Network Security Situational Awareness

With the different sources of threats to the Networks, from the physical and human threats to the extreme diverse methods used by hackers to exploit networks and disseminate different types of malware from simple kinds of comic, propaganda, ads, and viruses to highly sophisticated with a very advanced levels of Obfuscation Techniques like Packers, Polymorphism, Metamorphism [1] it’s becoming more and more difficult the task entrusted to network security scientists and engineers. Many kinds and different names of security monitoring and analysis tools have been used to detect the penetration on the networks and analyze the effectiveness of the network. The list is too long but we may mention Antivirus, firewalls, log audit tools, Host-based and Network-based Intrusion Detection Systems IDS, Low and High interaction based honeypots, general purpose and special purpose honeypots, network flow analysis tools,etc. It is too difficult for network security engineers to be aware of the huge amount of data produced by these different tools, at the same time it has been proved that depending on one kind of these tools is not enough to protect the network from being exploited. In 1999 Bass Tim[2, 3] was the first author who recommended the application of Situational Awareness in the future Network Security. He foresees that next generation cyberspace intrusion detection systems will fuse data from heterogeneous distributed network sensors to create cyberspace situational awareness. In this paper we summarize the state of the art in situational awareness and its application in Network security, we will mention the different efforts done by scientists to apply the concept of Situational Awareness SA in network security.

[1]  T. Bass,et al.  Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems , 1999 .

[2]  Anita D'Amico,et al.  Information assurance visualizations for specific stages of situational awareness and intended uses: lessons learned , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[3]  Wang Huiqiang,et al.  Study of Network Security Situation Awareness Model Based on Simple Additive Weight and Grey Theory , 2006, 2006 International Conference on Computational Intelligence and Security.

[4]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[5]  Andri Riid,et al.  Situation awareness for networked systems , 2011, 2011 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support (CogSIMA).

[6]  Jiguo Yu,et al.  Network Security Situation Generation and Evaluation Based on Heterogeneous Sensor Fusion , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[7]  Rongzhen Fan,et al.  Network Security Awareness and Tracking Method by GT , 2013 .

[8]  Ying Liang,et al.  Multiclass Support Vector Machines Theory and Its Data Fusion Application in Network Security Situation Awareness , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[9]  Jianhua Li,et al.  A Novel Approach to Cyberspace Security Situation Based on the Vulnerabilities Analysis , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[10]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[11]  Vinod Yegneswaran,et al.  Employing Honeynets For Network Situational Awareness , 2010, Cyber Situational Awareness.

[12]  Wei Chen,et al.  Alert analysis and threat evaluation in Network Situation Awareness , 2010, 2010 International Conference on Communications, Circuits and Systems (ICCCAS).

[13]  Cyril Onwubiko,et al.  Functional requirements of situational awareness in computer network security , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[14]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .

[15]  Wu Yang,et al.  Study of Index Weight in Network Threat Evaluation Based on Improved Grey Theory , 2008, 2008 IEEE Pacific-Asia Workshop on Computational Intelligence and Industrial Application.

[16]  William Yurcik,et al.  A visualization tool for situational awareness of tactical and strategic security events on large and complex computer networks , 2003, IEEE Military Communications Conference, 2003. MILCOM 2003..

[17]  Yifan Li,et al.  VisFlowConnect: providing security situational awareness by visualizing network traffic flows , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[18]  Mica R. Endsley,et al.  Designing for Situation Awareness in Complex System , 2001 .

[19]  Vern Paxson,et al.  Towards Situational Awareness of Large-Scale Botnet Probing Events , 2011, IEEE Transactions on Information Forensics and Security.

[20]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[21]  Ying Liang,et al.  Network security situation awareness model based on heterogeneous multi-sensor data fusion , 2007, 2007 22nd international symposium on computer and information sciences.

[22]  Kieran McLaughlin,et al.  Obfuscation: The Hidden Malware , 2011, IEEE Security & Privacy.

[23]  Dale W. Meyerrose Cyberspace Situational Awareness Demands Mimic Traditional Command Requirements Experience gained from battlefields helps military prepare information operation defenses , 2000 .

[24]  Yifan Li,et al.  VisFlowConnect: netflow visualizations of link relationships for security situational awareness , 2004, VizSEC/DMSEC '04.

[25]  Hongsheng Xi,et al.  A Novel Approach to Network Security Situation Awareness Based on Multi-Perspective Analysis , 2007, 2007 International Conference on Computational Intelligence and Security (CIS 2007).

[26]  William Yurcik,et al.  The design of VisFlowConnect-IP: a link analysis system for IP security situational awareness , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).