Network security situation awareness framework based on threat intelligence

Hongbin Zhang, Yuzi Yi, Junshe Wang, Ning Cao, Qiang Duan

Research output: Contribution to journalArticlepeer-review

17 Scopus citations

Abstract

Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.

Original languageEnglish (US)
Pages (from-to)381-399
Number of pages19
JournalComputers, Materials and Continua
Volume56
Issue number3
DOIs
StatePublished - 2018

All Science Journal Classification (ASJC) codes

  • Biomaterials
  • Modeling and Simulation
  • Mechanics of Materials
  • Computer Science Applications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Network security situation awareness framework based on threat intelligence'. Together they form a unique fingerprint.

Cite this