Yehong Yang

DOI: https://doi.org/10.2991/WARTIA-16.2016.25

2016-05-14

Abstract:With the popularity of computers, the Internet has entered the production and all aspects of social life, but the attendant problem of network security has become the focus of widespread concern. Network security situation awareness to effectively respond to network security issues provide a viable solution: for complex network environments and malicious attacks, a comprehensive analysis of attacks against various parts of the network system, from a macro point of view of network security situation be assess and predict the future of network security situation based on this information. For the predictive accuracy of prediction system for network security situation has improved significantly, and network security situation prediction method based on machine learning for the network security situation prediction have a high degree feasible, in the real network security situation awareness applications have certain research and practical value. Introduction of Network Security Situational Awareness Network security situation is the current status and trends of the entire information from a variety of factors operating conditions of various network devices, network behavior and user behavior constituted. Network security situational awareness can acquire, understand and display the network environment of security elements. Through a series of technical means in time and space, are fully aware of network security and access and associated elements as possible in a pluralistic, and the establishment of a network based on complex behaviors modeling and simulation situational analysis and pre-side system, and then integrate and analyze vast amounts of security associated with the network-related data. Network security situation awareness is a scientific and effective network security situation assessment and use of relevant technologies to make reasonable predictions about trends over time network security, network management personnel in advance to remind the network system for network equipment, network peer node hosts and data resources to make reasonable adjustments, upgrades and backup, network environment to address the risk of possible future harm to the network system, losses may result down to an acceptable range . Extract information network security situation is carried out on the basis of situational awareness that only a comprehensive collection of data and the use of sophisticated index system, to ensure the correctness of the results of the assessment. Therefore, in the design process model or system must pay attention to select a metric system. Network security situation is a source of diverse, different collection methods, different devices collect data formats, network security situation letter from mainly contains configuration, operating status, traffic, user behavior and other information.

Computer Science

Li Yuan

DOI: https://doi.org/10.1002/spy2.181

2021-07-24

Security and Privacy

Abstract:People always pay attention to the security of the network. This paper mainly analyzed the problem of network security situation prediction (NSSP). The radial basis function neural network was improved by the particle swarm optimization algorithm, and a modified particle swarm optimization-radial basis function algorithm was obtained, which was used as the prediction model. Then, the data from National Internet Emergency Center were used as the experimental data, and the modified particle swarm optimization-radial basis function algorithm was compared with radial basis function and particle swarm optimization-radial basis function algorithms. The results showed that the modified particle swarm optimization-radial basis function algorithm could achieve convergence in about 50 times of iterations, showing a high calculation efficiency and a short operation time, and the mean absolute percentage error value, mean square error value, and root-mean-square error value were small (2.13%, 0.0005, and 0.0224), showing that the algorithm had good prediction performance. The results verify the reliability of the modified particle swarm optimization-radial basis function algorithm in NSSP, which is conducive to further improve network security.

Jinwei Yang,Yu Yang,Lu Zheng,Ruixia Cheng,Shengnan Lin

DOI: https://doi.org/10.1088/1742-6596/2310/1/012071

2022-10-11

Journal of Physics: Conference Series

Abstract:Network security situation awareness (NSSA) can analyze current network status and predict trends. Intrusion detection systems are used as sources of security factor in situational awareness, and their accuracy affects the assessment of network security. The attack graph can filter out key nodes and enumerate possible attack paths, which has become the main method of risk assessment. Therefore, a network security situation assessment technology based on intrusion detection was proposed. The detection rate of the intrusion detection system was improved firstly, and then the attack graph was combined with the hidden Markov model (HMM) for network security assessment. The experimental results show that this method can effectively speculate the attack intention and reflect the results intuitively and roundly.

Rixin Xue,Peng Tang,Shudong Fang

DOI: https://doi.org/10.1155/2022/2794889

2022-02-09

Wireless Communications and Mobile Computing

Abstract:Traditional NSSA (network security situational awareness) systems have significant equipment limitations, poor data fusion capabilities, and a low level of analysis and evaluation, making them difficult to adapt to large-scale and complex network environments. This paper proposes the study of computer NSS (network security situation) prediction technology based on AR (association rules) mining to solve this problem. The support-confidence framework is improved by introducing an interest evaluation standard, and the value of AR is re-evaluated, based on a discussion of traditional concepts and algorithms related to AR mining. The MFP-interest algorithm proposed in this paper is a combination of alarm AR template and interest degree. The MFP-interest algorithm was put to the test. We discovered that the MFP-interest algorithm can effectively predict NSS and indicate its development trend when run in a real-world network environment. Most time points have a relative error range of less than 0.035.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

Junwei Zhang,Huamin Feng,Biao Liu,Dongmei Zhao

DOI: https://doi.org/10.3390/s23052608

IF: 3.9

2023-02-27

Sensors

Abstract:Network security situation awareness (NSSA) is an integral part of cybersecurity defense, and it is essential for cybersecurity managers to respond to increasingly sophisticated cyber threats. Different from traditional security measures, NSSA can identify the behavior of various activities in the network and conduct intent understanding and impact assessment from a macro perspective so as to provide reasonable decision support, predicting the development trend of network security. It is a means to analyze the network security quantitatively. Although NSSA has received extensive attention and exploration, there is a lack of comprehensive reviews of the related technologies. This paper presents a state-of-the-art study on NSSA that can help bridge the current research status and future large-scale application. First, the paper provides a concise introduction to NSSA, highlighting its development process. Then, the paper focuses on the research progress of key technologies in recent years. We further discuss the classic use cases of NSSA. Finally, the survey details various challenges and potential research directions related to NSSA.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Chengqiong Ye,Wenyu Shi,Rui Zhang

DOI: https://doi.org/10.1186/s13635-021-00118-1

2021-04-20

EURASIP Journal on Information Security

Abstract:Abstract In order to further improve the accuracy and efficiency of network information security situation prediction, this study used the dynamic equal-dimensional method based on gray correlation analysis to improve the GM (1, N) model and carried out an experiment on the designed network security situation prediction (NSSP) model in a simulated network environment. It was found that the predicted result of the improved GM (1, N) model was closer to the actual value. Taking the 11th hour as an example, the predicted value of the improved GM (1, N) model was 28.1524, which was only 0.8983 larger than the actual value; compared with neural network and Markov models, the error of the improved GM (1, N) model was smaller: the average error was only 2.3811, which was 67.88% and 70.31% smaller than the other two models. The improved GM (1, N) model had a time complexity that was 49.99% and 39.53% lower than neural network and Markov models; thus, it had high computational efficiency. The experimental results verify the effectiveness of the improved GM (1, N) model in solving the NSSP problem. The improved GM (1, N) model can be further promoted and applied in practice and deployed in the network of schools and enterprises to achieve network information security.

Zhihua Chen

DOI: https://doi.org/10.1109/acait53529.2021.9731205

2021-10-29

Abstract:As the core hotspot of network information security, network security situational awareness has received more and more attention. In order to explore the application effect of intelligent learning algorithm, this study takes Radial Basis Function (RBF) as the main research object, optimizes RBF by Simulated Annealing (SA) algorithm and Hybrid Hierarchy Genetic Algorithm (HHGA), constructs RBF neural network prediction model based on SA-HHGA optimization, and carries out relevant experiments. The results show that the predicted situation value of the optimized RBF in 15 samples is very close to the realistic situation value. RBF has good prediction effect and can provide assistance for the maintenance of network security.

DOI: https://doi.org/10.47852/bonviewjcce149145205514

2022-01-01

Journal of Computational and Cognitive Engineering

Abstract:With the increasing scale and complexity of the network, the network attack technology is also changing, such as malicious program attack, Trojan horse, distributed denial of service attack, worm, virus, web code injection, botnet, and other new network attack tools emerge in large numbers. As the core hotspot of network information security, network security situational awareness has received more and more attention. The traditional way of network security situational awareness prediction is relatively single. Usually, only one algorithm is used for perception and prediction, and its prediction accuracy is limited. To explore the application effect of intelligent learning algorithm, this study takes radial basis function (RBF) neural network as the main research object, optimizes RBF by simulated annealing (SA) algorithm and hybrid hierarchy genetic algorithm (HHGA), constructs RBF neural network prediction model based on SA–HHGA optimization, and carries out relevant experiments. The results show that the predicted situation value of the optimized RBF neural network in 15 samples is very close to the actual situation value. The neural network has good prediction effect and can provide assistance for the maintenance of network security.

Raj Pokhrel Nawa,P. Tsokos Chris,Nawa Raj Pokhrel,Chris P. Tsokos

DOI: https://doi.org/10.4236/jis.2017.82007

2017-01-01

Journal of Information Security

Abstract:There are several security metrics developed to protect the computer networks. In general, common security metrics focus on qualitative and subjective aspects of networks lacking formal statistical models. In the present study, we propose a stochastic model to quantify the risk associated with the overall network using Markovian process in conjunction with Common Vulnerability Scoring System (CVSS) framework. The model we developed uses host access graph to represent the network environment. Utilizing the developed model, one can filter the large amount of information available by making a priority list of vulnerable nodes existing in the network. Once a priority list is prepared, network administrators can make software patch decisions. Gaining in depth understanding of the risk and priority level of each host helps individuals to implement decisions like deployment of security products and to design network topologies.

J S Shyam Mohan,M .Thirunavukkarasu,N .Kumaran,D. Thamaraiselvi

DOI: https://doi.org/10.1016/j.suscom.2023.100955

2024-02-10

Sustainable Computing: Informatics and Systems

Abstract:Network security situation assessment (NSSA) is imperative and active defense technology in the network security situation. By examining NSSA data, one can examine the threat of network security and examine the network attack phase and hence fully grasp the complete network security situation. With the quick design of 5 G, the cloud model and Internet of things (IoT), the network platform is increasingly complicated and resulting in diversity of network threats which discover the accuracy. Thus, a new blockchain based cyber-security threat intelligence (CTI) and situational awareness system is devised for intrusion alert prediction. A blockchain-based CTI model is considered where data acquired are allowed to linear normalization. Here, the cyber situational awareness engine is used for alert segregation, which is implemented with entropy weighting power k means algorithm wherein weights generated during alert segregation are updated using Adaptive Transit Search (ATS). Then, the feature selection is implemented using hybrid Soergel and Lorentzian. The selected features are fed to Deep Maxout Network (DMN) for performing intrusion alert prediction. Finally, the cyber attack mitigation is carried out by blacklisting based on predicted result. The modified DMN outperformed with highest F-measure of 95.2%, precision of 96.9% and recall of 94.7%.

computer science, information systems, hardware & architecture

Marek Vochozka,Jakub Horak,Tomas Krulicky

DOI: https://doi.org/10.21272/mmi.2020.2-24

2020-01-01

Marketing and Management of Innovations

Abstract:Accurate prediction of stock market values is a challenging task for over decades. Prediction of stock prices is associated with numerous benefits including but not limited to helping investors make wise decisions to accumulate profits. The development of the share price is a dynamic and nonlinear process affected by several factors. What is interesting is the unpredictability of share prices due to the global financial crisis. However, classical methods are no longer sufficient for the application of share price development prediction.However, over-relying on prediction data can lead to losses in the case of software malfunction. This paper aims to innovate the prediction management when predicting the share price development over time by the use of neural networks. For the contribution, the data on the prices of CEZ, a.s. shares obtained from the Prague Stock Exchange database. The stock price data are available for the period 2012-2017. In the case of Statistica software, the multilayer perceptron networks (MLP) and the radial basis function networks (RBF) are generated. In the case of Matlab software, the Support Vector Regression (SVR) and the Back-Propagation Neural Network (BPNN) are generated. The networks with the best characteristics are retained and based on the statistical interpretation of the results, and all are applicable in practice. In all data sets, MLP networks show stable performance better than in the case of SVR and BPNN networks. As for the final assessment, the deviation of 2.26% occurs in the most significant differential of the maximal and the minimal prediction. It is not necessarily significant regarding the price of one stock. However, in the case of purchasing or selling a large number of stocks, the difference may seem significant. Therefore, in practice, the application of two networks is recommended: MLP 1-2-1 and MLP 1-5-1. The first network always represents a pessimistic, minimal prediction. The second one of the recommended networks is an optimistic, maximal prediction. The actual situation should correspond to the interval of the difference between the optimistic and pessimistic prediction. Keywords: Statistica software, Matlab software, stock price development, neural networks, prediction.

Zehua Ren,Yang Liu,Huixiang Liu,Baoxiang Jiang,Xiangzhen Yao,Lin Li,Haiwen Yang,Ting Liu

DOI: https://doi.org/10.1109/infocomwkshps54753.2022.9798168

2022-01-01

Abstract:Traditional intrusion detection systems often deal with massive alarms based on specific filtering rules, which is complex and inexplicable. In this demo, we developed a network security situation awareness (NSSA) system based on the spatio-temporal correlation of alarms. It can monitor the security situation from the temporal dimension and discover abnormal events based on the time series of alarms. Also, it can analyze alarms from the spatial dimension on the heterogeneous alarm graph and handle alarms in batches of events. With this system, system operators can filter most irrelevant alarms quickly and efficiently. The rich visualization of alarm data could also help find hidden high-risk attack behaviors.

Zengyu Cai,Yifeng Yin,Zhi-Peng Pan,Ran Zhang

DOI: https://doi.org/10.4018/ijdcf.302877

2022-07-01

International Journal of Digital Crime and Forensics

Abstract:In order to address the problems that the accuracy and convergence of current network security situation assessment models need to be improved, a model of network security situation assessment based on SAA-SSA-BPNN is proposed. Using the characteristics of sparrow search algorithm (SSA) optimized by simulated annealing algorithm (SAA) with good stability, fast convergence speed and is not easy to fall into local optimum to improve the BP neural network (BPNN), so as to find the best fitness individual, and obtain the optimal weight and threshold, then assign them to the BP neural network as the initial values. The preprocessed index data is input into the improved BP neural network model for training, and finally the threat degree of the network system is assessed based on the trained model. Comparative experimental results show that this assessment model has higher accuracy and faster convergence than other situation assessment models based on improved BP neural network.

Computer Science

Wei Hu,Jian-hua Li,Xiu-zhen Chen,Xing-hao Jiang

DOI: https://doi.org/10.1007/s12204-010-1025-z

2010-01-01

Abstract:Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing research focuses on the current situation evaluation, and seldom discusses the future prediction. Based on the historical research, an improved grey Verhulst model is put forward to predict the future situation. Aiming at the shortages in the prediction based on traditional Verhulst model, the adaptive grey parameters and equaldimensions grey filling methods are proposed to improve the precision. The simulation results prove that the scheme is efficient and applicable.

Dongmei Zhao,Guoqing Ji,Yiling Zhang,Xunzheng Han,Shuiguang Zeng

DOI: https://doi.org/10.1109/tnsm.2024.3373663

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Convolutional neural networks have been widely used in intrusion detection and proactive network defense strategies such as network security situation prediction (NSSP). The interaction between cross-channel features and the dependencies between elements in the input data are essential factors that affect the prediction model’s performance. However, existing works have ignored these, resulting in performance that needs to be improved. To this end, we propose a GResNeSt model that combines the advantages of the global context block and ResNeSt to improve the NSSP performance. The GResNeSt model strengthens traditional convolutional neural networks in two ways: it effectively captures cross-feature interactions and obtains long-range dependencies of the input data. This enhances its performance in capturing associations among different elements, making it more effective in extracting critical information from data to identify network attacks. We used the Salp swarm algorithm to select optimal hyperparameters for improving the model’s performance. Furthermore, based on the attack impact, we calculated network security situation values of two public network datasets. Finally, comprehensive experiments on the datasets verified our model design and demonstrated that our scheme is superior to other models in terms of NSSP ability.

WANG Chun-lei,FANG Lan,WANG Dong-xia,DAI Yi-qi

DOI: https://doi.org/10.1109/iccet.2010.5486194

2012-01-01

Computer Science

Abstract:Network security situation awareness provides the unique high level security view based upon the security alert events. But the complexities and diversities of security alert data on modern networks make such analysis extremely difficult. In this paper, we analyze the existing problems of network security situation awareness system and propose a framework for network security situation awareness based on knowledge discovery. The framework consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the D-S evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The generation of network security situation is to extract the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery method and transform these patterns to the correlation rules of network security situation, and finally to automatically generate the network security situation graph. Application of the integrated Network Security Situation Awareness system (Net-SSA) shows that the proposed framework supports for the accurate modeling and effective generation of network security situation.

Guang Kou,Shuo Wang,Guangming Tang

DOI: https://doi.org/10.1049/cje.2018.10.007

IF: 1.019

2019-01-01

Chinese Journal of Electronics

Abstract:This paper analyzed the existing network security situation evaluation methods and discovered that they cannot accurately reflect the features of large-scale, synergetic, multi-stage gradually shown by network attack behaviors. For this purpose, the association between attack intention and network configuration information was deep analyzed. Then a network security situation evaluation method based on attack intention recognition was proposed. Unlike traditional method, the evaluation method was based on intruder. This method firstly made causal analysis of attack event and discovered and simplified intrusion path to recognize every attack phases, then realized situation evaluation based on the attack phases. Lastly attack intention was recognized and next attack phase was forecasted based on achieved attack phases, combined with vulnerability and network connectivity. A simulation experiments for the proposed network security situation evaluation model is performed by network examples. The experimental results show that this method is more accurate on reflecting the truth of attack. And the method does not need training on the historical sequence, so the method is more effective on situation forecasting.

engineering, electrical & electronic

Yong Peng,Jianhuan Huang,Zhe Wang

DOI: https://doi.org/10.1109/AIAM48774.2019.00063

2019-01-01

Abstract:In this paper, to control the development direction of network security situation more accurately and solve the forecasting problems in network security situation awareness (NSSA) a combined forecasting model of network security situation based on information fusion was proposed, in which sample set was firstly built according to the forecasted value and actual value of the situation of single forecasting model, and then the data set was used to calculate weight index, evaluation index and weight distribution of single forecasting model, and next the fusion characteristic of evidence theory was used to get the combination weight and carry out the combined forecasting, and finally each index was optimized by evidence discount method. The simulation results showed that the model can forecast the network security situation more effectively with the accuracy improved by about 8% on average compared with the existing forecast algorithms.

ruijuan zheng,dan zhang,qingtao wu,mingchuan zhang,chunlei yang

DOI: https://doi.org/10.1007/978-3-642-35211-9_80

2012-01-01

Abstract:To solve self-adaptation problem of network situation awareness process, a strategy of network security situation autonomic awareness (NSSAA) drawing on autonomic computing ideas was proposed in this paper. The policy can effectively extract situation information by analyzing the situation extraction in real time. On the basis of this, current network security situation is evaluated by employing hierarchical analysis method from two angles of attack and defense. Future network security situation is forecast by adopting based on likelihood BP to realize self-learning adjustment of the weight of the specified parameter. Test results show that the proposed policy could made self-adaptation ability of system effectively enhance.