Network situation prediction method based on spatial-time dimension analysis

被引：0

作者：

Liu, Yuling ^{[1
,2
,3
]}

Feng, Dengguo ^{[1
,2
]}

Lian, Yifeng ^{[1
,2
,3
]}

Chen, Kai ^{[3
]}

Wu, Di ^{[1
,2
]}

机构：

[1] Laboratory of Trusted Computing and Information Assurance, Institute of Software, Chinese Academy of Sciences, Beijing

[2] University of Chinese Academy of Sciences, Beijing

[3] National Engineering Research Center for Information Security, Beijing

来源：

Jisuanji Yanjiu yu Fazhan/Computer Research and Development | 2014年 / 51卷 / 08期

关键词：

Network security; Security situation element; Security situation prediction; Spatial data mining; Spatial-time dimension;

D O I：

10.7544/issn1000-1239.2014.20121050

中图分类号：

学科分类号：

摘要：

Network security situation prediction methods can make the security administrator better understand the network security situation and the network situation trend. However, the existing security situational prediction methods can not precisely reflect the variation of network future security situation caused by security elements' change and do not handle the impact of the interaction relationship between the various security elements of future network security situation. In view of this situation, a network situation prediction method based on spatial-time dimension analysis is presented. The proposed method extracts security elements from attacker, defender and network environment. We predict and analyze these elements from the time dimension in order to provide data for the situation calculation method. Using the predicted elements, the impact value caused by neighbor node's security situation elements is computed based on spatial data mining theory. In combination with node's degree of importance, the security situation value is obtained. To evaluate our methods, MIT Lincoln Lab's public dataset is used to conduct our experiments. The experiments results indicate that our method is suitable for a real network environment. Besides, our method is much more accurate than the ARMA model method.

引用

页码：1681 / 1694

页数：13

共 28 条

[1] Alhazmi O.H., Malaiya Y.K., Ray I., Security vulnerabilities in software systems: A quantitative perspective [G], pp. 281-294, (2005)
[2] Alhazmi O.H., Malaiya Y.K., Ray I., Measuring, analyzing and predicting security vulnerabilities in software systems, Computers & Security, 26, 3, pp. 219-228, (2007)
[3] Kim J., Malaiya Y.K., Ray I., Vulnerability discovery in multi-version software systems, pp. 141-148, (2007)
[4] Chen K., Feng D., Su P., Et al., Multi-cycle vulnerability discovery model for prediction, Journal of Software, 21, 9, pp. 2367-2375, (2010)
[5] Fava D.S., Byers S.R., Yang S.J., Projecting cyberattacks through variable-length Markov models, 3, 3, pp. 359-369, (2008)
[6] Holsopple J., Yang S.J., Sudit M., TANDI: Threat assessment for networked data and information, SPIE 6242: Proc of Multisensor, Multisource Information Fusion: Architectures, Algorithms, and Applications 2006, pp. 1-11, (2006)
[7] Mathew S., Shah C., Upadhyaya S., An alert fusion framework for situation awareness of coordinated multistage attacks, pp. 95-104, (2005)
[8] Yang S.J., Byers S., Holscopple J., Et al., Intrusion activity projection for cyber situational awareness, pp. 167-172, (2008)
[9] Holsopple J., Yang S.J., FuSIA: Future situation and impact awareness, pp. 1-8, (2008)
[10] Wei Y., Lian Y., A network security situational awareness model based on log audit and performance correction, Chinese Journal of Computer, 32, 4, pp. 763-772, (2009)

← 1 2 3 →