TY - JOUR
T1 - Network security situation awareness framework based on threat intelligence
AU - Zhang, Hongbin
AU - Yi, Yuzi
AU - Wang, Junshe
AU - Cao, Ning
AU - Duan, Qiang
N1 - Funding Information:
Acknowledgement: This research was supported in part by the National Natural Science Foundation of China under grant numbers 61672206, 61572170.
Publisher Copyright:
© 2018 Tech Science Press.
PY - 2018
Y1 - 2018
N2 - Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.
AB - Network security situation awareness is an important foundation for network security management, which presents the target system security status by analyzing existing or potential cyber threats in the target system. In network offense and defense, the network security state of the target system will be affected by both offensive and defensive strategies. According to this feature, this paper proposes a network security situation awareness method using stochastic game in cloud computing environment, uses the utility of both sides of the game to quantify the network security situation value. This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine, then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense. In attack prediction, cyber threat intelligence is used as an important basis for potential threat analysis. Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method, and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening. If there is no applicable cyber threat intelligence, using the Nash equilibrium to make predictions for the attack behavior. The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.
UR - http://www.scopus.com/inward/record.url?scp=85054157103&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85054157103&partnerID=8YFLogxK
U2 - 10.3970/cmc.2018.03787
DO - 10.3970/cmc.2018.03787
M3 - Article
AN - SCOPUS:85054157103
VL - 56
SP - 381
EP - 399
JO - Computers, Materials and Continua
JF - Computers, Materials and Continua
SN - 1546-2218
IS - 3
ER -