Skip to main content
SpringerLink
Log in

Implemention of Cyber Security Situation Awareness Based on Knowledge Discovery with Trusted Computer

  • Conference paper
Web Technologies and Applications (APWeb 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8710))

Included in the following conference series:

  • 1686 Accesses

Abstract

Situation awareness aims to provide the global security views of the cyberspace for administrators. In this paper, a novel framework of cyber security situation awareness is proposed. The framework is based on a trusted engine, and can be viewed from two perspectives, one is data flow, which presents the abstracting of cyber data, and the other one is logic view, which presents the procedure of situation awareness. The framework’s core component is a correlation state machine, which is an extension of state machine, and used to model attack scenarios. The correlation state machine is a data structure of situation awareness, and stored in a trusted computer in order to avoid being tampered. It is created based on the technology of knowledge discovery, and after being created, it can be used to assess and predict the threat situation. We conclude with an example of how the framework can be applied to real world to provide cyber security situation for administrators.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ramaki, A.A., Ebrahimi, R., et al.: Enhancement Intrusion Detection using Alert Correlation in Co-operative Intrusion Detection Systems. Journal of Basic and Applied Scientific Research 3(6) (2013)

    Google Scholar 

  2. Blackhat Website, http://www.blackhat.com

  3. Bass, T.: Multi-Sensor Data Fusion for next Generation Distributed Intrusion Detection Systems. In: 1999 IRIS National Symposium on Sensor and Data Fusion, Laurel, USA, vol. (1), pp. 24–27 (1999)

    Google Scholar 

  4. Bass, T.: Intrusion Detection Systems and Multi-Sensor Data Fusion: Creating Cyberspace Situation Awareness. Communications of the ACM 43(4), 99–105 (2000)

    Article  Google Scholar 

  5. Huiqiang, W., Jibao, L., Mingming, H.: Research on the key implement technology of network security situation awareness. Geomatics and Information Science of Wuhan University 33(10) (2008) (in Chinese)

    Google Scholar 

  6. Xin, L., Xiaoqiang, W., Peidong, Z., Yuxing, P.: Security Evaluation for Inter-Domain Routing System in the Internet. Journal of Computer Research and Development 46(10), 1669–1677 (2009) (in Chinese)

    Google Scholar 

  7. Amann, B., Sommer, R., Sharma, A., Hall, S.: A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 314–333. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  8. Shosha, A.F., James, J.I., Liu, C.-C., Gladyshev, P.: Towards automated forensic event reconstruction of malicious code (Poster abstract). In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 388–389. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  9. Xiao, F.U., Jin, S.H.I., Li, X.I.E.: Layered intrusion scenario reconstruction method for automated evidence analysis. Journal of Software 22(5), 996–1008 (2011) (in Chinese)

    Google Scholar 

  10. Nian, L., Sunjun, L., Yong, L., Hui, Z.: Method of Network Security Situation Awareness Based on Artificial Immunity System. Computer Science 37(1) (2010) (in Chinese)

    Google Scholar 

  11. Gorodetsky, V., Karsaev, O., Samoilov, V.: On-line update of situation assessment based on asynchronous data streams. In: Negoita, M.G., Howlett, R.J., Jain, L.C. (eds.) KES 2004. LNCS (LNAI), vol. 3213, pp. 1136–1142. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Xiuzhen, C., Qinghua, Z., Xiaohong, G., et al.: Quantitative hierarchical threat evaluation model for network security. Jouranl of Software 17(4), 885–897 (2006) (in Chinese)

    Article  MATH  Google Scholar 

  13. Yegneswaran, V., Barford, P., Paxson, V.: Using Honeynets for Internet situation awareness [C/OL]. In: Pro of ACM/ USENIX Hotnets IV (2005), http://www.icir.org/vern/papers/sit-aware-hotnet05.pdf (January 12, 2008)

  14. Dongxia, W., Xiaoyan, H., Lan, F., Xuewei, F.: Security Situation Awareness Information Model, Harsh Environment Resistance Annual Meeting of the computer (2010)

    Google Scholar 

  15. Xuewei, F., Dongxia, W.: Analyzing and Correlating Security Events Using State Machine. In: 2010 International Workshop on Frontiers of Secure Networks (2010)

    Google Scholar 

  16. Xuewei, F., Dongxia, W.: Research on the Key Technology of Reconstrucing Attack Scenario Based on State Machine. In: 2010 IEEE International Conference on Computer Science and Information Technology (2010)

    Google Scholar 

  17. Trusted Computing Group Website: http://www.trustedcomputinggroup.org

  18. 2000 DARPA Intrusion Scenario Specific Data Sets[OL], http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html (January 24, 2008)

Download references

Author information

Authors and Affiliations

  1. Beijing Aerospace Control Center, Beijing, 100296, China

    Zeng Jiemei

  2. Beijing Institute of System Engineer, National Key Laboratory of Science and Technology on Information System Security, Beijing, 100101, China

    Feng Xuewei, Wang Dongxia & Fang Lan

Authors
  1. Zeng Jiemei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng Xuewei
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wang Dongxia
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fang Lan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science, National University of Defense Technology, 410073, Changsha, China

    Weihong Han

  2. School of Information Technology & Electrical Engineering, University of Queensland, 4107, Brisbane, QLD, Australia

    Zi Huang

  3. School of Computer and Communication Engineering, University of Science and Technology Beijing, 100083, Beijing, China

    Changjun Hu

  4. School of Computer Science and Technology, Harbin Institute of Technology, 150006, Harbin, China

    Hongli Zhang

  5. Institute of Information Engineering, Chinese Academy of Sciences, 100864, Beijing, China

    Li Guo

Rights and permissions

Reprints and permissions

Copyright information

Âİ 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Jiemei, Z., Xuewei, F., Dongxia, W., Lan, F. (2014). Implemention of Cyber Security Situation Awareness Based on Knowledge Discovery with Trusted Computer. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds) Web Technologies and Applications. APWeb 2014. Lecture Notes in Computer Science, vol 8710. Springer, Cham. https://doi.org/10.1007/978-3-319-11119-3_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11119-3_21

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11118-6

  • Online ISBN: 978-3-319-11119-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation