Abstract
In order to deal with the problems that the increasing scale of the network in the real environment leads to the continuous high incidence of network attacks, the threat intelligence was applied to situational awareness, and the situational awareness model based on random game was constructed. Threat perception of the target system was performed by comparing the similarity between the exogenous threat intelligence and the internal security events of the system. At the same time, internal threat intelligence was generated based on the threat information inside the system. In this process, game theory was used to quantify the current network security situation of the system, evaluate the security status of the network. Finally, the prediction of the network security situation was realized. The experimental results show that the network security situation awareness method based on threat intelligence can reflect the changes in the network security situation and predict attack behaviors accurately.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhang, Q., Li, H., Hu, J.: A study on security framework against advanced persistent threat. In: IEEE International Conference on Electronics Information and Emergency Communication, pp. 128–131. IEEE, Macau (2017)
Cinar, C., Alkan, M., Dorterler, M., Dogru, I.A.: A study on advanced persistent threat. In: 2018 3rd International Conference on Computer Science and Engineering (UBMK) 2018, pp. 116–121. IEEE, Sarajevo (2018)
Li, Y., Dai, W., Bai, J., Gan, X., Wang, J., Wang, X.: An intelligence-driven security-aware defense mechanism for advanced persistent threats. IEEE Trans. Inf. Forensics Secur. 14(01), 646–661 (2019)
Endsley, M.R.: Toward a theory of situation awareness in dynamic systems. Hum. Factors 37(1), 32–64 (1995)
Bass, T.: Intrusion detection systems and multisensor data fusion: creating cyberspace situational awareness. Commun. ACM 43(4), 99–105 (2000)
He, F., Zhang, Y., Liu, H.: SCPN-based game model for security situational awareness in the Intenet of Things. In: 2018 IEEE Conference on Communications and Network Security (CNS), pp. 1–5. IEEE, Beijing (2018)
Li, T.F., Li, Q., Yu, X.: Network security situation awareness model based on topology vulnerability analysis. Comput. Appl. 38(S2), 157–163+169 (2018)
Ioannou, G., Louvieris, P., Clewley, N.: A markov multi-phase transferable belief model for cyber situational awareness. IEEE Access 7, 39305–39320 (2019)
Salfinger, A.: Framing situation prediction as a sequence prediction problem: a situation evolution model based on continuous-time markov chains. In: 22nd International Conference on Information Fusion (FUSION). IEEE, Ottawa (2019)
Lin, P., Chen, Y.: Dynamic network security situation prediction based on bayesian attack graph and big data. In: 2018 IEEE 4th Information Technology and Mechatronics Engineering Conference (ITOEC). IEEE, Chongqing (2018)
He, Y.M.: Assessment model of network security situation based on K Nearest Neighbor and Support Vector Machine. Comput. Eng. Appl. 49(09), 81–84 (2013)
Li, J.T.: APT Detection research based on DNS traffic and threat intelligence. Shanghai Jiaotong Univ. (2016)
Li, W.J., Jin, Q.Q., Guo, J.: Research on Security Situation Awareness and Intrusion Intention Recognition Based on Threat Intelligence Sharing. Comput. Modern. 2017(03), 65–70 (2017)
Zhang, H.B., Yi, Y.Z., Wang, J.S., Cao, N., Duan, Q.: Network security situation awareness framework based on threat intelligence. Comput. Mater. Continua 56(3), 381–399 (2018)
Lippmann, R.P., Fried, D.J., Zissman, M.A.: Evaluating intrusion detection systems: the 1998 DARPA Off-line intrusion detection evaluation. Comput. Netw. 34(4), 579–595 (2000)
Xi, R.R., Yun, X.C., Zhang, Y.Z., Hao, Z.Y.: An improved quantitative evaluation method for network security. Chin. J. Comput. 38(04), 749–758 (2015)
Canadian Institute for Cybersecurity. Intrusion Detection Evaluation Dataset (CIC-IDS2017) (2021). http://www.unb.ca/cic/datasets/ids-html
Zhao, D.: Research and implementation of construction and detection methods of virtual attack and real attack chains for feint attacks. Beijing Jiaotong Univ. (2019)
Acknowledgements
This research was supported by the National Natural Science Foundation of China under Grant No.61672206, No.61572170, S&T Program of Hebei under Grant No.18210109D, No.20310701D, No.16210312D, High-level Talents Subsidy Project in Hebei Province under Grant No.A2016002015, Technological Innovation Fund Project of Technological Small and Medium-sized Enterprises of Shijiazhuang under Grant No.9SCX01006, S&T research and development Program of Shijiazhuang under Grant No.191130591A.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhang, H., Yin, Y., Zhao, D., Liu, B., Gao, H. (2021). Network Security Situational Awareness Model Based on Threat Intelligence. In: Xiong, J., Wu, S., Peng, C., Tian, Y. (eds) Mobile Multimedia Communications. MobiMedia 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 394. Springer, Cham. https://doi.org/10.1007/978-3-030-89814-4_38
Download citation
DOI: https://doi.org/10.1007/978-3-030-89814-4_38
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89813-7
Online ISBN: 978-3-030-89814-4
eBook Packages: Computer ScienceComputer Science (R0)