Guangjie Zhang,Xiaobo Tan

DOI: https://doi.org/10.1117/12.2675117

2023-05-25

Abstract:In the research of network security situational awareness, an important problem that needs to be solved urgently is that in the face of a large number of noisy multi-source data, the accuracy of obtaining network security situational awareness indicators will be affected. This paper proposes a data fusion processing method based on deep neural network to solve the above problems, which first uses natural language processing technology to process high-noise data in the data, and does a good job of word reduction of the data through the WordNetLemmatizer module. The TF-IDF feature extraction algorithm is applied to extract features through the frequency of data occurrence and the weight of the data. The experimental results show that the accuracy of obtaining network security situational awareness indicators by using the data fusion method based on deep neural network reaches more than 85% compared with the data fusion methods of other machine learning algorithms, and can be applied to the network security situational awareness model.

Computer Science,Engineering

Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

WANG Chun-lei,FANG Lan,WANG Dong-xia,DAI Yi-qi

DOI: https://doi.org/10.1109/iccet.2010.5486194

2012-01-01

Computer Science

Abstract:Network security situation awareness provides the unique high level security view based upon the security alert events. But the complexities and diversities of security alert data on modern networks make such analysis extremely difficult. In this paper, we analyze the existing problems of network security situation awareness system and propose a framework for network security situation awareness based on knowledge discovery. The framework consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the D-S evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The generation of network security situation is to extract the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery method and transform these patterns to the correlation rules of network security situation, and finally to automatically generate the network security situation graph. Application of the integrated Network Security Situation Awareness system (Net-SSA) shows that the proposed framework supports for the accurate modeling and effective generation of network security situation.

Junwei Zhang,Huamin Feng,Biao Liu,Dongmei Zhao

DOI: https://doi.org/10.3390/s23052608

IF: 3.9

2023-02-27

Sensors

Abstract:Network security situation awareness (NSSA) is an integral part of cybersecurity defense, and it is essential for cybersecurity managers to respond to increasingly sophisticated cyber threats. Different from traditional security measures, NSSA can identify the behavior of various activities in the network and conduct intent understanding and impact assessment from a macro perspective so as to provide reasonable decision support, predicting the development trend of network security. It is a means to analyze the network security quantitatively. Although NSSA has received extensive attention and exploration, there is a lack of comprehensive reviews of the related technologies. This paper presents a state-of-the-art study on NSSA that can help bridge the current research status and future large-scale application. First, the paper provides a concise introduction to NSSA, highlighting its development process. Then, the paper focuses on the research progress of key technologies in recent years. We further discuss the classic use cases of NSSA. Finally, the survey details various challenges and potential research directions related to NSSA.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhijun Zhang

2011-01-01

Abstract:As the use of distributed deployment of a large number of heterogeneous security devices in order to build network security defense system generates a mass of security event information which is difficult to effectively manage and the security monitoring systems that are deployed in different places are difficult to manage integratedly, united platform model for network security management is proposed. According to the actual distribution of Yunnan security monitoring systems, the platform establish a level of information system by the use of distributed technology. Platform designs and analyzes its oriented network security managers system architecture and uses risk assessment and event correlation to analyze network operating conditions in real-time, reduce false alarm ratio so that network security managers can find security accidents precisely and respond promptly. And then the paper describes key technologies such as distributed data model,secure event standardization model,secure communication and control protocol in detail.

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

Yehong Yang

DOI: https://doi.org/10.2991/WARTIA-16.2016.25

2016-05-14

Abstract:With the popularity of computers, the Internet has entered the production and all aspects of social life, but the attendant problem of network security has become the focus of widespread concern. Network security situation awareness to effectively respond to network security issues provide a viable solution: for complex network environments and malicious attacks, a comprehensive analysis of attacks against various parts of the network system, from a macro point of view of network security situation be assess and predict the future of network security situation based on this information. For the predictive accuracy of prediction system for network security situation has improved significantly, and network security situation prediction method based on machine learning for the network security situation prediction have a high degree feasible, in the real network security situation awareness applications have certain research and practical value. Introduction of Network Security Situational Awareness Network security situation is the current status and trends of the entire information from a variety of factors operating conditions of various network devices, network behavior and user behavior constituted. Network security situational awareness can acquire, understand and display the network environment of security elements. Through a series of technical means in time and space, are fully aware of network security and access and associated elements as possible in a pluralistic, and the establishment of a network based on complex behaviors modeling and simulation situational analysis and pre-side system, and then integrate and analyze vast amounts of security associated with the network-related data. Network security situation awareness is a scientific and effective network security situation assessment and use of relevant technologies to make reasonable predictions about trends over time network security, network management personnel in advance to remind the network system for network equipment, network peer node hosts and data resources to make reasonable adjustments, upgrades and backup, network environment to address the risk of possible future harm to the network system, losses may result down to an acceptable range . Extract information network security situation is carried out on the basis of situational awareness that only a comprehensive collection of data and the use of sophisticated index system, to ensure the correctness of the results of the assessment. Therefore, in the design process model or system must pay attention to select a metric system. Network security situation is a source of diverse, different collection methods, different devices collect data formats, network security situation letter from mainly contains configuration, operating status, traffic, user behavior and other information.

Computer Science

Genghong Lu,Dongqin Feng

DOI: https://doi.org/10.23919/icif.2018.8455208

2018-01-01

Abstract:Due to the wide implementation of communication networks, industrial control systems are vulnerable to malicious attacks, which could cause potentially devastating results. Adversaries launch integrity attacks by injecting false data into systems to create fake events or cover up the plan of damaging the systems. In addition, the complexity and nonlinearity of control systems make it more difficult to detect attacks and defense it. Therefore, a novel security situation awareness framework based on particle filtering, which has good ability in estimating state for nonlinear systems, is proposed to provide an accuracy understanding of system situation. First, a system state estimation based on particle filtering is presented to estimate nodes state. Then, a voting scheme is introduced into hazard situation detection to identify the malicious nodes and a local estimator is constructed to estimate the actual system state by removing the identified malicious nodes. Finally, based on the estimated actual state, the actual measurements of the compromised nodes are predicted by using the situation prediction algorithm. At the end of this paper, a simulation of a continuous stirred tank is conducted to verify the efficiency of the proposed framework and algorithms.

Dehua Kong,Huyuan li,Hongyan dong

DOI: https://doi.org/10.1088/1742-6596/1883/1/012108

2021-04-01

Journal of Physics: Conference Series

Abstract:Abstract With the development of Internet technology and the continuous improvement of social informatization, the network has gradually become an indispensable part of people’s production and life. The importance of network security has received more and more attention. A variety of security products have been applied to the network to strengthen and maintain the safe operation of the network. However, these security means can only play a specific role in a certain range, and lack of effective data fusion and collaborative management mechanism. In the face of many scattered information, network security managers cannot respond to security incidents in time. For the purpose of grasping the current situation and changes of network security, network security situation awareness technology came into being, it has become a new hotspot in network security research. This paper proposes a fuzzy comprehensive evaluation model which combines AHP and fuzzy evaluation method to evaluate network security situation.

Yiyang Yao,Zhiqiang Wang,Chun Gan,Qian Kang,Xuejiao Liu,Yingjie Xia,Luming Zhang

DOI: https://doi.org/10.1016/j.neucom.2015.12.127

IF: 6

2016-01-01

Neurocomputing

Abstract:To secure the network system, a large number of different information security devices, e.g., intrusion detection system, firewall, etc., have been deployed in the network. These devices can protect the network system from all aspects, but also bring new problems for information security administration. Massive alert data from different devices are increasingly generated and some real alerts are buried with the overwhelming alerts, which are mixed with a large amount of repetitive and false alerts. In this paper, we propose a multi-source alert data understanding scheme based on rough set theory for security semantic discovery. Firstly, we classify the alert data according to the data features to merge the multi-source alerts. Then, we calculate the weight for each classification of alerts by applying the rough set theory to historical data. Then we perform data aggregation by alert similarity computation to reduce repetitive alerts from different sources. Also, we introduce reliability metrics to measure the credibility of different alerts for further correlation and semantic analysis according to the network background information. We perform experiments on the collected data set in the real network system and DARPR 2000 data set. Experimental results show that our proposed method could reduce more than 80% repetitive alerts in the data sets.

Maoli Wang,Guangxue Song,Yang Yu,Bowen Zhang

DOI: https://doi.org/10.3390/electronics12102309

IF: 2.9

2023-05-20

Electronics

Abstract:Network security situational awareness is based on the extraction and analysis of big data, and by understanding these data to evaluate the current network security status and predict future development trends, provide feedback to decision-makers to make corresponding countermeasures, and achieve security protection for the network environment. This article focuses on artificial intelligence, summarizes the related definitions and classic models of network security situational awareness, and provides an overview of artificial intelligence. Starting from the method of machine learning, it specifically introduces the research status of neural-network-based network security situational awareness and summarizes the research work in recent years. Finally, the future development trends of network security situational awareness are summarized, and its prospects.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li,Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li

DOI: https://doi.org/10.1186/s13638-019-1506-1

2019-08-13

EURASIP Journal on Wireless Communications and Networking

Abstract:Information technology has penetrated into all aspects of politics, economy, and culture of the whole society. The information revolution has changed the way of communication all over the world, promoted the giant development of human society, and also drawn unprecedented attention to network security issues. Studies, focusing on network security, have experienced four main stages: idealized design for ensuring security, auxiliary examination and passive defense, active analysis and strategy formulation, and overall perception and trend prediction. Under the background of the new strategic command for the digital control that all countries are scrambled for, the discussion of network security situational awareness presents new characteristics both in the academic study and industrialization. In this regard, a thorough investigation has been made in the present paper into the literature of network security situational awareness. Firstly, the research status both at home and abroad is introduced, and then, the logical analysis framework is put forward concerning the network security situational awareness from the perspective of the data value chain. The whole process is composed of five successive stages: factor acquisition, model representation, measurement establishment, solution analysis, and situation prediction. Subsequently, the role of each stage and the mainstream methods are elaborated, and the application results on the experimental objects and the horizontal comparison between the methods are explained. In an attempt to provide a panoramic recognition of network security situational awareness, and auxiliary ideas for the industrialization of network security, this paper aims to provide some references for the scientific research and engineering personnel in this field.

telecommunications,engineering, electrical & electronic

Bichen Hua,Kanjian Zhang,Haikun Wei,Jinxia Zhang,Liping Xie

DOI: https://doi.org/10.1145/3415048.3416120

2020-01-01

Abstract:Photovoltaic power generation is an important part of the current new energy sources. With the development of photovoltaic power generation technology, the corresponding security operation technology has become a new research topic. In this paper, a multi-level fire detection platform based on multi-source heterogeneous information fusion is proposed. The platform includes two levels of detection, level 1 is smoke detection through video monitoring data. Level 2 is the fire detection of data collected by meteorological monitoring. Through the two-level detection, the fire hazard situation and fire hazard location can be accurately located.

Zhao Yifan

DOI: https://doi.org/10.1109/WCCCT52091.2021.00015

2021-01-01

Abstract:Along with the advance of science and technology, informationization society construction is gradually perfect. The development of modern information technology has driven the growth of the entire network spatial data, and network security is a matter of national security. There are several countries included in the national security strategy, with the increase of network space connected point, traditional network security space processing way already cannot adapt to the demand. Machine learning can effectively solve the problem of network security. Around the machine learning technology applied in the field of network security research results, this paper introduces the basic concept of network security situational awareness system, the basic model, and system framework. Based on machine learning, this paper elaborates the network security situation awareness technology, including data mining technology, feature extraction technology and situation prediction technology. Recursive feature elimination, decision tree algorithm, support vector machine, and future research direction in the field of network security situational awareness are also discussed.

Computer Science

ZHANG Yong,TAN Xiao-Bin,CUI Xiao-Lin,XI Hong-Sheng

DOI: https://doi.org/10.3724/sp.j.1001.2011.03751

2011-01-01

Abstract:To accurately evaluate security situation states,this paper proposes an approach to network security situation awareness(NSSA) based on Hidden Markov Model(HMM).It gains standardized data of network structure information,assets,threats and vulnerabilities via fusing variety system security data collected by multi-sensors.For every asset,this paper associates its suffered threats with its vulnerabilities to analyze the sequence of its security incidents,establishes HMMs to analyze security situation factors of confidentiality,integrity and availability.Using sliding window mechanism it trains segmented sequence of security incidents and it gains the parameters of HMM's through update algorithm with forgetting factor.According to the HMMs and security incidents sequence it evaluates security situation factors of one asset's and entire network.Depending on the application background it evaluates security situation states of different network system.The investigation of evaluation to a specific network indicates that the approach is suitable for actual network environment and the evaluation result is precise and efficient.

Ying Zhou,Guodong Zhao,Roobaea Alroobaea,Abdullah M. Baqasah,Rajan Miglani

DOI: https://doi.org/10.1515/jisys-2022-0037

2022-01-01

Journal of Intelligent Systems

Abstract:Abstract Due to the complexity and versatility of network security alarm data, a cloud-based network security data extraction method is proposed to address the inability to effectively understand the network security situation. The information properties of the situation are generated by creating a set of spatial characteristics classification of network security knowledge, which is then used to analyze and optimize the processing of hybrid network security situation information using cloud computing technology and co-filtering technology. Knowledge and information about the security situation of a hybrid network has been analyzed using cloud computing strategy. The simulation results show that a cyber security crash occurs in window 20, after which the protection index drops to window 500. The increase in the security index of 500 windows is consistent with the effectiveness of the concept of this document method, indicating that this document method can sense changes in the network security situation. Starting from the first attacked window, the defense index began to decrease. In order to simulate the added network defense, the network security events in the 295th time window were reduced in the original data, and the defense index increased significantly in the corresponding time period, which is consistent with the method perception results, which further verifies the effectiveness and reliability of this method on the network security event perception. This method provides high-precision knowledge of network security situations and improves the security and stability of cloud-based networks.

Jinwei Yang,Yu Yang,Lu Zheng,Ruixia Cheng,Shengnan Lin

DOI: https://doi.org/10.1088/1742-6596/2310/1/012071

2022-10-11

Journal of Physics: Conference Series

Abstract:Network security situation awareness (NSSA) can analyze current network status and predict trends. Intrusion detection systems are used as sources of security factor in situational awareness, and their accuracy affects the assessment of network security. The attack graph can filter out key nodes and enumerate possible attack paths, which has become the main method of risk assessment. Therefore, a network security situation assessment technology based on intrusion detection was proposed. The detection rate of the intrusion detection system was improved firstly, and then the attack graph was combined with the hidden Markov model (HMM) for network security assessment. The experimental results show that this method can effectively speculate the attack intention and reflect the results intuitively and roundly.

Hao Wang,Guozhen Tan,Yuan Wang,Guangyuan Wang

DOI: https://doi.org/10.1109/icicip.2010.5564174

2010-01-01

Abstract:The concept of the Internet of Things provides a new model to access the information of the objective world. A new approach based on the Internet of Things for traffic emergent events is proposed. The network architecture entails a hierarchy of capability, information and control, where nodes in the network expected to possess resources for networking and computing and presume autonomy through multi-functional modules for sensory processing and situation assessment. For the data fusion of multi-sensor device, the paper puts forward three different methods of date fusion according to different integrality levels of raw information. Finally, Bayesian network method is used to get situational assessment of the fused data. Comprehensive experiments on urban traffic emergent events of Dalian and comparisons with several other methods show that the Bayesian network combined with the Internet of Things is a very promising and effective approach for traffic emergent events' situation assessment modeling and forecasting, both for complete data and incomplete data.

Yu Sun,Xiaorong Liu,Xiaoli Shen

DOI: https://doi.org/10.1155/2022/3170164

IF: 1.968

2022-11-19

Security and Communication Networks

Abstract:With the rapid advancement of society and the level of programming and the rapid development of computer technology, networking and information are playing an increasingly important role in the social life of the masses. Creating and developing a network information security monitoring system have become one of the most important ways to keep a computer running smoothly. Traditional information security systems cannot adapt to the ever-changing network environment. If only relying on it to maintain network security, it will be far from effective monitoring and defense. Based on the theory of network information security, this study analyzes the characteristics of network information and the information security monitoring technology at the current stage. Based on the background of big data era, a new type of computer network information security monitoring system is proposed. This system is compared with the traditional network information security monitoring system, and the performance and stability of the system are investigated, respectively. The experimental data show that the network information security monitoring system designed in this study can achieve more than 99% detection rate of external attacks in a network environment with a background traffic of 10M. Its false alarm rate is lower than 4%, and the false alarm rate is lower than 7%. The qualitative mean reaches 93.02%, indicating its good monitoring accuracy and stability. By popularizing it in the current network environment, it can effectively identify and defend information attacks and maintain the development of network information security.

computer science, information systems,telecommunications

Hongwu Zhang,Kai Kang,Wei Bai

DOI: https://doi.org/10.3233/jcm-226542

2022-11-12

Journal of Computational Methods in Sciences and Engineering

Abstract:In order to improve the accuracy of hierarchical network security situational awareness data fusion and shorten the fusion time, this paper proposes a hierarchical network security situational awareness data fusion method in cloud computing environment. The hierarchical model is established to obtain the hierarchical structure of data fusion. Hierarchical network security situational awareness data are collected and processed in parallel by cloud computing technology. According to the data collection results, the similarity between security events is calculated by using the clustering idea, and the similar security events are merged to achieve the purpose of removing redundant events. The hierarchical network security situational awareness data is fused by grey relational analysis. Finally, the simulation results show that the accuracy of data fusion of this method is high, up to 98%, and the fusion time is short, the longest is 13 s. Compared with the comparison method, this method has a better performance, indicating that this method is suitable for data fusion of hierarchical network security situation awareness.