Network security situation awareness framework based on threat intelligence

Hongbin Zhang, Yuzi Yi, Junshe Wang, Ning Cao, Qiang Duan

Research output: Contribution to journalArticle

13 Citations (Scopus)

Abstract

Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.

Original languageEnglish (US)
Pages (from-to)381-399
Number of pages19
JournalComputers, Materials and Continua
Volume56
Issue number3
DOIs
StatePublished - Jan 1 2018

Fingerprint

Situation Awareness
Network Security
Network security
Attack
Target
Virtual Machine
Prediction
Game
Framework
Intelligence
Fuzzy Optimization
Stochastic Games
Cloud computing
Cloud Computing
Security systems
Nash Equilibrium
Screening
Optimization Methods
Quantify
Evaluate

All Science Journal Classification (ASJC) codes

  • Biomaterials
  • Modeling and Simulation
  • Mechanics of Materials
  • Computer Science Applications
  • Electrical and Electronic Engineering

Cite this

Zhang, Hongbin ; Yi, Yuzi ; Wang, Junshe ; Cao, Ning ; Duan, Qiang. / Network security situation awareness framework based on threat intelligence. In: Computers, Materials and Continua. 2018 ; Vol. 56, No. 3. pp. 381-399.
@article{42dc1414063b40f4af503711a31bdc07,
title = "Network security situation awareness framework based on threat intelligence",
abstract = "Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.",
author = "Hongbin Zhang and Yuzi Yi and Junshe Wang and Ning Cao and Qiang Duan",
year = "2018",
month = "1",
day = "1",
doi = "10.3970/cmc.2018.03787",
language = "English (US)",
volume = "56",
pages = "381--399",
journal = "Computers, Materials and Continua",
issn = "1546-2218",
publisher = "Tech Science Press",
number = "3",

}

Network security situation awareness framework based on threat intelligence. / Zhang, Hongbin; Yi, Yuzi; Wang, Junshe; Cao, Ning; Duan, Qiang.

In: Computers, Materials and Continua, Vol. 56, No. 3, 01.01.2018, p. 381-399.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Network security situation awareness framework based on threat intelligence

AU - Zhang, Hongbin

AU - Yi, Yuzi

AU - Wang, Junshe

AU - Cao, Ning

AU - Duan, Qiang

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.

AB - Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.

UR - http://www.scopus.com/inward/record.url?scp=85054157103&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85054157103&partnerID=8YFLogxK

U2 - 10.3970/cmc.2018.03787

DO - 10.3970/cmc.2018.03787

M3 - Article

AN - SCOPUS:85054157103

VL - 56

SP - 381

EP - 399

JO - Computers, Materials and Continua

JF - Computers, Materials and Continua

SN - 1546-2218

IS - 3

ER -