Junwei Zhang,Huamin Feng,Biao Liu,Dongmei Zhao

DOI: https://doi.org/10.3390/s23052608

IF: 3.9

2023-02-27

Sensors

Abstract:Network security situation awareness (NSSA) is an integral part of cybersecurity defense, and it is essential for cybersecurity managers to respond to increasingly sophisticated cyber threats. Different from traditional security measures, NSSA can identify the behavior of various activities in the network and conduct intent understanding and impact assessment from a macro perspective so as to provide reasonable decision support, predicting the development trend of network security. It is a means to analyze the network security quantitatively. Although NSSA has received extensive attention and exploration, there is a lack of comprehensive reviews of the related technologies. This paper presents a state-of-the-art study on NSSA that can help bridge the current research status and future large-scale application. First, the paper provides a concise introduction to NSSA, highlighting its development process. Then, the paper focuses on the research progress of key technologies in recent years. We further discuss the classic use cases of NSSA. Finally, the survey details various challenges and potential research directions related to NSSA.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Fannv He,Yuqing Zhang,Huizheng Liu

DOI: https://doi.org/10.48550/arXiv.1711.10182

2017-11-28

Cryptography and Security

Abstract:Internet of Things (IoT) is characterized by various of heterogeneous devices and facing numerous threats. Modeling security of IoT is still a certain challenge. This paper defines a Stochastic Colored Petri Net (SCPN) for IoT-based smart environment and then proposes a Markov Game model for security situational awareness (SSA) in the defined SCPN. All possible attack paths are computed by the SCPN, and antagonistic behavior of both attackers and defenders are taken into consideration dynamically according to Game Theory. Two attack scenarios in smart home environment are taken into consideration to demonstrate the effectiveness of the proposed model. The proposed model can form a macroscopic trend curve of security situation. Analysis of the results shows the capabilities of the proposed model in finding vulnerable devices and potential attack paths, and even mitigating the impact of attacks. To our knowledge, this is the first attempt to establish a dynamic SSA model for a complex IoT-based smart environment.

Yehong Yang

DOI: https://doi.org/10.2991/WARTIA-16.2016.25

2016-05-14

Abstract:With the popularity of computers, the Internet has entered the production and all aspects of social life, but the attendant problem of network security has become the focus of widespread concern. Network security situation awareness to effectively respond to network security issues provide a viable solution: for complex network environments and malicious attacks, a comprehensive analysis of attacks against various parts of the network system, from a macro point of view of network security situation be assess and predict the future of network security situation based on this information. For the predictive accuracy of prediction system for network security situation has improved significantly, and network security situation prediction method based on machine learning for the network security situation prediction have a high degree feasible, in the real network security situation awareness applications have certain research and practical value. Introduction of Network Security Situational Awareness Network security situation is the current status and trends of the entire information from a variety of factors operating conditions of various network devices, network behavior and user behavior constituted. Network security situational awareness can acquire, understand and display the network environment of security elements. Through a series of technical means in time and space, are fully aware of network security and access and associated elements as possible in a pluralistic, and the establishment of a network based on complex behaviors modeling and simulation situational analysis and pre-side system, and then integrate and analyze vast amounts of security associated with the network-related data. Network security situation awareness is a scientific and effective network security situation assessment and use of relevant technologies to make reasonable predictions about trends over time network security, network management personnel in advance to remind the network system for network equipment, network peer node hosts and data resources to make reasonable adjustments, upgrades and backup, network environment to address the risk of possible future harm to the network system, losses may result down to an acceptable range . Extract information network security situation is carried out on the basis of situational awareness that only a comprehensive collection of data and the use of sophisticated index system, to ensure the correctness of the results of the assessment. Therefore, in the design process model or system must pay attention to select a metric system. Network security situation is a source of diverse, different collection methods, different devices collect data formats, network security situation letter from mainly contains configuration, operating status, traffic, user behavior and other information.

Computer Science

Xiaohong Shi,Chenglong Liu,Gong Chen,Huihui Tang,Song He

DOI: https://doi.org/10.1109/icetci55101.2022.9832324

2022-05-27

Abstract:The development of the Internet has brought a lot of convenience to people, but it also has some drawbacks and threats. For netizens, the study of the network security situation(SS) is the protection of privacy and security, as well as the maintenance of basic rights. Therefore, the research on network security situation assessment(NSSA) is based on security considerations. It can help people better understand this problem and take corresponding measures to control and prevent possible dangers. This article mainly uses experimental method and data method to carry out relevant research on AHP and NSSA and prediction technology(PT). Experimental results show. In the second to third time periods, the number of messages collected and the number of Trojan horse attacks changed inversely, and the fluctuations changed sharply. This shows that it is necessary to apply the analytic hierarchy process(AHP) for situation assessment.

Computer Science

Rongrong Xi,Shuyuan Jin,Xiao-chun Yun,Yongzheng Zhang

DOI: https://doi.org/10.1109/TrustCom.2011.62

2011-01-01

Abstract:With tremendous attacks in the Internet, there is a high demand for network analysts to know about the situations of network security effectively. Traditional network security tools lack the capability of analyzing and assessing network security situations comprehensively. In this paper, we introduce a novel network situation awareness tool - CNSSA (Comprehensive Network Security Situation Awareness) - to perceive network security situations comprehensively. Based on the fusion of network information, CNSSA makes a quantitative assessment on the situations of network security. It visualizes the situations of network security in its multiple and various views, so that network analysts can know about the situations of network security easily and comprehensively. The case studies demonstrate how CNSSA can be deployed into a real network and how CNSSA can effectively comprehend the situation changes of network security in real time.

Lina Zhu,Guoen Xia,Zuochang Zhang,Jianhua Li,Renjie Zhou

DOI: https://doi.org/10.14257/ijsia.2016.10.11.14

2016-01-01

International Journal of Security and Its Applications

Abstract:Network security situation awareness is vital important for network security supervision. In order to obtain the network security situation effectively, a multidimensional assessment method is proposed in this paper. The method is composed of three dimensions at different levels, namely vulnerability, threat and basic operation, with quantitative calculation method for each index. In the service layer, CVSS standard is adopted to assess the vulnerability situation, and simplified DREAD model is chosen for the threat situation. In the node layer, the vulnerability situation in the service layer is added with a weight, the threat situation in the service layer is accumulated according to attack paths based on Markov model, and the basic operation situation is evaluated by DS evidence fusion of several host and network performance index. In the network layer, each situation equals to weighted summation of corresponding situation in the node layer. Experimental results show the ease of use of this method, and multi-dimensional situation depicts the overall safety evolution process of network system accurately and intuitively.

Yikun Zhu,Zhiling Du

DOI: https://doi.org/10.1155/2021/5527746

2021-05-31

Scientific Programming

Abstract:In today’s increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security. At present, there are still gaps or room for improvement in network security situational awareness in terms of model scheme improvement, comprehensive and integrated consideration, algorithm design optimization, etc. A lot of scientific research investments and results are still needed to improve the form of network security in a long and solid way. In this paper, we propose a network security posture assessment model based on time-varying evidence theory for the existing multisource information fusion technology that lacks consideration of the problem of threat occurrence support rate over time and make the threat information reflect the law of time change by introducing a time parameter in the basic probability assignment value. Thus, the existing hierarchical threat posture quantitative assessment technique is improved and a hierarchical multisource network security threat posture assessment model based on time-varying evidence theory is proposed. Finally, the superiority of the proposed model is verified through experiments.

computer science, software engineering

Yuanzhuo Wang,Jingyuan Li,Kun Meng,Chuang Lin,Xueqi Cheng

DOI: https://doi.org/10.1002/sec.535

IF: 1.968

2012-04-17

Security and Communication Networks

Abstract:In this paper, we propose a novel modeling method attack–defense stochastic game Petri nets (or ADSGN) to model and analyze the security issues in enterprise network. We firstly give the definition and modeling method algorithm of ADSGN and then propose the algorithm of the strategy. The proposed ADSGN method is successfully applied to describe the attack and defense courses in the enterprise network. Finally, we analyze the mean time to first security breach and the mean time to security breach in the enterprise network quantifiably, and proved that our method can also be applied to other areas with respect to game issues. Copyright © 2012 John Wiley & Sons, Ltd. According to the characteristics of the network attack and defense actions, we extend the previous work by proposing attack‐defense stochastic game Petri nets (or ADSGNs), which can be used to model and analyze the competitive game issues by using classical methods from stochastic Petri nets. ADSGN are suitable to investigate the complex and dynamic game‐related issues in network attack. In this paper, we use ADSGN to model and analyze the enterprise network attacks, compute the Nash equilibrium to deduce the best‐response strategies to defend the attacks. We believe that ADSGN can open a new avenue to handle the game‐related issues in network security.

computer science, information systems,telecommunications

Yanli Liu,Meng Cui

DOI: https://doi.org/10.1007/978-3-030-51431-0_39

2020-07-24

Abstract:Since the new century, with the gradual popularization of computer networks around the world, network security defense methods have become more sophisticated and comprehensive, but they are still unable to defend against increasingly sophisticated and increasingly globalized virus attacks. In the process of network use and promotion, the influence of viruses on the network and hackers’ attacks have become an important factor threatening network security. Especially when people use the Internet to pay funds, remittances and other online financial activities, network security has become a constant topic. Establishing an efficient network security incident response system is of great significance for the network to better play its role. Based on the research of network security monitoring, network attack defense, network data backup and recovery theory and technology, this paper studies the strategy model of network security incident response, and uses relevant theories and methods of software engineering, combined with programming languages, to achieve Related application modules of this model. This article implements a low-cost, high-performance multi-data backup and recovery system that works in conjunction with other security devices and systems in the network. The overall structure and workflow are analyzed and designed to achieve multi-point backup and Fast recovery, efficient synchronization strategy for remote data, etc. The experimental research found that the network security incident response system can effectively reduce the security risk of the internal network, with a security proportion of more than 92%.

ruijuan zheng,dan zhang,qingtao wu,mingchuan zhang,chunlei yang

DOI: https://doi.org/10.1007/978-3-642-35211-9_80

2012-01-01

Abstract:To solve self-adaptation problem of network situation awareness process, a strategy of network security situation autonomic awareness (NSSAA) drawing on autonomic computing ideas was proposed in this paper. The policy can effectively extract situation information by analyzing the situation extraction in real time. On the basis of this, current network security situation is evaluated by employing hierarchical analysis method from two angles of attack and defense. Future network security situation is forecast by adopting based on likelihood BP to realize self-learning adjustment of the weight of the specified parameter. Test results show that the proposed policy could made self-adaptation ability of system effectively enhance.

Mixia Liu,Dongmei Yu,Qiuyu Zhang,Honglei Zhu

DOI: https://doi.org/10.1109/IWASID.2007.373676

2007-01-01

Abstract:With the development of computer networks, the spread of malicious network activities poses great risks to the operational integrity of many organizations and imposes heavy economic burdens on life and health. Therefore, risk assessment is very important in network security management and analysis. Network security situation analysis not only can describe the current state but also project the next behavior of the network. Alerts coming from IDS, Firewall, and other security tools are currently growing at a rapid pace. Large organizations are having trouble keeping on top of the current state of their networks. In this paper, we described cyberspace situational awareness from formal and visual methods. Next, to make security administrator comprehend security situation and project the next behaviors of the whole network, we present using parallel axes view to give expression clearly of security events correlations. At last, we concluded that visualization is an important research of risk evaluation and situation analysis of network.

Guozheng Yang,Yongheng Zhang,Yuliang Lu,Yi Xie,Jiayi Yu

DOI: https://doi.org/10.3390/e26040315

IF: 2.738

2024-04-05

Entropy

Abstract:Network security situational awareness (NSSA) aims to capture, understand, and display security elements in large-scale network environments in order to predict security trends in the relevant network environment. With the internet's increasingly large scale, increasingly complex structure, and gradual diversification of components, the traditional single-layer network topology model can no longer meet the needs of network security analysis. Therefore, we conduct research based on a multi-layer network model for network security situational awareness, which is characterized by the three-layer network structure of a physical device network, a business application network, and a user role network. Its network characteristics require new assessment methods, so we propose a multi-layer network link importance assessment metric: the multi-layer-dependent link entropy (MDLE). On the one hand, the MDLE comprehensively evaluates the connectivity importance of links by fitting the link-local betweenness centrality and mapping entropy. On the other hand, it relies on the link-dependent mechanism to better aggregate the link importance contributions in each network layer. The experimental results show that the MDLE has better ordering monotonicity during critical link discovery and a higher destruction efficacy in destruction simulations compared to classical link importance metrics, thus better adapting to the critical link discovery requirements of a multi-layer network topology.

physics, multidisciplinary

Jinwei Yang,Yu Yang,Lu Zheng,Ruixia Cheng,Shengnan Lin

DOI: https://doi.org/10.1088/1742-6596/2310/1/012071

2022-10-11

Journal of Physics: Conference Series

Abstract:Network security situation awareness (NSSA) can analyze current network status and predict trends. Intrusion detection systems are used as sources of security factor in situational awareness, and their accuracy affects the assessment of network security. The attack graph can filter out key nodes and enumerate possible attack paths, which has become the main method of risk assessment. Therefore, a network security situation assessment technology based on intrusion detection was proposed. The detection rate of the intrusion detection system was improved firstly, and then the attack graph was combined with the hidden Markov model (HMM) for network security assessment. The experimental results show that this method can effectively speculate the attack intention and reflect the results intuitively and roundly.

Yiyang Jia,Hanyan Wu,Dongxing Jiang

DOI: https://doi.org/10.1109/CyberC.2015.47

2015-01-01

Abstract:Security situation assessment is an effective way to analyze the situation of an information system, which helps administrator understand the current system risk status and make policy to response in time. However, the existing researches for security situation assessment mostly focus on network. The proposed methods for network are not so suitable for information systems. This paper proposes a hierarchical security situation analysis framework for information system, based on a classical NSSA [1] (network security situation analysis) model. The framework provides a standard flow for analyzing the security situation of information system. It consists a security situation analysis model of information system, an index system used in the model proposed, and a quantitative index fusion method to calculate a security situational value. We divided information system into 3 levels: sub-system level, composition level and index level. The collected information from the index level can be combined with grey model to determine the correlation degree between each major index and secondary index. Finally we calculate the whole system security situational value level by level. We use data from Tsinghua University information system to verify the proposed model and method. The result shows that this model can reflect the current security situation of information system comprehensively.

Wei HU,Jian-hua LI,Xiu-zhen CHEN,Xing-hao JIANG

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.01.028

2009-01-01

Abstract:Although network security situation (NSS) becomes a hot topic, the investigation on situation awareness (SA) still lacks an approbatory standard. Based on Endsley’s research, the paper presents a scalable NSS model, and improves situation extraction (SE) to fit the network environment. The proposed model utilizes knowledge bases to standardize the situation acquisition and model the situation as an entity. The incident frequency, incident time, and space information are contained in the model, and the situation acquisition is simplified. Finally, the simulation results prove the model’s feasibility and efficiency.

Binbin Liu

DOI: https://doi.org/10.1088/1742-6596/2037/1/012126

2021-09-01

Journal of Physics: Conference Series

Abstract:At present, network security is a problem that needs to be solved urgently in the current network era. In order to reduce the loss caused by network security threats, and also use limited computer resources to select the best defense strategy, a set of network attack and defense game models are designed to identify the situation of network security threats. Aiming at the unstable problem of the security quantification process of traditional network node information, a network security threat situation identification based on the offensive and defensive game model is proposed. First, build an offensive and defensive game model, design the corresponding situation identification strategy, and calculate the overall utility and expected output of both offensive and defensive parties while clarifying the changes in the authority of both sides during the offensive and defensive process. This paper takes the offensive and defensive game model as the theoretical basis of the research, uses the algorithm as the auxiliary research, and integrates its important content to analyze and research the optimization of the algorithm to improve the network security threat situation identification. This paper uses the classic offensive and defensive game model as the research object to identify the threat situation of network security. In the process of selecting the offensive and defensive game model, it is necessary to have a better grasp of the relevant algorithms. This article introduces the offensive and defensive game model into the network security threat situation identification, and on this basis, it deeply discusses the applicability and effectiveness of the offensive and defensive game model in the complex network security threat situation identification, and provides better for the establishment of future network security systems. Reference. The experimental results show that this study is effective and feasible in the offensive and defensive game model in the network security threat situation identification. It should be noted that in the defense process, the probability of success and the degree of damage of the attack path must be grasped to ensure that the optimal offensive and defensive decision-making meets the actual needs of network security.

Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li,Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li

DOI: https://doi.org/10.1186/s13638-019-1506-1

2019-08-13

EURASIP Journal on Wireless Communications and Networking

Abstract:Information technology has penetrated into all aspects of politics, economy, and culture of the whole society. The information revolution has changed the way of communication all over the world, promoted the giant development of human society, and also drawn unprecedented attention to network security issues. Studies, focusing on network security, have experienced four main stages: idealized design for ensuring security, auxiliary examination and passive defense, active analysis and strategy formulation, and overall perception and trend prediction. Under the background of the new strategic command for the digital control that all countries are scrambled for, the discussion of network security situational awareness presents new characteristics both in the academic study and industrialization. In this regard, a thorough investigation has been made in the present paper into the literature of network security situational awareness. Firstly, the research status both at home and abroad is introduced, and then, the logical analysis framework is put forward concerning the network security situational awareness from the perspective of the data value chain. The whole process is composed of five successive stages: factor acquisition, model representation, measurement establishment, solution analysis, and situation prediction. Subsequently, the role of each stage and the mainstream methods are elaborated, and the application results on the experimental objects and the horizontal comparison between the methods are explained. In an attempt to provide a panoramic recognition of network security situational awareness, and auxiliary ideas for the industrialization of network security, this paper aims to provide some references for the scientific research and engineering personnel in this field.

telecommunications,engineering, electrical & electronic

Juan Wang,Zhi-Guang Qin,Li Ye,Jing Jin

DOI: https://doi.org/10.1109/icccas.2008.4657814

2008-01-01

Abstract:Network situation awareness (NSA) is a new idea of network security, it is different from normal network security technique for its visualization and high-level data management, transform the abstract data to knowledge that human can understand, help network manager to make decision. Present NSA model have some weakness donpsilat fit to network security. This paper promote a improve model of the NSA, add privacy-preserving module, richen the data source, visualization (integrate GIS technique) and projection technique of situation awareness to improve abilities of emergences respond, reduce losses of network attacks, reveal abnormally intrusions.

Xiufeng Li,Zhen Zhang

DOI: https://doi.org/10.1007/s12599-024-00864-9

2024-04-24

Business & Information Systems Engineering

Abstract:At present, businesses can reap impressive benefits from the Internet of Things (IoT). However, with the increasing number of IoT devices and the complexity of the IoT ecosystem, there is a growing concern about security vulnerabilities. This study aims to address the network security investment problem in an IoT environment by developing a game-theoretical model. It examines the impact of IoT service level and customer characteristics on the incentives for both the IoT platform and the manufacturer to invest in security, as well as the platform's profitability. Through analytical analysis, several noteworthy findings are obtained. Firstly, it is found that a higher IoT platform service level corresponds to a higher security responsibility. As a result, the platform needs to carefully consider the costs and benefits associated with security investment and service provision. Additionally, the research demonstrates that both the platform and the manufacturer's efforts to enhance security do not diminish, even when faced with increasing customer losses due to security breaches. This is because the IoT platform indirectly benefits a larger number of consumers who purchase smart devices, thus motivating the platform to prioritize network security efforts. Furthermore, the study reveals the influence of the unit security cost and the amount of highly sensitive customers on the security efforts undertaken by both the IoT platform and the smart device manufacturer. These results have important practical implications for firms operating within an IoT-based supply chain. Specifically, the findings can provide valuable decision-making guidance for enterprises seeking digital transformation and trying to make informed choices regarding platform operations.

computer science, information systems

ZHANG Dan,ZHENG Ruijuan,WU Qingtao,DAI Yumei

DOI: https://doi.org/10.3724/sp.j.1087.2013.00404

2013-01-01

Journal of Computer Applications

Abstract:Concerning the complexity of network security management and the absence of self-adaptation on situation awareness process,a Network Security Situation Awareness Model(NSSAM) based on autonomic computing was proposed.The situation extraction was analyzed in real-time by an autonomic feedback law.From the perspectives of attack and defense,a multi-level and multi-angle network security situation assessment model employing Analytic Hierarchy Process(AHP) was established according to the extracted situation information.The model of future network security situation prediction adopting improved genetic neural network was built on the basis of the past and current network security situation.Test results show that NSSAM with autonomic feedback mechanism can effectively enhance self-adaptation of the system.