Network security situation awareness framework based on threat intelligence

Hongbin Zhang; Yuzi Yi; Junshe Wang; Ning Cao; Qiang Duan

doi:10.3970/cmc.2018.03787

Network security situation awareness framework based on threat intelligence

Hongbin Zhang, Yuzi Yi, Junshe Wang, Ning Cao, Qiang Duan

Division of Engineering and Science (Abington)

Research output: Contribution to journal › Article

13 Citations (Scopus)

Abstract

Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.

Original language	English (US)
Pages (from-to)	381-399
Number of pages	19
Journal	Computers, Materials and Continua
Volume	56
Issue number	3
DOIs	https://doi.org/10.3970/cmc.2018.03787
State	Published - Jan 1 2018

Fingerprint

Situation Awareness

Network Security

Network security

Attack

Target

Virtual Machine

Prediction

Game

Framework

Intelligence

Fuzzy Optimization

Stochastic Games

Cloud computing

Cloud Computing

Security systems

Nash Equilibrium

Screening

Optimization Methods

Quantify

Evaluate

All Science Journal Classification (ASJC) codes

Biomaterials
Modeling and Simulation
Mechanics of Materials
Computer Science Applications
Electrical and Electronic Engineering

Cite this

Zhang, H., Yi, Y., Wang, J., Cao, N., & Duan, Q. (2018). Network security situation awareness framework based on threat intelligence. Computers, Materials and Continua, 56(3), 381-399. https://doi.org/10.3970/cmc.2018.03787

Zhang, Hongbin ; Yi, Yuzi ; Wang, Junshe ; Cao, Ning ; Duan, Qiang. / Network security situation awareness framework based on threat intelligence. In: Computers, Materials and Continua. 2018 ; Vol. 56, No. 3. pp. 381-399.

@article{42dc1414063b40f4af503711a31bdc07,

title = "Network security situation awareness framework based on threat intelligence",

abstract = "Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.",

author = "Hongbin Zhang and Yuzi Yi and Junshe Wang and Ning Cao and Qiang Duan",

year = "2018",

month = "1",

day = "1",

doi = "10.3970/cmc.2018.03787",

language = "English (US)",

volume = "56",

pages = "381--399",

journal = "Computers, Materials and Continua",

issn = "1546-2218",

publisher = "Tech Science Press",

number = "3",

}

Zhang, H, Yi, Y, Wang, J, Cao, N & Duan, Q 2018, 'Network security situation awareness framework based on threat intelligence', Computers, Materials and Continua, vol. 56, no. 3, pp. 381-399. https://doi.org/10.3970/cmc.2018.03787

Network security situation awareness framework based on threat intelligence. / Zhang, Hongbin; Yi, Yuzi; Wang, Junshe; Cao, Ning; Duan, Qiang.

In: Computers, Materials and Continua, Vol. 56, No. 3, 01.01.2018, p. 381-399.

Research output: Contribution to journal › Article

TY - JOUR

T1 - Network security situation awareness framework based on threat intelligence

AU - Zhang, Hongbin

AU - Yi, Yuzi

AU - Wang, Junshe

AU - Cao, Ning

AU - Duan, Qiang

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.

AB - Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.

UR - http://www.scopus.com/inward/record.url?scp=85054157103&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85054157103&partnerID=8YFLogxK

U2 - 10.3970/cmc.2018.03787

DO - 10.3970/cmc.2018.03787

M3 - Article

AN - SCOPUS:85054157103

VL - 56

SP - 381

EP - 399

JO - Computers, Materials and Continua

JF - Computers, Materials and Continua

SN - 1546-2218

IS - 3

ER -

Zhang H, Yi Y, Wang J, Cao N, Duan Q. Network security situation awareness framework based on threat intelligence. Computers, Materials and Continua. 2018 Jan 1;56(3):381-399. https://doi.org/10.3970/cmc.2018.03787

Access to Document

10.3970/cmc.2018.03787