The paper introduces the Endsley' s situation model into network security to describe the network security situation, and improves Endsley's data processing to suit network alerts. The proposed model contains the in...The paper introduces the Endsley' s situation model into network security to describe the network security situation, and improves Endsley's data processing to suit network alerts. The proposed model contains the information of incident frequency, incident time and incident space. The HoneyNet dataset is selected to evaluate the proposed model in the evaluation. The paper proposes three definitions to depict and predigest the whole situation extraction in detail, and a fusion component to reduce the influence of alert redundancy on the total security situation. The less complex extraction makes the situation analysis more efficient, and the fine-grained model makes the analysis have a better expansibility. Finally, the situational variation curves are simulated, and the evaluation results prove the situation model applicable and efficient.展开更多
Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHS...Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.展开更多
Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing r...Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing research focuses on the current situation evaluation, and seldom discusses the future prediction. Based on the historical research, an improved grey Verhulst model is put forward to predict the future situation. Aiming at the shortages in the prediction based on traditional Verhulst model, the adaptive grey parameters and equal- dimensions grey filling methods are proposed to improve the precision. The simulation results prove that the scheme is efficient and applicable.展开更多
Marine data buoy can provide a long-term, continuous, real-time, reliable data of ocean observation in a variety of complex marine environment. It is one of the most reliable, most effective and important means of oce...Marine data buoy can provide a long-term, continuous, real-time, reliable data of ocean observation in a variety of complex marine environment. It is one of the most reliable, most effective and important means of ocean monitoring technology. In this paper, the classification, main theory and technology system of marine data buoy are summarized. The typical technological breakthrough of the development of marine data buoy in recent years is summarized. The composition and application of marine monitoring network in China was introduced, and the gap between the technology of China's marine data buoy and the international advanced countries is compared.Combined on the situation and demand of China's current situation and needs, the development trend of marine data buoy and buoy monitoring network are expected.展开更多
To address the problem of network security situation assessment in the Industrial Internet,this paper adopts the evidential reasoning(ER)algorithm and belief rule base(BRB)method to establish an assessment model.First...To address the problem of network security situation assessment in the Industrial Internet,this paper adopts the evidential reasoning(ER)algorithm and belief rule base(BRB)method to establish an assessment model.First,this paper analyzes the influencing factors of the Industrial Internet and selects evaluation indicators that contain not only quantitative data but also qualitative knowledge.Second,the evaluation indicators are fused with expert knowledge and the ER algorithm.According to the fusion results,a network security situation assessment model of the Industrial Internet based on the ER and BRB method is established,and the projection covariance matrix adaptive evolution strategy(P-CMA-ES)is used to optimize the model parameters.This method can not only utilize semiquantitative information effectively but also use more uncertain information and prevent the problem of combinatorial explosion.Moreover,it solves the problem of the uncertainty of expert knowledge and overcomes the problem of low modeling accuracy caused by insufficient data.Finally,a network security situation assessment case of the Industrial Internet is analyzed to verify the effectiveness and superiority of the method.The research results showthat this method has strong applicability to the network security situation assessment of complex Industrial Internet systems.It can accurately reflect the actual network security situation of Industrial Internet systems and provide safe and reliable suggestions for network administrators to take timely countermeasures,thereby improving the risk monitoring and emergency response capabilities of the Industrial Internet.展开更多
The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is div...The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is divided into several logical subnets by community discovery algorithm.The logical subnets and connections between them constitute the logical network.Then,based on the original and logical networks,the selection of attack path is optimized according to the monotonic principle of attack behavior.The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA.The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s.Meanwhile,this method can give the same security strategy with other methods.展开更多
Purpose-The purpose of this paper is to solve the shortage of the existing methods for the prediction of network security situations(NSS).Because the conventional methods for the prediction of NSS,such as support vect...Purpose-The purpose of this paper is to solve the shortage of the existing methods for the prediction of network security situations(NSS).Because the conventional methods for the prediction of NSS,such as support vector machine,particle swarm optimization,etc.,lack accuracy,robustness and efficiency,in this study,the authors propose a new method for the prediction of NSS based on recurrent neural network(RNN)with gated recurrent unit.Design/methodology/approach-This method extracts internal and external information features from the original time-series network data for the first time.Then,the extracted features are applied to the deep RNN model for training and validation.After iteration and optimization,the accuracy of predictions of NSS will be obtained by the well-trained model,and the model is robust for the unstable network data.Findings-Experiments on bench marked data set show that the proposed method obtains more accurate and robust prediction results than conventional models.Although the deep RNN models need more time consumption for training,they guarantee the accuracy and robustness of prediction in return for validation.Originality/value-In the prediction of NSS time-series data,the proposed internal and external information features are well described the original data,and the employment of deep RNN model will outperform the state-of-the-arts models.展开更多
基金Supported by the National Natural Science Foundation of China (No. 60605019) and the National High Technology Research and Development Programe of China (No. 2003AA142160).
文摘The paper introduces the Endsley' s situation model into network security to describe the network security situation, and improves Endsley's data processing to suit network alerts. The proposed model contains the information of incident frequency, incident time and incident space. The HoneyNet dataset is selected to evaluate the proposed model in the evaluation. The paper proposes three definitions to depict and predigest the whole situation extraction in detail, and a fusion component to reduce the influence of alert redundancy on the total security situation. The less complex extraction makes the situation analysis more efficient, and the fine-grained model makes the analysis have a better expansibility. Finally, the situational variation curves are simulated, and the evaluation results prove the situation model applicable and efficient.
基金This work is funded by the National Natural Science Foundation of China under Grant U1636215the National key research and development plan under Grant Nos.2018YFB0803504,2016YFB0800303.
文摘Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.
基金the National Natural Science Foundation of China(No.60605019)
文摘Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing research focuses on the current situation evaluation, and seldom discusses the future prediction. Based on the historical research, an improved grey Verhulst model is put forward to predict the future situation. Aiming at the shortages in the prediction based on traditional Verhulst model, the adaptive grey parameters and equal- dimensions grey filling methods are proposed to improve the precision. The simulation results prove that the scheme is efficient and applicable.
基金Taishan Scholars Construction Project Special Funds of Shandong Province
文摘Marine data buoy can provide a long-term, continuous, real-time, reliable data of ocean observation in a variety of complex marine environment. It is one of the most reliable, most effective and important means of ocean monitoring technology. In this paper, the classification, main theory and technology system of marine data buoy are summarized. The typical technological breakthrough of the development of marine data buoy in recent years is summarized. The composition and application of marine monitoring network in China was introduced, and the gap between the technology of China's marine data buoy and the international advanced countries is compared.Combined on the situation and demand of China's current situation and needs, the development trend of marine data buoy and buoy monitoring network are expected.
基金supported by the Provincial Universities Basic Business Expense Scientific Research Projects of Heilongjiang Province(No.2021-KYYWF-0179)the Science and Technology Project of Henan Province(No.212102310991)+2 种基金the Opening Project of Shanghai Key Laboratory of Integrated Administration Technologies for Information Security(No.AGK2015003)the Key Scientific Research Project of Henan Province(No.21A413001)the Postgraduate Innovation Project of Harbin Normal University(No.HSDSSCX2021-121).
文摘To address the problem of network security situation assessment in the Industrial Internet,this paper adopts the evidential reasoning(ER)algorithm and belief rule base(BRB)method to establish an assessment model.First,this paper analyzes the influencing factors of the Industrial Internet and selects evaluation indicators that contain not only quantitative data but also qualitative knowledge.Second,the evaluation indicators are fused with expert knowledge and the ER algorithm.According to the fusion results,a network security situation assessment model of the Industrial Internet based on the ER and BRB method is established,and the projection covariance matrix adaptive evolution strategy(P-CMA-ES)is used to optimize the model parameters.This method can not only utilize semiquantitative information effectively but also use more uncertain information and prevent the problem of combinatorial explosion.Moreover,it solves the problem of the uncertainty of expert knowledge and overcomes the problem of low modeling accuracy caused by insufficient data.Finally,a network security situation assessment case of the Industrial Internet is analyzed to verify the effectiveness and superiority of the method.The research results showthat this method has strong applicability to the network security situation assessment of complex Industrial Internet systems.It can accurately reflect the actual network security situation of Industrial Internet systems and provide safe and reliable suggestions for network administrators to take timely countermeasures,thereby improving the risk monitoring and emergency response capabilities of the Industrial Internet.
基金National Natural Science Foundation of China(No.61772478)
文摘The real-time of network security situation awareness(NSSA)is always affected by the state explosion problem.To solve this problem,a new NSSA method based on layered attack graph(LAG)is proposed.Firstly,network is divided into several logical subnets by community discovery algorithm.The logical subnets and connections between them constitute the logical network.Then,based on the original and logical networks,the selection of attack path is optimized according to the monotonic principle of attack behavior.The proposed method can sharply reduce the attack path scale and hence tackle the state explosion problem in NSSA.The experiments results show that the generation of attack paths by this method consumes 0.029 s while the counterparts by other methods are more than 56 s.Meanwhile,this method can give the same security strategy with other methods.
基金supported by the funds of Ningde Normal University Youth Teacher Research Program(2015Q15)The Education Science Project of the Junior Teacher in the Education Department of Fujian province(JAT160532).
文摘Purpose-The purpose of this paper is to solve the shortage of the existing methods for the prediction of network security situations(NSS).Because the conventional methods for the prediction of NSS,such as support vector machine,particle swarm optimization,etc.,lack accuracy,robustness and efficiency,in this study,the authors propose a new method for the prediction of NSS based on recurrent neural network(RNN)with gated recurrent unit.Design/methodology/approach-This method extracts internal and external information features from the original time-series network data for the first time.Then,the extracted features are applied to the deep RNN model for training and validation.After iteration and optimization,the accuracy of predictions of NSS will be obtained by the well-trained model,and the model is robust for the unstable network data.Findings-Experiments on bench marked data set show that the proposed method obtains more accurate and robust prediction results than conventional models.Although the deep RNN models need more time consumption for training,they guarantee the accuracy and robustness of prediction in return for validation.Originality/value-In the prediction of NSS time-series data,the proposed internal and external information features are well described the original data,and the employment of deep RNN model will outperform the state-of-the-arts models.
