Abstract
Situation awareness aims to provide the global security views of the cyberspace for administrators. In this paper, a novel framework of cyber security situation awareness is proposed. The framework is based on a trusted engine, and can be viewed from two perspectives, one is data flow, which presents the abstracting of cyber data, and the other one is logic view, which presents the procedure of situation awareness. The frameworkâs core component is a correlation state machine, which is an extension of state machine, and used to model attack scenarios. The correlation state machine is a data structure of situation awareness, and stored in a trusted computer in order to avoid being tampered. It is created based on the technology of knowledge discovery, and after being created, it can be used to assess and predict the threat situation. We conclude with an example of how the framework can be applied to real world to provide cyber security situation for administrators.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ramaki, A.A., Ebrahimi, R., et al.: Enhancement Intrusion Detection using Alert Correlation in Co-operative Intrusion Detection Systems. Journal of Basic and Applied Scientific Research 3(6) (2013)
Blackhat Website, http://www.blackhat.com
Bass, T.: Multi-Sensor Data Fusion for next Generation Distributed Intrusion Detection Systems. In: 1999 IRIS National Symposium on Sensor and Data Fusion, Laurel, USA, vol. (1), pp. 24â27 (1999)
Bass, T.: Intrusion Detection Systems and Multi-Sensor Data Fusion: Creating Cyberspace Situation Awareness. Communications of the ACMÂ 43(4), 99â105 (2000)
Huiqiang, W., Jibao, L., Mingming, H.: Research on the key implement technology of network security situation awareness. Geomatics and Information Science of Wuhan University 33(10) (2008) (in Chinese)
Xin, L., Xiaoqiang, W., Peidong, Z., Yuxing, P.: Security Evaluation for Inter-Domain Routing System in the Internet. Journal of Computer Research and Development 46(10), 1669â1677 (2009) (in Chinese)
Amann, B., Sommer, R., Sharma, A., Hall, S.: A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 314â333. Springer, Heidelberg (2012)
Shosha, A.F., James, J.I., Liu, C.-C., Gladyshev, P.: Towards automated forensic event reconstruction of malicious code (Poster abstract). In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 388â389. Springer, Heidelberg (2012)
Xiao, F.U., Jin, S.H.I., Li, X.I.E.: Layered intrusion scenario reconstruction method for automated evidence analysis. Journal of Software 22(5), 996â1008 (2011) (in Chinese)
Nian, L., Sunjun, L., Yong, L., Hui, Z.: Method of Network Security Situation Awareness Based on Artificial Immunity System. Computer Science 37(1) (2010) (in Chinese)
Gorodetsky, V., Karsaev, O., Samoilov, V.: On-line update of situation assessment based on asynchronous data streams. In: Negoita, M.G., Howlett, R.J., Jain, L.C. (eds.) KES 2004. LNCS (LNAI), vol. 3213, pp. 1136â1142. Springer, Heidelberg (2004)
Xiuzhen, C., Qinghua, Z., Xiaohong, G., et al.: Quantitative hierarchical threat evaluation model for network security. Jouranl of Software 17(4), 885â897 (2006) (in Chinese)
Yegneswaran, V., Barford, P., Paxson, V.: Using Honeynets for Internet situation awareness [C/OL]. In: Pro of ACM/ USENIX Hotnets IV (2005), http://www.icir.org/vern/papers/sit-aware-hotnet05.pdf (January 12, 2008)
Dongxia, W., Xiaoyan, H., Lan, F., Xuewei, F.: Security Situation Awareness Information Model, Harsh Environment Resistance Annual Meeting of the computer (2010)
Xuewei, F., Dongxia, W.: Analyzing and Correlating Security Events Using State Machine. In: 2010 International Workshop on Frontiers of Secure Networks (2010)
Xuewei, F., Dongxia, W.: Research on the Key Technology of Reconstrucing Attack Scenario Based on State Machine. In: 2010 IEEE International Conference on Computer Science and Information Technology (2010)
Trusted Computing Group Website: http://www.trustedcomputinggroup.org
2000 DARPA Intrusion Scenario Specific Data Sets[OL], http://www.ll.mit.edu/IST/ideval/data/2000/2000_data_index.html (January 24, 2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Âİ 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Jiemei, Z., Xuewei, F., Dongxia, W., Lan, F. (2014). Implemention of Cyber Security Situation Awareness Based on Knowledge Discovery with Trusted Computer. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds) Web Technologies and Applications. APWeb 2014. Lecture Notes in Computer Science, vol 8710. Springer, Cham. https://doi.org/10.1007/978-3-319-11119-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-11119-3_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11118-6
Online ISBN: 978-3-319-11119-3
eBook Packages: Computer ScienceComputer Science (R0)