Selection and Fusion of Indicators for Network Security Situational Awareness
Network security situational awareness process collects security data from system log and security tools, extracts values of situational indicators and fuses these indicators values into security situation value. The security situational value reflects the all-side security situation of cyberspace. The selection and fusion of indicators become critical to precision of situation value. In the paper, an approach will be introduced to select indicators based on a hierarchical framework of network security situational awareness. These indicators will be fused into situation value depended on formulas that are deduced in accordance with the hierarchical framework.
Y. M. Fu et al., "Selection and Fusion of Indicators for Network Security Situational Awareness", Advanced Materials Research, Vols. 179-180, pp. 613-618, 2011