every asset,this paper associates its suffered threats with its vulnerabilities to analyze the sequence of its security incidents,establishes HMMs to analyze security situation factors of confidentiality,integrity and availability.Using sliding window mechanism it trains segmented sequence of security incidents and it gains the parameters of HMM's through update algorithm with forgetting factor.According to the HMMs and security incidents sequence it evaluates security situation factors of one asset's and entire network.Depending on the application background it evaluates security situation states of different network system.The investigation of evaluation to a specific network indicates that the approach is suitable for actual network environment and the evaluation result is precise and efficient.