A Network Security Situational Awareness Model Based on Information Fusion


Article Preview

Security situational awareness has become a hot topic in the area of network securityresearch in recent years. The existing security situational awareness methods are analyzed and compared in details, and thus a newnetwork security situational awareness model based on information fusion is proposed. This modelfuses multi-source information from a mass of logs by introducing the modified D-S evidence theory,gets the values of nodes security situational awareness by situational factors fusion using attacks threat,and vulnerability information which network nodes have and successful attacks depend on, computesthe value of network security situational awareness by nodes situation fusion using service informationof the network nodes, and draws the security-situation-graph of network. Then, it analyzes the timeseries of the computing results by ARMA model to forecast the future threat in network security.Finally an example of actual network datasets is given to validate the network security situationalawareness model and algorithm. The results show that this model and algorithm is more effective andaccurate than the existing security situational awareness methods.



Advanced Materials Research (Volumes 846-847)

Edited by:

Q. Lu and C.G. Zhang




Abasi, "A Network Security Situational Awareness Model Based on Information Fusion", Advanced Materials Research, Vols. 846-847, pp. 1632-1635, 2014

Online since:

November 2013





* - Corresponding Author

[1] Lakkaraju K, Yurcik W, Lee A J. NVisionIP: NetFlowvisualizations of system state for security situationalawareness [C]/Proc of the 2004 ACM Workshop onVisualization and Data Mining for Computer Security. NewYork: ACM, 2004: 65-72.

DOI: https://doi.org/10.1145/1029208.1029219

[2] Yin Xiaoxin, Yurcik W, TreasterM, et al. VisFlowConnect: NetFlow visualizations of link relationshipsfor security situational awareness [C]/Proc of the 2004ACM Workshop on Visualization and Data Mining forComputer Security. New York: ACM, 2004: 26-34.

DOI: https://doi.org/10.1145/1029208.1029214

[3] Zhu Liang, Wang Huiqiang, ZhengLijun. Survey of networksecurity situation visualizations [OL]. [2008-01-08].

[4] Bass T. Intrusion detection systems &multisensordatafusion: Creating Cyberspace Situational Awareness [J]. Communications of the ACM, 2000, 43(4): 99-105.

[5] D Ambrosio B. Security situation assessment and responseevaluation (SSARE)[C]/DISCEX 01. Proceedings: DARPAInformation Survivability Conference & Exposition II. LosAlamitos: IEEE Computer Society, 2001: 387-394.

DOI: https://doi.org/10.1109/discex.2001.932233

[6] Gorodetsky V, Karsaev O, Samoilov V. On-line update ofsituation assessment based on asynchronous data streams [C]/Knowledge-Based Intelligent Information and EngineeringSystems. Berlin/Heidelberg: Springer, 2004: 1136-1142.

DOI: https://doi.org/10.1007/978-3-540-30132-5_154

[7] Zhang Haixia, Su Purui, FengDengguo. Network securityanalysis model based on the increase in attack ability [J]. Journal of Computer Research and Development, 2007, 44.