A Network Security Situational Awareness Model Based on Information Fusion
Security situational awareness has become a hot topic in the area of network securityresearch in recent years. The existing security situational awareness methods are analyzed and compared in details, and thus a newnetwork security situational awareness model based on information fusion is proposed. This modelfuses multi-source information from a mass of logs by introducing the modified D-S evidence theory,gets the values of nodes security situational awareness by situational factors fusion using attacks threat,and vulnerability information which network nodes have and successful attacks depend on, computesthe value of network security situational awareness by nodes situation fusion using service informationof the network nodes, and draws the security-situation-graph of network. Then, it analyzes the timeseries of the computing results by ARMA model to forecast the future threat in network security.Finally an example of actual network datasets is given to validate the network security situationalawareness model and algorithm. The results show that this model and algorithm is more effective andaccurate than the existing security situational awareness methods.
Q. Lu and C.G. Zhang
Abasi "A Network Security Situational Awareness Model Based on Information Fusion", Advanced Materials Research, Vols. 846-847, pp. 1632-1635, 2014