Building a framework for network security situation awareness

The number of devices on the network is increasing at a veryfast pace. The Internet of Things (IoT) is expected to include over 1.5 billion devices by end of year 2015. In addition to big volume of devices, more serious problem to be tackled in NSSA is unchecked generation of new network data models, services and protocols. Various approaches for network security have been proposed and being used like packet filtering, IDS and more recently IPS. The common problems of these above approaches are; these mechanisms are not aware of the resources they are protecting; mechanisms are independent of the context of their application; their working is common to every kind of environment, also these approaches do not adapt to the changing environment. To solve the problems of traditional approaches of network security, a formal model is required to represent entities of a network. The model should have the extensibility to accommodate new entities, to represent the relationships among the entities and also adapt to configuration changes in the network. Another issue is to handle heterogeneous data to get a holistic view of the network security. Data produced whether net flow or produced by various sensors in the network is heterogeneous in nature. The model should be able to handle such heterogeneity in data and should provide mechanism for automated fusion and processing of the network data. This is the prime requirement for perception and comprehension of the network security. To deal with these issues network management must be dynamic to accommodate these changes. In this paper we have proposed semantic web based framework for network security situation awareness.

[1]  Jianping Li,et al.  A Quantification Method for Network Security Situational Awareness Based on Conditional Random Fields , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.

[2]  Zheng Luo,et al.  Ontology-based model of network and computer attacks for security assessment , 2013, Journal of Shanghai Jiaotong University (Science).

[3]  D. A. Lambert Situations for situation awareness , 2001 .

[4]  Nicola Guarino,et al.  Formal Ontology and Information Systems , 1998 .

[5]  Jianping Li,et al.  A New Method of Data Preprocessing for Network Security Situational Awareness , 2010, 2010 2nd International Workshop on Database Technology and Applications.

[6]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993, Knowl. Acquis..

[7]  Huiqiang Wang,et al.  A Quantitative Forecast Method of Network Security Situation Basedon BP Neural Network with Genetic Algorithm , 2007, Second International Multi-Symposiums on Computer and Computational Sciences (IMSCCS 2007).

[8]  Ying Liang,et al.  Quantification of Network Security Situational Awareness Based on Evolutionary Neural Network , 2007, 2007 International Conference on Machine Learning and Cybernetics.

[9]  Anupam Joshi,et al.  Modeling Computer Attacks: An Ontology for Intrusion Detection , 2003, RAID.

[10]  Mieczyslaw M. Kokar,et al.  Ontology-based situation awareness , 2009, Inf. Fusion.

[11]  T. Bass,et al.  A glimpse into the future of id , 1999 .

[12]  Giuseppe De Giacomo,et al.  Common Framework for Representing Ontologies Deliverable TONES-D 08 , 2006 .

[13]  Mica R. Endsley,et al.  Toward a Theory of Situation Awareness in Dynamic Systems , 1995, Hum. Factors.

[14]  Lin Yuan A Quantification Method for Network Security Situational Awareness , 2010, 2010 Second International Conference on Multimedia and Information Technology.

[15]  Wang Huiqiang,et al.  A Quantitative Prediction Method of Network Security Situation Based on Wavelet Neural Network , 2007, The First International Symposium on Data, Privacy, and E-Commerce (ISDPE 2007).

[16]  Mieczyslaw M. Kokar,et al.  Derivation of ontological relations using formal methods in a situation awareness scenario , 2003, SPIE Defense + Commercial Sensing.

[17]  Y. Liang,et al.  A novel stochastic modeling method for network security situational awareness , 2008, 2008 3rd IEEE Conference on Industrial Electronics and Applications.

[18]  Julio Berrocal,et al.  Ontology-Based Network Management: Study Cases and Lessons Learned , 2009, Journal of Network and Systems Management.

[19]  P. Bhandari,et al.  Semantic Web Based Technique for Network Security Situation Awareness Status Prediction , 2015 .

[20]  T. Bass,et al.  Intrusion Detection Systems & Multisensor Data Fusion: Creating Cyberspace Situational Awareness , 1999 .

[21]  Paola Di Maio,et al.  'Just enough' ontology engineering , 2011, WIMS.

[22]  M. Endsley Automation and situation awareness. , 1996 .

[23]  N. F. Noy,et al.  Ontology Development 101: A Guide to Creating Your First Ontology , 2001 .

[24]  Jianping Li,et al.  A Method of Data Preprocessing for Network Security Situational Awareness Based on Conditional Random Fields , 2012 .

[25]  T. Bass,et al.  Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems , 1999 .

[26]  Zhao Hong,et al.  Network Security Situation Assessment Based on Data Fusion , 2008, First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008).

[27]  Weishan Zhang,et al.  An OWL/SWRL Based Diagnosis Approach in a Pervasive Middleware , 2008, SEKE.