Analysis framework of network security situational awareness and comparison of implementation methods

Information technology has penetrated into all aspects of politics, economy, and culture of the whole society. The information revolution has changed the way of communication all over the world, promoted the giant development of human society, and also drawn unprecedented attention to network security issues. Studies, focusing on network security, have experienced four main stages: idealized design for ensuring security, auxiliary examination and passive defense, active analysis and strategy formulation, and overall perception and trend prediction. Under the background of the new strategic command for the digital control that all countries are scrambled for, the discussion of network security situational awareness presents new characteristics both in the academic study and industrialization. In this regard, a thorough investigation has been made in the present paper into the literature of network security situational awareness. Firstly, the research status both at home and abroad is introduced, and then, the logical analysis framework is put forward concerning the network security situational awareness from the perspective of the data value chain. The whole process is composed of five successive stages: factor acquisition, model representation, measurement establishment, solution analysis, and situation prediction. Subsequently, the role of each stage and the mainstream methods are elaborated, and the application results on the experimental objects and the horizontal comparison between the methods are explained. In an attempt to provide a panoramic recognition of network security situational awareness, and auxiliary ideas for the industrialization of network security, this paper aims to provide some references for the scientific research and engineering personnel in this field.

[1]  Adam Stotz,et al.  INformation fusion engine for real-time decision-making (INFERD): A perceptual system for cyber attack tracking , 2007, 2007 10th International Conference on Information Fusion.

[2]  Jeffrey L. Hieb,et al.  Cyber security risk assessment for SCADA and DCS networks. , 2007, ISA transactions.

[3]  Wang Yuan Analysis for Network Attack-Defense Based on Stochastic Game Model , 2010 .

[4]  Yang Xiao,et al.  Game Theory for Network Security , 2013, IEEE Communications Surveys & Tutorials.

[5]  Jiang Jian,et al.  A Survey of Intrusion Detection Research on Network Security , 2000 .

[6]  Pla Information Attack Composition Model Based on Generalized Stochastic Colored Petri Nets , 2013 .

[7]  Elisa Bertino,et al.  Editorial: Dependable and Secure Computing, IEEE Transactions on , 2014 .

[8]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[9]  Jong Hyuk Park,et al.  Social network security: Issues, challenges, threats, and solutions , 2017, Inf. Sci..

[10]  Xiaobin Tan,et al.  Network Security Situation Awareness Approach Based on Markov Game Model: Network Security Situation Awareness Approach Based on Markov Game Model , 2011 .

[11]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[12]  Dong Hwi Lee,et al.  A Conceptual Design of Knowledge-Based Real-Time Cyber-Threat Early Warning System , 2006, ISPA Workshops.

[13]  George P. Tadda,et al.  Overview of Cyber Situation Awareness , 2010, Cyber Situational Awareness.

[14]  Richard Lippmann,et al.  Modeling Modern Network Attacks and Countermeasures Using Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.

[15]  Wei Jiang,et al.  Evaluating Network Security and Optimal Active Defense Based on Attack-Defense Game Model: Evaluating Network Security and Optimal Active Defense Based on Attack-Defense Game Model , 2009 .

[16]  Xinming Ou,et al.  Improving Attack Graph Visualization through Data Reduction and Attack Grouping , 2008, VizSEC.

[17]  J. Chris Forsythe,et al.  Enhanced Training for Cyber Situational Awareness , 2013, HCI.

[18]  Shoushan Luo,et al.  Towards a multiobjective framework for evaluating network security under exploit attacks , 2015, 2015 IEEE International Conference on Communications (ICC).

[19]  Ying Liang,et al.  Quantification of Network Security Situational Awareness Based on Evolutionary Neural Network , 2007, 2007 International Conference on Machine Learning and Cybernetics.

[20]  Nicklaus A. Giacobe,et al.  Application of the JDL data fusion process model for cyber security , 2010, Defense + Commercial Sensing.

[21]  Lu Di,et al.  Game Optimization for Internal DDoS Attack Detection in Cloud Computing , 2015 .

[22]  Yang Yang,et al.  Research on Network Dependability Analysis Methods Based on Stochastic Petri Net , 2006 .

[23]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[24]  Li Tao An Immune Based Model for Network Monitoring , 2006 .

[25]  Yan Jia,et al.  Research and implement of configurable Network Security Index System , 2012 .

[26]  Yuanjie Li,et al.  Signaling game based strategy of intrusion detection in wireless sensor networks , 2011, Comput. Math. Appl..

[27]  Alexandros G. Fragkiadakis,et al.  A Survey on Security Threats and Detection Techniques in Cognitive Radio Networks , 2013, IEEE Communications Surveys & Tutorials.

[28]  Tian Zhi A Real-Time Network Intrusion Forensics Method Based on Evidence Reasoning Network , 2014 .

[29]  Lin Chuang Stochastic Modeling and Evaluation for Network Security , 2005 .

[30]  Elizabeth Chang,et al.  Cyber Situational Awareness for CPS, 5G and IoT , 2017 .

[31]  Chen Kai,et al.  A Security Threats Identification and Analysis Method Based on Attack Graph , 2012 .

[32]  Xia Chun-he Hu Xiao-yun Yu Yang Defense scheme generation method using mixed path attack graph , 2017 .

[33]  Indrajit Ray,et al.  Optimal security hardening on attack tree models of networks: a cost-benefit analysis , 2012, International Journal of Information Security.

[34]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[35]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[36]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[37]  Ma Chunguang,et al.  A Dynamic Network Risk Assessment Model Based on Attacker’s Inclination , 2015 .

[38]  Daniel A. Keim,et al.  NStreamAware: real-time visual analytics for data streams to enhance situational awareness , 2014, VizSec '14.

[39]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[40]  Youki Kadobayashi,et al.  Exploring attack graph for cost-benefit security hardening: A probabilistic approach , 2013, Comput. Secur..

[41]  Yalin E. Sagduyu,et al.  Integrated situational awareness for cyber attack detection, analysis, and mitigation , 2012, Defense + Commercial Sensing.

[42]  Xu Xi,et al.  An Attack Graph-Based Probabilistic Computing Approach of Network Security , 2010 .

[43]  T. Bass,et al.  Defense-in-depth revisited: qualitative risk analysis methodology for complex network-centric operations , 2001, 2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277).

[44]  Shi Jin,et al.  An Intrusion Response Method Based on Attack Graph , 2008 .

[45]  Wang Jinron Taxonomy of Software Attack Technique Oriented to Automated Modeling , 2015 .

[46]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[47]  Huaglory Tianfield Cyber Security Situational Awareness , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[48]  Sushil Jajodia,et al.  Cyber Situational Awareness - Issues and Research , 2009, Cyber Situational Awareness.

[49]  Thomas G. Dietterich,et al.  Machine Learning Methods for High Level Cyber Situation Awareness , 2010, Cyber Situational Awareness.

[50]  Gao Ni,et al.  Dynamic Security Risk Assessment Model Based on Bayesian Attack Graph , 2016 .

[51]  Cristina L. Abad,et al.  Uclog: A unified, cor - related logging architecture for intrusion detection , 2004 .

[52]  Roberto Tamassia,et al.  Graph Drawing for Security Visualization , 2009, GD.

[53]  Radu State,et al.  A Big Data Architecture for Large Scale Security Monitoring , 2014, 2014 IEEE International Congress on Big Data.

[54]  Ulrik Franke,et al.  Optimal IT Service Availability: Shorter Outages, or Fewer? , 2012, IEEE Transactions on Network and Service Management.

[55]  Xie Yi,et al.  Anomaly Intrusion Behavior Detection Based on Fuzzy Clustering and Features Selection , 2015 .

[56]  Hao Hu,et al.  Quantitative Method for Network Security Situation Based on Attack Prediction , 2017, Secur. Commun. Networks.

[57]  Stanislav V. Klimenko,et al.  Metamodel of Shared Situation Awareness for Resilience Management of Built Environment , 2012, 2012 International Conference on Cyberworlds.

[58]  William Yurcik,et al.  The design of VisFlowConnect-IP: a link analysis system for IP security situational awareness , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).

[59]  Zhang Shao,et al.  Using Bayesian Inference for Computing Attack Graph Node Beliefs , 2010 .

[60]  Chen Xiao Inferring Attack Intent of Malicious Insider Based on Probabilistic Attack Graph Model , 2014 .

[61]  J. Boyd,et al.  A Discourse on Winning and Losing , 1987 .

[62]  Xinming Ou,et al.  Uncertainty and Risk Management in Cyber Situational Awareness , 2010, Cyber Situational Awareness.

[63]  John Yen,et al.  Cyber SA: Situational Awareness for Cyber Defense , 2010, Cyber Situational Awareness.

[64]  T. Bass,et al.  Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems , 1999 .

[65]  M. L. Hinman,et al.  Some computational approaches for situation assessment and impact assessment , 2002, Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997).

[66]  Filippo Sanfilippo,et al.  A multi-sensor fusion framework for improving situational awareness in demanding maritime training , 2017, Reliab. Eng. Syst. Saf..

[67]  Sushil Jajodia,et al.  Topological Vulnerability Analysis: A Powerful New Approach For Network Attack Prevention, Detection, and Response , 2008 .

[68]  John R. Goodall,et al.  Visualizing Cascading Failures in Critical Cyber Infrastructures , 2007, Critical Infrastructure Protection.

[69]  Viktor Mayer-Schnberger,et al.  Big Data: A Revolution That Will Transform How We Live, Work, and Think , 2013 .

[70]  Kenneth M. Hopkinson,et al.  Using a Distributed Agent-Based Communication Enabled Special Protection System to Enhance Smart Grid Security , 2013, IEEE Transactions on Smart Grid.

[71]  Feng Dengguo,et al.  A Network Security Situational Awareness Model Based on Information Fusion , 2009 .

[72]  Robert M. Patton,et al.  Visualization techniques for computer network defense , 2011, Defense + Commercial Sensing.

[73]  Barton P. Miller,et al.  Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services , 1995 .

[74]  David E. Goldberg,et al.  FOX-GA: A Genetic Algorithm for Generating and Analyzing Battlefield Courses of Action , 1999, Evolutionary Computation.

[75]  Chen Xiu Quantitative Hierarchical Threat Evaluation Model for Network Security , 2006 .

[76]  Lei Kenan,et al.  A System for Scoring the Exploitability of Vulnerability Based Types , 2017 .

[77]  Xin Yang,et al.  A Decision-Support Model for Information Systems Based on Situational Awareness , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[78]  Daniel J. Garland,et al.  Situation Awareness Analysis and Measurement , 2009 .

[79]  WangShuzhen,et al.  Exploring attack graph for cost-benefit security hardening , 2013 .

[80]  Daniel A. Keim,et al.  Mastering the Information Age - Solving Problems with Visual Analytics , 2010 .

[81]  Vincent Lenders,et al.  Gaining an Edge in Cyberspace with Advanced Situational Awareness , 2015, IEEE Security & Privacy.

[82]  Keir Giles,et al.  Divided by a common language: Cyber definitions in Chinese, Russian and English , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[83]  Cunbao Ma,et al.  A New Fuzzy Risk Assessment Method for the Network Security Based on Fuzzy Similarity Measure , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[84]  Yan Jia,et al.  An Attack Graph-Based Probabilistic Computing Approach of Network Security: An Attack Graph-Based Probabilistic Computing Approach of Network Security , 2010 .

[85]  Yan Fen Study on Analysis of Attack Graphs Based on Conversion , 2014 .

[86]  Cheng Wen-cong Research on the risk adjacency matrix based on attack graphs , 2011 .

[87]  Wang Hui,et al.  Survey of Network Situation Awareness System , 2006 .

[88]  Wu Peng,et al.  Security Decision Making Based on Domain Partitional Markov Decision Process , 2009, 2009 International Conference on Information Engineering and Computer Science.

[89]  Chad R. Meiners,et al.  Cyber situational awareness through operational streaming analysis , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[90]  Qi Zhi-chang,et al.  Attack Graph Generation Algorithm for Large-Scale Network System , 2013 .

[91]  Andreas Paepcke,et al.  Visual Analysis of Network Flow Data with Timelines and Event Plots , 2007, VizSEC.

[92]  Yenumula B. Reddy,et al.  A Game Theory Approach to Detect Malicious Nodes in Wireless Sensor Networks , 2009, 2009 Third International Conference on Sensor Technologies and Applications.

[93]  Jingxue Ran,et al.  Risk Evaluation of Network Security Based on NLPCA-RBF Neural Network , 2010, 2010 International Conference on Multimedia Information Networking and Security.

[94]  Timothy W. Finin,et al.  A collaborative approach to situational awareness for cybersecurity , 2012, 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[95]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .

[96]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[97]  R. Amutha,et al.  Overview of Information Security and It'sAssurance , 2018 .

[98]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[99]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[100]  Gabriel Klein,et al.  From detection to reaction - A holistic approach to cyber defense , 2011, 2011 Defense Science Research Conference and Expo (DSR).

[101]  Tudor Dumitras,et al.  Toward a standard benchmark for computer security research: the worldwide intelligence network environment (WINE) , 2011, BADGERS '11.

[102]  Gianluca Stringhini,et al.  Hit 'em where it hurts: a live security exercise on cyber situational awareness , 2011, ACSAC '11.

[103]  Gao Xian,et al.  Risk assessment model based on fuzzy Petri nets , 2013 .

[104]  Jin Shi,et al.  An Intrusion Response Method Based on Attack Graph: An Intrusion Response Method Based on Attack Graph , 2008 .

[105]  Andri Riid,et al.  Situation awareness for networked systems , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[106]  Robert F. Erbacher Visualization design for immediate high-level situational assessment , 2012, VizSec '12.

[107]  Ana Isabel González-Tablas Ferreres,et al.  An Overview of Information Security , 2009 .

[108]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1986, 1986 IEEE Symposium on Security and Privacy.

[109]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[110]  Ke Tang,et al.  Insider cyber threat situational awareness framwork using dynamic Bayesian networks , 2009, 2009 4th International Conference on Computer Science & Education.

[111]  John W. Mitchell,et al.  Emergency-management situational-awareness prototype (EMSAP) , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[112]  SEBASTIAN ROSCHKE,et al.  High-quality attack graph-based IDS correlation , 2013, Log. J. IGPL.

[113]  Chuang Lin,et al.  Analysis for Network Attack-Defense Based on Stochastic Game Model: Analysis for Network Attack-Defense Based on Stochastic Game Model , 2010 .

[114]  Jason Shifflet A TECHNIQUE INDEPENDENT FUSION MODEL FOR NETWORK INTRUSION DETECTION , 2005 .

[115]  John McDermott,et al.  Attack-potential-based survivability modeling for high-consequence systems , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).

[116]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[117]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[118]  Luigi Coppolino,et al.  Enabling Convergence of Physical and Logical Security Through Intelligent Event Correlation , 2015, IDC.

[119]  Rasool Jalili,et al.  Vulnerability Take Grant (VTG): An efficient approach to analyze network vulnerabilities , 2007, Comput. Secur..

[120]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[121]  Xie Li Layered Intrusion Scenario Reconstruction Method for Automated Evidence Analysis , 2011 .

[122]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[123]  David King,et al.  A case for trusted sensors: Encryptors with Deep Packet Inspection capabilities , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[124]  William H. Sanders,et al.  Model-based validation of an intrusion-tolerant information system , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[125]  V. Madani,et al.  Development of power system test bed for data mining of synchrophasors data, cyber-attack and relay testing in RTDS , 2012, 2012 IEEE Power and Energy Society General Meeting.

[126]  Erik Blasch,et al.  A Markov game theoretic data fusion approach for cyber situational awareness , 2007, SPIE Defense + Commercial Sensing.

[127]  Richard Dapoigny,et al.  Formal foundations for situation awareness based on dependent type theory , 2013, Inf. Fusion.

[128]  Anura P. Jayasumana,et al.  Space-Time Signal Processing for Distributed Pattern Detection in Sensor Networks , 2013, IEEE Journal of Selected Topics in Signal Processing.

[129]  Yi Peng,et al.  Network intrusion detection , 1994, IEEE Netw..

[130]  Tan Xiao Network Security Situation Awareness Approach Based on Markov Game Model , 2011 .

[131]  Wei Jun,et al.  A Detection and Forecast Algorithm for Multi-Step Attack Based on Intrusion Intention , 2005 .

[132]  Sushil Jajodia,et al.  k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities , 2014, IEEE Transactions on Dependable and Secure Computing.

[133]  Deborah A. Frincke,et al.  A Multi-Phase Network Situational Awareness Cognitive Task Analysis , 2010, Inf. Vis..

[134]  Bao Xu A Detection and Forecast Algorithm for Multi-Step Attack Based on Intrusion Intention , 2005 .

[135]  Wei Wang,et al.  Using Large Scale Distributed Computing to Unveil Advanced Persistent Threats , 2012 .

[136]  Zhang Yongzheng,et al.  Network Operation Security Index Classification Model with Multidimensional Attributes , 2012 .

[137]  Gong Zheng,et al.  Research on Cyberspace Situational Awareness , 2010 .

[138]  Zhao Liang,et al.  Synthetic security assessment based on variable consistency dominance-based rough set approach , 2010 .

[139]  Jian Ma,et al.  A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering , 2010, Expert Syst. Appl..

[140]  Richard A. Kemmerer,et al.  Penetration state transition analysis: A rule-based intrusion detection approach , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[141]  Wang Bin,et al.  Research the information security risk assessment technique based on Bayesian network , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[142]  Vinod Yegneswaran,et al.  Honeynet games: a game theoretic approach to defending network monitors , 2011, J. Comb. Optim..

[143]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[144]  Li Jin,et al.  A Mining Approach for Causal Knowledge in Alert Correlating Based on the Markov Property , 2014 .

[145]  Jiang Wei Evaluating Network Security and Optimal Active Defense Based on Attack-Defense Game Model , 2009 .

[146]  Yufen Li,et al.  Survey of Network Security Situation Awareness , 2017, ICCSE 2017.

[147]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[148]  Glenn A. Fink,et al.  Gamification for Measuring Cyber Security Situational Awareness , 2013, HCI.

[149]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[150]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[151]  John R. Goodall,et al.  Introduction to Visualization for Computer Security , 2007, VizSEC.

[152]  Jacques Theureau,et al.  Nuclear Reactor Control Room Simulators: Human Factors Research and Development , 2000, Cognition, Technology & Work.

[153]  Zheng Lian-qing Network security risk assessment based on fuzzy integrated judgment , 2009 .

[154]  Gong Zheng-Hu,et al.  Research on Cyberspace Situational Awareness , 2010 .

[155]  S. E. Smaha Haystack: an intrusion detection system , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[156]  Giovanni Vigna,et al.  NetSTAT: A Network-based Intrusion Detection System , 1999, J. Comput. Secur..

[157]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[158]  Feng Dong-qin Ling Cong-li Chu Jian Gao Meng-zhou Vulnerability analysis of industrial control system based on attack graph , 2014 .

[159]  Anita D. D'Amico,et al.  The Real Work of Computer Network Defense Analysts , 2007, VizSEC.

[160]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[161]  Liu Wei-xi Approach of Goal-Oriented Attack Graph-Based Threat Evaluation for Network Security , 2015 .

[162]  W. Koch,et al.  The JDL model of data fusion applied to cyber-defence — A review paper , 2012, 2012 Workshop on Sensor Data Fusion: Trends, Solutions, Applications (SDF).

[163]  Gabriel Klein,et al.  Modularizing Cyber Defense Situational Awareness - Technical Integration before Human Understanding , 2012, Future Security.

[164]  Yong-Zheng Zhang,et al.  Risk Propagation Model for Assessing Network Information Systems , 2007 .

[165]  Lian Yi-feng,et al.  A Vulnerability Model of Distributed Systems Based on Reliability Theory , 2006 .

[166]  Vinod Yegneswaran,et al.  Employing Honeynets For Network Situational Awareness , 2010, Cyber Situational Awareness.