网络安全态势感知模型的研究进展

doi:10.16180/j.cnki.issn1007-7820.2024.06.013

摘要/Abstract

摘要：

针对当前数量形式均不断增多的网络攻击,不同种类名称的网络安全态势感知模型受到学术界的广泛关注研究。在信息技术迅速普及的背景下,硬件系统、软件漏洞日常应用操作的安全漏洞,导致网络攻击的方式手段不断增多,而单一类型的网络安全监控分析工具已难以适用于当前网络技术的发展。文中通过梳理网络安全态势感知技术的研究历史现状,总结分析了态势感知模型的技术理论发展及其工程应用,并且讨论了相关技术方案中存在的缺陷与不足,展望了网络安全态势感知模型未来的研究方向。

关键词: 网络安全, 信息安全, 态势感知, 恶意软件, 防火墙, 入侵检测, 流量分析, 日志审计

Abstract:

In response to the increasing number and forms of network attacks, different types and names of network security situational awareness models have received widespread attention and research from the academic community. In the context of the rapid popularization of information technology, hardware system, software vulnerabilities, and security vulnerabilities in daily application operations have led to an increasing number of ways and means of network attacks. However, a single type of network security monitoring and analysis tool is no longer suitable for the current development of network technology. By reviewing the research history and current status of network security situational awareness technology, this article summarizes and analyzes the theoretical development and engineering applications of situational awareness models, and discusses the shortcomings and deficiencies in relevant technical solutions. It also looks forward to the future research directions of network security situational awareness models.

Key words: network security, information security, situation awareness, malicious software, firewall, intrusion detection, flow analysis, log audit

中图分类号:

TP393.08

方翔. 网络安全态势感知模型的研究进展[J]. 电子科技, 2024, 37(6): 98-102.

FANG Xiang. Research Progress in Network Security Situation Awareness Models[J]. Electronic Science and Technology, 2024, 37(6): 98-102.

参考文献 41

[1]	Kaspersky L. Global IT security risks survey[EB/OL].(2011-11-16)[2023-05-12]https://www.kaspersky.com.
[2]	Bass T. Multisensor data fusion for next generation distributed intrusion detection systems[C]. Boston: IRIS National Symposium on Sensor and Data Fusion,CiteSeer,1999:23-59.
[3]	Bass T. Intrusion detection systems and multisensor data fusion:Creating cyberspace situational awareness[J]. Communications of the ACM, 1999, 43(4):99-105.
[4]	O'Kane P, Sezer S, Mclaughlin K. Obfuscation:The hidden malware[J]. IEEE Security and Privacy, 2011, 9(5):41-47.
[5]	Bearavolu R, Lakkaraju K, Yurcik W, et al. A visualization tool for situational awareness of tactical and strategic security events on large and complex computer networks[C]. Philadelphia: Military Communications Conference,IEEE,2003:497-508.
[6]	Mica R E. Design and evaluation for situation awareness enhancement[J]. Proceedings of the Human Factors Society Annual Meeting, 1988, 32(2):97-101.
[7]	Onwubiko C. Functional requirements of situational awareness in computer network security[C]. Arlington: IEEE International Conference on Intelligence and Security Informatics,2009:556-570.
[8]	D'Amico A, Kocka M. Information assurance visualizations for specific stages of situational awareness and intended uses:lessons learned[C]. Santa Ana: IEEE Workshop on Visualization for Computer Security,2005:298-305.
[9]	Bass T. Cyberspace situational awareness demands mimic traditional command requirements[J]. Signal-Falls Church Virginia Then Fairfax, 2000, 54(6):83-84.
[10]	Endsley M R. Toward a theory of situation awareness in dynamic systems[J]. Human Factors, 1995, 37(1):32-64.
[11]	Mcguinness B, Foy L. Subjective measure of SA:The crew awareness rating scale[C]. Wichita: The Human Performance,Situation Awareness an Automation Conference,2000:896-902.
[12]	Lakkaraju K, Yurcik W, Lee A J. NVisionIP:NetFlow visualizations of system state for security situational awareness[C]. Colorado Springs: Workshop on Visualization and Data Mining for Computer Security,2004:59-68.
[13]	Yin X, Yurcik W, Li Y, et al. VisFlowConnect:Providing security situational awareness by visualizing network traffic flows[C]. Honolulu: IEEE International Conference on Performance,Computing,and Communications,2004:87-94.
[14]	Yin X, Yurcik W B, Treaster M, et al. VisFlowConnect:Netflow visualizations of link relationships for security situational awareness[C]. Guangzhou: ACM Workshop on Visualization and Data Mining for Computer Security,2004:3511-3521.
[15]	Yin X, Yurcik W, Slagell A J. The design of VisFlowConnect-IP:A link analysis system for IP security situational awareness[C]. Honolulu: IEEE International Workshop on Information Assurance,2005:89-96.
[16]	Lai J, Wang H, Liang Z. Study of network security situation awareness model based on simple additive weight and grey theory[C]. Beijing: International Conference on Computational Intelligence and Security,IEEE,2006:106-118.
[17]	Wei H, Li J, Shi J. A Novel approach to cyberspace security situation based on the vulnerabilities analysis[C]. Xi'an: World Congress on Intelligent Control and Automation,IEEE,2006:1623-1630.
[18]	Liu X, Wang H, Lai J, et al. Network security situation awareness model based on heterogeneous multi-sensor data fusion[C]. Wuhan: International Symposium on Computer and Information Sciences,IEEE,2007:597-608.
[19]	Liu X, Wang H, Lai J, et al. Multiclass support vector machines theory and its data fusion application in network security situation awareness[C]. Honolulu: International Conference on Wireless Communications,Networking and Mobile Computing,IEEE,2007:339-348.
[20]	Liu X, Yu J, Wang M L. Network security situation generation and evaluation based on heterogeneous sensor fusion[C]. Hangzhou: International Conference on Wireless Communications,Networking and Mobile Computing,IEEE,2009:668-675.
[21]	Zhang Y, Tan X, Xi H. A novel approach to network security situation awareness based on multi-perspective analysis[C]. Nanjing: International Conference on Computational Intelligence and Security,IEEE,2007:356-360.
[22]	Wang J, Zhang F L, Jing J, et al. Alert analysis and threat evaluation in network situation awareness[C]. Lanzhou: International Conference on Communications,Circuits and Systems,IEEE,2010:621-628.
[23]	Li Z, Goyal A, Yan C, et al. Towards situational awareness of large-scale botnet probing events[J]. IEEE Transactions on Information Forensics and Security, 2011, 6(1):175-188.
[24]	Preden J, Motus L, Meriste M, et al. Situation awareness for networked systems[C]. Omaha: IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support,2011:502-509.
[25]	Zhang H, Shi J, Chen X. A multi-level analysis framework in network security situation awareness[J]. Procedia Computer Science, 2013, 17(5):530-536.
[26]	Li F, Zhang X, Zhu J, et al. A improved network security situation awareness model[J]. Security and Safety, 2015, 2(5):85-89.
[27]	Singh M, Bhandari P. Building a framework for network security situation awareness[C]. Argentina: International Conference on Computing for Sustainable Global Development,IEEE,2016:1256-1263.
[28]	Xu G, Cao Y, Ren Y, et al. Network security situation awareness based on semantic ontology and user-defined rules for Internet of Things[J]. IEEE Access, 2017, 8(1):1-10.
[29]	Liu D L, Dong L I, Lei M A, et al. Research on electric power information systems network security situation awareness based on big data technology[C]. Changsha: The Third Annual International Conference on Electronics,Electrical Engineering and Information Science,2017:785-792.
[30]	Dongmei Z, Jinxing L. Study on network security situation awareness based on particle swarm optimization algorithm[J]. Computers and Industrial Engineering, 2018, 125(2):764-775.
[31]	Yue G, Zhang S. A network security situation awareness method based on multi-source information fusion[C]. Guangzhou: The Second International Forum on Management,Education and Information Technology Application,2018:985-996.
[32]	Chen D, Fu R, Song S, et al. Network security situation awareness of power dispatching automation system based on LDA-RBF[C]. Sanya: The Fifth IEEE International Conference on Cloud Computing and Intelligence Systems,2018:622-628.
[33]	Zhang H, Yi Y, Wang J, et al. Network security situation awareness framework based on threat intelligence[J]. Computers,Materials and Continua, 2018, 56(3):381-399.
[34]	Zhu B, Chen Y, Cai Y. Three kinds of network security situation awareness model based on big data[J]. International Journal of Network Security, 2019, 21(1):115-121.
[35]	Xiao J, Zhang B, Luo F. Distribution network security situation awareness method based on security distance[J]. IEEE Access, 2019, 10(3):37855-37864.
[36]	Zhang D, Qian K, Wang W, et al. Network security situation awareness technology based on multi-source heterogeneous data[C]. Nanjing: International Conference on Cyberspace Innovation of Advanced Technologies,2020:721-730.
[37]	Cao Y, Li X, Zhang S, et al. Design of network security situation awareness analysis module for electric power dispatching and control system[C]. Xi'an: The Second International Conference on Information Technology and Computer Application,2020:3019-3025.
[38]	Liu D. Prediction of network security based on DS evidence theory[J]. ETRI Journal, 2020, 42(5):799-804.
[39]	Zhao Z, Peng Y, Huang J, et al. An evaluation method of network security situation using data fusion theory[J]. International Journal of Performability Engineering, 2020, 16(7):1046-1057.
[40]	Wang X, Han Z, Yu R. Security situation prediction method of industrial control network based on ant colony-RBF neural network[C]. Qinhuangdao: International Conference on Big Data,Artificial Intelligence and Internet of Things Engineering,IEEE,2021:623-629.
[41]	Ding C, Chen Y, Algarni A M, et al. Application of fractal neural network in network security situation awareness[J]. Interdisciplinary Journal on the Complex Geometry of Nature, 2022, 30(2):1-13.