Tingqi Zhang,Mingyang Sun,Jochen L. Cremer,Ning Zhang,Goran Strbac,Chongqing Kang

DOI: https://doi.org/10.1109/tpwrs.2021.3059197

IF: 7.326

2021-01-01

IEEE Transactions on Power Systems

Abstract:Dynamic Security Assessment (DSA) for the future power system is expected to be increasingly complicated with the higher level penetration of renewable energy sources (RES) and the widespread deployment of power electronic devices, which drive new dynamic phenomena. As a result, the increasing complexity and the severe computational bottleneck in real-time operation encourage researchers to exploit machine learning to extract offline security rules for the online assessment. However, traditional machine learning methods lack in providing information on the confidence of their corresponding predictions. A better understanding of confidence of the prediction is of key importance for Transmission System Operators (TSOs) to use and rely on these machine learning methods. Specifically, from the perspective of topological changes, it is often unclear whether the machine learning model can still be used. Hence, being aware of the confidence of the prediction supports the transition to using machine learning in real-time operation. In this paper, we propose a novel Conditional Bayesian Deep Auto-Encoder (CBDAC) based security assessment framework to compute a confidence metric of the prediction. This informs not only the operator to judge whether the prediction can be trusted, but it also allows for judging whether the model needs updating. A case study based on IEEE 68-bus system demonstrates that CBDAC outperforms the state-of-the-art machine learning-based DSA methods and the models that need updating under different topologies can be effectively identified. Furthermore, the case study verifies that effective updating of the models is possible even with very limited data.

Chengqiong Ye,Wenyu Shi,Rui Zhang

DOI: https://doi.org/10.1186/s13635-021-00118-1

2021-04-20

EURASIP Journal on Information Security

Abstract:Abstract In order to further improve the accuracy and efficiency of network information security situation prediction, this study used the dynamic equal-dimensional method based on gray correlation analysis to improve the GM (1, N) model and carried out an experiment on the designed network security situation prediction (NSSP) model in a simulated network environment. It was found that the predicted result of the improved GM (1, N) model was closer to the actual value. Taking the 11th hour as an example, the predicted value of the improved GM (1, N) model was 28.1524, which was only 0.8983 larger than the actual value; compared with neural network and Markov models, the error of the improved GM (1, N) model was smaller: the average error was only 2.3811, which was 67.88% and 70.31% smaller than the other two models. The improved GM (1, N) model had a time complexity that was 49.99% and 39.53% lower than neural network and Markov models; thus, it had high computational efficiency. The experimental results verify the effectiveness of the improved GM (1, N) model in solving the NSSP problem. The improved GM (1, N) model can be further promoted and applied in practice and deployed in the network of schools and enterprises to achieve network information security.

Yehong Yang

DOI: https://doi.org/10.2991/WARTIA-16.2016.25

2016-05-14

Abstract:With the popularity of computers, the Internet has entered the production and all aspects of social life, but the attendant problem of network security has become the focus of widespread concern. Network security situation awareness to effectively respond to network security issues provide a viable solution: for complex network environments and malicious attacks, a comprehensive analysis of attacks against various parts of the network system, from a macro point of view of network security situation be assess and predict the future of network security situation based on this information. For the predictive accuracy of prediction system for network security situation has improved significantly, and network security situation prediction method based on machine learning for the network security situation prediction have a high degree feasible, in the real network security situation awareness applications have certain research and practical value. Introduction of Network Security Situational Awareness Network security situation is the current status and trends of the entire information from a variety of factors operating conditions of various network devices, network behavior and user behavior constituted. Network security situational awareness can acquire, understand and display the network environment of security elements. Through a series of technical means in time and space, are fully aware of network security and access and associated elements as possible in a pluralistic, and the establishment of a network based on complex behaviors modeling and simulation situational analysis and pre-side system, and then integrate and analyze vast amounts of security associated with the network-related data. Network security situation awareness is a scientific and effective network security situation assessment and use of relevant technologies to make reasonable predictions about trends over time network security, network management personnel in advance to remind the network system for network equipment, network peer node hosts and data resources to make reasonable adjustments, upgrades and backup, network environment to address the risk of possible future harm to the network system, losses may result down to an acceptable range . Extract information network security situation is carried out on the basis of situational awareness that only a comprehensive collection of data and the use of sophisticated index system, to ensure the correctness of the results of the assessment. Therefore, in the design process model or system must pay attention to select a metric system. Network security situation is a source of diverse, different collection methods, different devices collect data formats, network security situation letter from mainly contains configuration, operating status, traffic, user behavior and other information.

Computer Science

Ruijuan Zheng,Wangyang Wei,Mingchuan Zhang,Qingtao Wu,Dan Zhang

DOI: https://doi.org/10.4304/jnw.9.2.283-290

2014-01-01

Journal of Networks

Abstract:Aiming at the problems of subjectivity and complexity in network security situation assessment process, the Cloud model is introduced to the network security situation assessment, and a network security evaluation method based on Cloud Model is proposed. Firstly, the level of network security situation is judged by Cloud gravity center evaluation method. Secondly, Maximum boundary based Cloud Model (MCM) method is applied to obtain the final assessment results. Thirdly, future security situation is predicted by adopting BP neural network based on improved genetic algorithm according to the result of situation assessment. Finally, the effectiveness and feasibility of the proposed evaluation method and the prediction effect for GA-BPNN are verified by the simulation experiment. The results show that the proposed evaluation and prediction method is feasible, and the results of the assessment are more objective and accurate.

Zhongmin Cai,Chenglong Li

DOI: https://doi.org/10.1155/2022/9023904

IF: 1.43

2022-05-18

Mathematical Problems in Engineering

Abstract:With the rapid development of modern society, the administrative information content rapid growth of e-government information resource sharing becomes the key of the government departments for effective social management. The cloud technology Internet big data are widely used and popular, which enable information resources to be shared among government data and are both an opportunity and challenge for effective e-government information resource sharing. It is of great significance to enhance government credibility. Information security risk assessment is a comprehensive evaluation of the potential risk of an uncertain stochastic process, traditional evaluation methods are deterministic models, and it is difficult to measure the security risk of uncertainty. On the other hand, with the opening and complexity of information system business functions, the nonlinearity and complexity of evaluation calculation also increase. By studying the relatively mature assessment criteria and methods in the field of information security, this study analyzes the information security status of small Internet of Things system based on the characteristics of Internet of Things information security. Combining the latest research results of information entropy neural network and other fields with the original risk assessment methods, the improved AHP information security risk assessment model is verified by simulation examples.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Dong Yang,Ze Liu,Songjie Wei

DOI: https://doi.org/10.3390/s23187803

2023-09-11

Abstract:With the advancement in big data and cloud computing technology, we have witnessed tremendous developments in applying intelligent techniques in network operation and management. However, learning- and data-based solutions for network operation and maintenance cannot effectively adapt to the dynamic security situation or satisfy administrators' expectations alone. Anomaly detection of time-series monitoring indicators has been a major challenge for network administrative personnel. Monitored indicators in network operations are characterized by multiple instances with high dimensions and fluctuating time-series features and rely on system resource deployment and business environment variations. Hence, there is a growing consensus that conducting anomaly detection with machine intelligence under the operation and maintenance personnel's guidance is more effective than solely using learning and modeling. This paper intends to model the anomaly detection task as a Markov Decision Process and adopts the Double Deep Q-Network algorithm to train an anomaly detection agent, in which the multidimensional temporal convolution network is applied as the principal structure of the Q network and the interactive guidance information from the operation and maintenance personnel is introduced into the procedure to facilitate model convergence. Experimental results on the SMD dataset indicate that the proposed modeling and detection method achieves higher precision and recall rates compared to other learning-based methods. Our method achieves model optimization by using human-computer interactions continuously, which guarantees a faster and more consistent model training procedure and convergence.

Shaodan Lin,Chen Feng,Tao Jiang,Huasong Jing

DOI: https://doi.org/10.1109/access.2023.3333013

IF: 3.9

2023-12-01

IEEE Access

Abstract:Using deep learning models, we predict information system security indicators and obtain corresponding security evaluation scores. The scores of these predicted security evaluation are used as the input data of regression tree model, and the security grade protection evaluation system is constructed. The model training process involves four different models: VGG19, ResNet-50, XceptionNet, and EfficientNet. Based on the training results, we find that the EfficientNet model consumes fewer computational resources in single detection while achieves a detection accuracy of 99.93%. Subsequently, we apply the CART regression tree to assess the network security posture of 14 commercial systems. The test results of the model show that the mean absolute percentage error(MAPE) is 0.029 and the correlation coefficient is 0.9. These empirical results strongly support the performance of the proposed model and show its significant potential in improving security assessments. With these training results, we gain preliminary insights into the performance of each model and select the EfficientNet model with the best performance for the generation of subsequent security posture evaluation data.Ultimately, the developed security grade protection assessment system provides a reliable and efficient evaluation means for the network security.

computer science, information systems,telecommunications,engineering, electrical & electronic

LIU Lin,HUANG Tianen,FU Yang,SUN Hongbin,GUO Wenxin

DOI: https://doi.org/10.13335/j.1000-3673.pst.2016.11.018

2016-01-01

Abstract:1Critical interfaces with low safety margin are weakness of power grid need to be focused on. Its accurate prediction is important basis of reasonable scheduling. Taking Guangdong power grid for example, data of electric and non-electric parameters between 2014 and 2015 were collected. Firstly, the parameter data were standardized and integrated. Secondly, whole characteristics were selected and samples were trained with neural network. Then a neural network prediction model for critical interfaces was obtained. Compared to traditional method, this method introduces non-electric parameters. Test on Guangdong power grid shows that this model is accurate, fast and suitable to actual complex and changeable power grid.

Lihua Wu,Tian Deng

DOI: https://doi.org/10.1088/1742-6596/1648/4/042111

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract With the computer network in the industry, business, politics, finance, military and other social fields in the application of more and more extensive, the society on the computer network is also more and more dependent. However, because of its wide area distribution, heterogeneity and dynamic characteristics, computer network is very vulnerable to security threats from various aspects. In order to better maintain computer network security, this paper studies computer network security analysis modeling based on space-time characteristics and deep learning algorithm. First of all, this article through to the computer network security connotation and the present situation analysis, points out the main problems of network security model, and thus build a combination of deep learning algorithm, a simulation model of network security analysis results show that the intercept network attack rate increased by 32.12% than that of the traditional model, verify the validity of the model. Through the construction of the model, it is expected to contribute to the improvement of computer network security analysis.

Haojin Qi,Wan Zhu,Mingda Ye,Yichen Hu,Yong Wang

DOI: https://doi.org/10.1038/s41598-024-59473-x

IF: 4.6

2024-04-21

Scientific Reports

Abstract:Due to theintricate and interdependent nature of the smart grid, it has encountered an increasing number of security threats in recent years. Currently, conventional security measures such as firewalls, intrusion detection, and malicious detection technologies offer specific protection based on their unique perspectives. However, as the types and concealment of attacksincrease, these measures struggle to detect them promptly and respond accordingly. In order to meet the social demand for the accuracy and computation speed of the power network security risk evaluation model, the study develops a fusion power network security risk evaluation algorithm by fusing the flash search algorithm with the support vector machine. This algorithm is then used as the foundation for building an improved power network security risk evaluation model based on the fusion algorithm.The study's improved algorithm's accuracy is 96.2%, which is higher than the accuracy of the other comparative algorithms; its error rate is 3.8%, which is lower than the error rate of the other comparative algorithms; and its loss function curve convergence is quicker than that of the other algorithms.The risk evaluation model's accuracy is 97.8%, which is higher than the accuracy of other comparative models; the error rate is 1.9%, which is lower than the error rate of other comparative models; the computing time of the improved power network security risk evaluation model is 4.4 s, which is lower than the computing time of other comparative models; and its expert score is high. These findings are supported by empirical analysis of the improved power network security risk evaluation model proposed in the study. According to the study's findings, the fusion algorithm and the upgraded power network security risk evaluation model outperform other approaches in terms of accuracy and processing speed. This allows the study's maintenance staff to better meet the needs of the community by assisting them in identifying potential security hazards early on and taking the necessary preventative and remedial action to ensure the power system's continued safe operation.

multidisciplinary sciences

Fengli Zhang,Juan Wang,Zhiguang Qin

DOI: https://doi.org/10.1109/icccas.2009.5250512

2009-01-01

Abstract:Network security situation is a hot research realm in the area of network security, which helps security analysts to solve the challenges they encounter. This paper presents the evaluation index, and the characteristic attributes to describe the state of network situation, discusses the grey model includes grey correlation model and grey forecast algorithm to get the evaluation index and predication of network situation. The network situation based on the grey model using evaluation index is proposed and the experimental result is shown in this paper.

Zhao Yifan

DOI: https://doi.org/10.1109/WCCCT52091.2021.00015

2021-01-01

Abstract:Along with the advance of science and technology, informationization society construction is gradually perfect. The development of modern information technology has driven the growth of the entire network spatial data, and network security is a matter of national security. There are several countries included in the national security strategy, with the increase of network space connected point, traditional network security space processing way already cannot adapt to the demand. Machine learning can effectively solve the problem of network security. Around the machine learning technology applied in the field of network security research results, this paper introduces the basic concept of network security situational awareness system, the basic model, and system framework. Based on machine learning, this paper elaborates the network security situation awareness technology, including data mining technology, feature extraction technology and situation prediction technology. Recursive feature elimination, decision tree algorithm, support vector machine, and future research direction in the field of network security situational awareness are also discussed.

Computer Science

Shi Dong,Yuanjun Xia,Tao Peng

DOI: https://doi.org/10.1109/tnsm.2021.3120804

2021-12-01

IEEE Transactions on Network and Service Management

Abstract:The rapid development of Internet technology has brought great convenience to our production life, and the ensuing security problems have become increasingly prominent. These problems threaten users' privacy and pose significant security risks to the normal conduct of many aspects of society, such as politics, economy, culture, and people's livelihood. The growth of the information transmission rate expands the scope of attacks and provides a more attack environment for intruders. Abnormal detection is an effective security protection technology that can monitor network transmission in real-time, effectively sense external attacks, and provide response decisions for relevant managers. The development of machine learning has also led to the development of abnormal traffic detection technology. The goal has been to use powerful and fast learning algorithms to deal with changing threats and respond in real-time. Most of the current abnormal detection research is based on simulation, using public and well-known datasets. On the one hand, the dataset contains high-dimensional massive data, which traditional machine learning methods cannot be processed. On the other hand, the labeled data scale is far behind the application requirements, and the dataset's labels are all manually labeled, so the labeling cost is exceptionally high. This paper proposes a semi-supervised Double Deep Q-Network (SSDDQN)-based optimization method for network abnormal traffic detection, mainly based on Double Deep Q-Network (DDQN), a representative of Deep Reinforcement Learning algorithm. In SSDDQN, the current network first adopts the autoencoder to reconstruct the traffic features and then uses a deep neural network as a classifier. The target network first uses the unsupervised learning algorithm K-Means clustering and then uses deep neural network prediction. The experiment uses NSL-KDD and AWID datasets for training and testing and -erforms a comprehensive comparison with existing machine learning models. The experimental results show that SSDDQN has certain advantages in time complexity and achieved good results in various evaluation metrics.

computer science, information systems

Yue Zhang,Wang Zhao

DOI: https://doi.org/10.1109/icngn59831.2023.10396667

2023-01-01

Abstract:The rapid development of information technology has greatly improved the level of enterprise informatization. However, while providing a variety of services to users, there may also be security issues such as data breaches, denial of service attacks, and extortion attempts. To address the aforementioned issues and enhance the security of information systems, multiple security devices have implemented protective measures. However, relying solely on the configuration and construction of security facilities cannot fundamentally resolve network security issues. Therefore, an important challenge currently faced is how to quantitatively assess, evaluate, and guide security personnel to optimize the configuration of the network security system. This is a significant matter that requires careful consideration.Currently, most existing quantitative security evaluation schemes focus on assessing security risks, but the entire security protection system has not been utilized as an evaluation criterion, and its protective effectiveness has not been quantitatively evaluated. Simultaneously, establishing quantitative connections between security impact factors and the security protection system, linking the protection effectiveness of individual security devices to overall security protection effectiveness, and then optimizing and improving the protection effectiveness have become critical bottlenecks in measuring the protection effectiveness of the network security protection system.

Lifang Liu,Lisha Zhao,Xiaogang Qi,Wei Xiong

DOI: https://doi.org/10.16182/j.issn1004731x.joss.201801024

2018-01-01

Abstract:With the booming development of Internet technology,network security threats force every country to pay more and more attention to network security.By analyzing and summarizing the principles of network security threats,three kinds of proactive security threats are proposed in this paper,including saturation security threats,deleting security threats,and tampering security threats.OPNET is employed as the simulation tool to establish multi-service communications network model,in which the node are based on the queuing theory model.In addition,different traffic intensity parameters are designed to simulate the network performance under various running situations.Fuzzy comprehensive evaluation method is used to assess the effect of network security threats.

Wei-na He,Dong-liang Xia,Jian-fang Liu,Uttam Ghosh

DOI: https://doi.org/10.1007/s11036-021-01881-8

2022-03-09

Mobile Networks and Applications

Abstract:There are some problems in the network public opinion monitoring, such as long monitoring time, low monitoring accuracy and so on. The network public opinion information of colleges and universities is collected through the public opinion information collection module; the collected network public opinion information is cleaned, filled, corrected and de noised by the public opinion information preprocessing module, and the network public opinion text is processed in parallel based on the parallel computing framework. To obtain the formatted data and extract the text feature items; through the network public opinion analysis module, the machine learning method is used to collect and cluster a large number of documents of the same event, identify the main theme of the document, track and evaluate the public opinion theme; through the network public opinion monitoring module, the probabilistic neural network is used to monitor the abnormal behavior of the university network public opinion data. The simulation results show that the dynamic monitoring system model of university network public opinion constructed in the big data environment has short monitoring time and high monitoring accuracy.

computer science, information systems,telecommunications, hardware & architecture

Guanling Zhao,Lisheng Huang,Lu Li,Yongfeng Zhang

DOI: https://doi.org/10.1155/2022/2594000

2022-01-01

Mobile Information Systems

Abstract:Industrial Internet security is a prerequisite to ensure the high-quality development of the Industrial Internet. The significant way to curb Industrial Internet security accidents and prevent cyber threats proactively is effectively controlling the changes in network situations. In this paper, we propose a new prediction model based on Long Short-Term Memory (LSTM), minimum mean square variance criterion (MMSVC), and empirical mode decomposition (EMD), with the aim of effective noise reduction and high prediction accuracy. To minimize the disturbance of random noise, we firstly deleted several outliers in high-frequency and noisy Intrinsic Mode Functions (IMFs) decomposed by EMD. MMSVC performs well in identifying noisy IMFs without using thresholds. For the blank places, we refilled them by a certain weight with relevant figures. After that, the LSTM model was applied to predict the denoised signal. The preliminary experimental analysis illustrated that noise reduction with the EMD method could provide a significant boost in forecasting performance.

Guoxing Li,Yuhe Wang,Shiming Li,Chao Yang,Qingqing Yang,Yanbin Yuan

DOI: https://doi.org/10.3390/s24144716

IF: 3.9

2024-07-20

Sensors

Abstract:This paper predicts the network security posture of an ICS, focusing on the reliability of Industrial Control Systems (ICSs). Evidence reasoning (ER) and belief rule base (BRB) techniques are employed to establish an ICS network security posture prediction model, ensuring the secure operation and prediction of the ICS. This model first integrates various information from the ICS to determine its network security posture value. Subsequently, through ER iteration, information fusion occurs and serves as an input for the BRB prediction model, which necessitates initial parameter setting by relevant experts. External factors may influence the experts' predictions; therefore, this paper proposes the Projection Equalization Optimization (P-EO) algorithm. This optimization algorithm updates the initial parameters to enhance the prediction of the ICS network security posture through the model. Finally, industrial datasets are used as experimental data to improve the credibility of the prediction experiments and validate the model's predictive performance in the ICS. Compared with other methods, this paper's prediction model demonstrates a superior prediction accuracy. By further comparing with other algorithms, this paper has a certain advantage when using less historical data to make predictions.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jingyu Xing,Zheng Zhang

DOI: https://doi.org/10.1155/2022/6783223

IF: 1.968

2022-03-23

Security and Communication Networks

Abstract:This paper presents an in-depth study and analysis of hierarchical network security measurement and optimal active defense in the cloud computing environment. All the cloud platform security-related data collected through cloud platform monitoring is collected, and then the relevant security data is summarized and analyzed, so that the specific security posture index of the cloud platform can be derived, thus providing a reference for cloud platform managers to judge the security risks of the cloud platform. It provides a reference for cloud platform managers to judge the security risks of cloud platforms. Through the cloud platform security situation awareness system, we mainly study the construction of cloud platform, the construction of security situation awareness system, and the calculation of security situation value and use, thus greatly improving the stability, security, and reliability of the cloud platform. The application of the method avoids the drawbacks of traditional network security management, which relies entirely on past data and cannot sense changes in the security state of the system in real time. At the same time, the predicted results are added to the input of the fuzzy decision-making system, improving the accuracy of the assessment. The method improves the real-time and effectiveness of network security posture prediction, increases the convergence speed and prediction accuracy of the algorithm, and avoids the occurrence of overfitting. Simulation experiments based on the internet network security posture dataset show that this research method has less prediction error than the traditional machine learning methods and other deep learning methods, has higher learning efficiency, and is more rapid, accurate, and effective in predicting the trend of network security posture in the big data environment in the future period.

computer science, information systems,telecommunications

Wei Hu,Jian-hua Li,Xiu-zhen Chen,Xing-hao Jiang

DOI: https://doi.org/10.1007/s12204-010-1025-z

2010-01-01

Abstract:Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing research focuses on the current situation evaluation, and seldom discusses the future prediction. Based on the historical research, an improved grey Verhulst model is put forward to predict the future situation. Aiming at the shortages in the prediction based on traditional Verhulst model, the adaptive grey parameters and equaldimensions grey filling methods are proposed to improve the precision. The simulation results prove that the scheme is efficient and applicable.