Spatiotemporal Cyberspace Situation Awareness Mechanism for Backbone Networks

As the future key research direction of network management, cyberspace situation awareness (CSA) can provide a macroscopic view of network state and build resilience into network control. A spatiotemporal CSA mechanism based on information fusion (IF) for backbone network is proposed, in which the situation assessment and prediction are included in a closed-control-loop. The paper establishes an IF system that adopts probabilistic graphical methods for situation assessment using both Hidden Markov Model (HMM) for temporal modeling and Hidden Conditional Random Fields (HCRF) for spatial modeling, and the Radial Basis Function Neural Network (RBFNN) trained by Artificial Bee Colony (ABC) is taken for situation prediction. Since we aim to minimize the position selecting deviation of traffic sensor deployment in IF system, it is achieved by formulating the problem as a constrained convex optimization problem subject to information leakage guarantee. The experiment results verify the IF-based mechanism on real backbone network traffic dataset and simulate the CSA system with performance evaluation and comparison.

[1]  John J. Salerno Information fusion: a high-level architecture overview , 2002, Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997).

[2]  Gonzalo Mateos,et al.  Dynamic Network Cartography: Advances in Network Health Monitoring , 2013, IEEE Signal Processing Magazine.

[3]  Jorge Nocedal,et al.  On the limited memory BFGS method for large scale optimization , 1989, Math. Program..

[4]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[5]  Dale E. Blodgett,et al.  The Extended OODA Model for Data Fusion Systems , 2001 .

[6]  T. Bass,et al.  Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems , 1999 .

[7]  A. Gad,et al.  Data fusion architecture for Maritime Surveillance , 2002, Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997).

[8]  H. T. Kung,et al.  Use of spectral analysis in defense against DoS attacks , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[9]  Robert Bronte,et al.  Information Theoretic Anomaly Detection Framework for Web Application , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[10]  I. Kadar Knowledge representation issues in perceptual reasoning managed situation assessment , 2005, 2005 7th International Conference on Information Fusion.

[11]  Asok Ray,et al.  Sensor Fusion for Fault Detection and Classification in Distributed Physical Processes , 2014, Front. Robot. AI.

[12]  Qiang Zhang,et al.  Research and Implementation of Network Transmission Situation Awareness , 2009, 2009 WRI World Congress on Computer Science and Information Engineering.

[13]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[14]  Erik P. Blasch,et al.  Fusion metrics for dynamic situation analysis , 2004, SPIE Defense + Commercial Sensing.

[15]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[16]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[17]  Erik Blasch,et al.  JDL level 5 fusion model: user refinement issues and applications in group tracking , 2002, SPIE Defense + Commercial Sensing.

[18]  Trevor Darrell,et al.  Hidden-state Conditional Random Fields , 2006 .