Abstract
With the increasing importance of cyberspace security, the research and application of network situational awareness is getting more attention. The research on network security situational awareness is of great significance for improving the network monitoring ability, emergency response capability and predicting the development trend of network security. This paper describes the development and evolution of network situational awareness and analyzes the basic architecture of the current situational awareness system. Based on the situational awareness conceptual model, four main research contents of situational awareness are elaborated: network data collection, situational understanding, situational prediction and situational visualization. This paper focuses on the core issues, main algorithms, and the advantages and disadvantages of each method that need to be addressed at each research point. Finally, under the current development trend of big data processing technology and artificial intelligence technology, the application realization and development trend of network situational awareness are analyzed and forecasted.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Endsley, M.R.: Design and evaluation for situation awareness enhancement. In: Proceedings of the Human Factors Society Annual Meeting, vol. 32, no. 2, pp. 97–101. SAGE Publications, Los Angeles (1988)
Bass, T.: Multisensor data fusion for next generation distributed intrusion detection systems (1999)
McGuinness, B., Foy, L.: A subjective measure of SA: the crew awareness rating scale (CARS). In: Proceedings of the First Human Performance, Situation Awareness, and Automation Conference, Savannah, Georgia, vol. 16 (2000)
Tadda, G., Salerno, J.J., Boulware, D., et al.: Realizing situation awareness within a cyber environment. In: Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2006, vol. 6242, p. 624204. International Society for Optics and Photonics (2006)
Franke, U., Brynielsson, J.: Cyber situational awareness – a systematic review of the literature. Comput. Secur. 46, 18–31 (2014)
Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, pp. 247–266. Springer, Boston (2005). https://doi.org/10.1007/0-387-24230-9_9
Wang, L., Singhal, A., Jajodia, S.: Measuring the overall security of network configurations using attack graphs. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 98–112. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73538-0_9
Bu, Y., Howe, B., Balazinska, M., et al.: HaLoop: efficient iterative data processing on large clusters. Proc. VLDB Endowment 3(1–2), 285–296 (2010)
Zaharia, M., Xin, R.S., Wendell, P., et al.: Apache spark: a unified engine for big data processing. Commun. ACM 59(11), 56–65 (2016)
Chen, X.Z., Zheng, Q.H., Guan, X.H., et al.: Quantitative hierarchical threat evaluation model for network security. J. Softw. 17(4), 885–897 (2006)
Ning, P., Cui, Y., Reeves, D.S., et al.: Techniques and tools for analyzing intrusion alerts. ACM Trans. Inf. Syst. Secur. (TISSEC) 7(2), 274–318 (2004)
Morin, B., Mé, L., Debar, H., et al.: A logic-based model to support alert correlation in intrusion detection. Inf. Fusion 10(4), 285–299 (2009)
Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Elsevier, Amsterdam (2014)
Mahoney, S.M., Laskey, K.B.: Constructing situation specific belief networks. In: Proceedings of the Fourteenth Conference on Uncertainty in Artificial Intelligence, pp. 370–378. Morgan Kaufmann Publishers Inc., (1998)
Chen, B., Varshney, P.K.: A Bayesian sampling approach to decision fusion using hierarchical models. IEEE Trans. Sig. Process. 50(8), 1809–1818 (2002)
Park, C.Y., Laskey, K.B., Costa, P.C.G., et al.: Predictive situation awareness reference model using multi-entity bayesian networks. In: 2014 17th International Conference on Information Fusion (FUSION), pp. 1–8. IEEE (2014)
Damarla, T.: Hidden markov model as a framework for situational awareness. In: 2008 11th International Conference on Information Fusion, pp. 1–7. IEEE (2008)
Dempster, A.P.: Upper and lower probabilities induced by a multivalued mapping. In: Yager, R.R., Liu, L. (eds.) Classic Works of the Dempster-Shafer Theory of Belief Functions, vol. 219, pp. 57–72. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-44792-4_3
Shafer, G.: A Mathematical Theory of Evidence. Princeton University Press, Princeton (1976)
Sabata, B., Ornes, C.: Multisource evidence fusion for cyber-situation assessment. In: Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2006, vol. 6242, p. 624201. International Society for Optics and Photonics (2006)
Zhang, W., Ji, X., Yang, Y., et al.: Data fusion method based on improved DS evidence theory. In: 2018 IEEE International Conference on Big Data and Smart Computing (BigComp), pp. 760–766. IEEE (2018)
Deng, J.L.: Properties of relational space for grey system. Grey Syst. (1988)
Hu, W., Li, J., Chen, X., et al.: Network security situation prediction based on improved adaptive grey Verhulst model. J. Shanghai Jiaotong Univ. (Sci.) 15(4), 408–413 (2010)
Jibao, L., Huiqiang, W., Xiaowu, L., et al.: A quantitative prediction method of network security situation based on wavelet neural network. In: ISDPE, pp. 197–202. IEEE (2007)
Beaver, J.M., Steed, C.A., Patton, R.M., et al.: Visualization techniques for computer network defense. In: Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense X, vol. 8019, p. 801906. International Society for Optics and Photonics (2011)
Phan, D., Gerth, J., Lee, M., Paepcke, A., Winograd, T.: Visual analysis of network flow data with timelines and event plots. In: Goodall, J.R., Conti, G., Ma, K.L. (eds.) VizSEC 2007, pp. 85–99. Springer, Heidelberg (2008)
Cheng, J., Ruomeng, X., Tang, X., Sheng, V.S., Cai, C.: An Abnormal Network Flow Feature Sequence Prediction Approach for DDoS Attacks Detection in Big Data Environment. CMC: Comput. Mater. Continua 55(1), 095–119 (2018)
Xiaonian, W., Zhang, C., Zhang, R., Wang, Y., Cui, J.: A distributed intrusion detection model via nondestructive partitioning and balanced allocation for big data. CMC: Comput. Mater. Continua 56(1), 61–72 (2018)
Acknowledgement
This work was supported by National Key Research & Development Plan of China under Grant 2016QY05X1000, National Natural Science Foundation of China under Grant No. 61872111, and Dongguan Innovative Research Team Program under Grant No. 201636000100038.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, C., Ye, L., Yu, X., Ding, B. (2019). A Survey of Network Security Situational Awareness Technology. In: Sun, X., Pan, Z., Bertino, E. (eds) Artificial Intelligence and Security. ICAIS 2019. Lecture Notes in Computer Science(), vol 11635. Springer, Cham. https://doi.org/10.1007/978-3-030-24268-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-24268-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24267-1
Online ISBN: 978-3-030-24268-8
eBook Packages: Computer ScienceComputer Science (R0)