Open AccessResearch on Key Technologies of Network Security Situational Awareness for Attack Tracking Prediction
Author(s) -
Kou Guang,
Wang Shuo,
Tang Guangming
Publication year - 2019
Publication title -
chinese journal of electronics
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.267
H-Index - 25
eISSN - 2075-5597
pISSN - 1022-4653
DOI - 10.1049/cje.2018.10.007
Subject(s) - computer science , vulnerability (computing) , key (lock) , situation awareness , situation analysis , network security , computer security , intrusion detection system , path (computing) , event (particle physics) , exploit , intrusion , data mining , computer network , engineering , aerospace engineering , physics , geochemistry , marketing , quantum mechanics , geology , business
This paper analyzed the existing network security situation evaluation methods and discovered that they cannot accurately reflect the features of large‐scale, synergetic, multi‐stage gradually shown by network attack behaviors. For this purpose, the association between attack intention and network configuration information was deep analyzed. Then a network security situation evaluation method based on attack intention recognition was proposed. Unlike traditional method, the evaluation method was based on intruder. This method firstly made causal analysis of attack event and discovered and simplified intrusion path to recognize every attack phases, then realized situation evaluation based on the attack phases. Lastly attack intention was recognized and next attack phase was forecasted based on achieved attack phases, combined with vulnerability and network connectivity. A simulation experiments for the proposed network security situation evaluation model is performed by network examples. The experimental results show that this method is more accurate on reflecting the truth of attack. And the method does not need training on the historical sequence, so the method is more effective on situation forecasting.