Current Network Security Situation Research Articles

VTion-PatchTST: Elevated PatchTST model for network security situation prediction

The rapid development of network attack techniques increases the risk of the internet being attacked, thus necessitating timely and effective network protection mechanisms. Network security situation prediction is a proactive defense method, the results of which can help formulate defense strategies in advance. The current network security situation prediction mainly focuses on single-step prediction, and the accuracy of multi-step prediction needs to be improved. By introducing three technologies: Variational Mode Decomposition (VMD), Temporal Convolutional Networks (TCN), Feature Fusion, an improved PatchTST model is proposed to solute the issue. VMD decomposes a complex sequence of historical situational values into multiple relatively stable subsequences with different features to make the model channel modeling specific. TCN enhances the ability of the model to extract temporal features. Feature fusion makes predictions more comprehensive through cross-channel linking. Both experiments and evaluations are conducted on the UNSW-NB15 and CIC-IDS2017 public datasets, and nine baseline models are used to compare with the proposed VTion-PatchTST. The experimental results show that the proposed model is more applicable to cybersecurity situation forecasting, with an relative average reduction of 40.3% and 29.0% in Mean Square Error (MSE) and Mean Absolute Error (MAE), respectively.

Gradient importance enhancement based feature fusion intrusion detection technique

In order to better deal with the current unstable network security situation and improve the accuracy and generalization ability of the intrusion detection model, this paper proposes a feature fusion technique based on gradient importance enhancement, which combines feature fusion and feature enhancement to increase the diversity of sample features, so that the model can focus more on the sample features related to classification, making the model more generalizable and improving the accuracy of the model. The final model was experimented on two datasets, NSL-KDD and CICIDS2017, and its accuracy reached 99.84% and 99.78%, respectively.

A Model of Network Security Situation Assessment Based on BPNN Optimized by SAA-SSA

In order to address the problems that the accuracy and convergence of current network security situation assessment models need to be improved, a model of network security situation assessment based on SAA-SSA-BPNN is proposed. Using the characteristics of sparrow search algorithm (SSA) optimized by simulated annealing algorithm (SAA) with good stability, fast convergence speed and is not easy to fall into local optimum to improve the BP neural network (BPNN), so as to find the best fitness individual, and obtain the optimal weight and threshold, then assign them to the BP neural network as the initial values. The preprocessed index data is input into the improved BP neural network model for training, and finally the threat degree of the network system is assessed based on the trained model. Comparative experimental results show that this assessment model has higher accuracy and faster convergence than other situation assessment models based on improved BP neural network.

The Construction Method of Computer Network Security Defense System Based on Multisource Big Data

This article proposes a computer network security defense system model based on multisource big data, which makes the security of computer networks more complete because of the shortage of current computer network security defense systems. The current network security situation is analyzed, and the problems faced in the field of network security are pointed out; then, multisource big data is introduced, and the characteristics of the multisource big data model are analyzed. This article proposes an information system network security model, which formally describes the relationship between network behavior among nodes, security threats, network attacks, and defense capability of security devices in an information system. After that, a network security defense system measurement scheme is constructed based on hierarchical analysis, and quantitative indicators of defense effectiveness are defined in two dimensions: risk severity of security threats and defense response actions of security devices, which enables quantitative evaluation of the security defense system, and then identifies omissions and defects of the network security defense system. A defense system measurement and optimization system is designed based on the proposed network security system measurement and optimization scheme. The application analysis of the project is combined with the actual scenarios. Through the evaluation and optimization of the security defense system in the natural methods, it is proved that the network security defense system evaluation and optimization scheme proposed in this article has reasonableness and effectiveness in the actual application.

APPLICATION OF FRACTAL NEURAL NETWORK IN NETWORK SECURITY SITUATION AWARENESS

The purposes are to accurately perceive the network security situations and predict the development trend and effectively defend against network attacks during the operation of the Internet. The Long Short-Term Memory (LSTM) network is adopted as the subject of the network security situation awareness and prediction model. Moreover, it is optimized by the Genetic Algorithm (GA) to improve its global search capability. Then, a Fractal Neural Network (FNN) is constructed in combination with fractal theory, which is utilized in network security situation awareness to avoid the exploding or vanishing gradient problems. The KDD CUP 99 standard dataset is applied to verify the performance of the proposed GA-LSTM FNN; results demonstrate that its accuracy of network security situation awareness can reach 90.22%. The experimental results confirm that using the fractal difference function as the activation function can deliver the gradient variation in a balanced and stable manner. Besides, it can improve the feasibility and effectiveness of the neural network structure for network security situation awareness and prediction. The FNN studied is of practical significance for assessing the current network security situation and predicting its evolution trend, providing a reference for protecting the operation of the Internet from network attacks.

Network Security Situation Assessment Based on Improved WOA-SVM

Network security situation assessment is an important means of understanding the current network security situation to provide a basis for taking security measures. To address the problem that the accuracy of existing network security situation assessment methods needs to be improved, this paper proposes a network security situation assessment method based on support vector machine (SVM) optimized by whale optimization algorithm (WOA) that is improved by adaptive weight (AW) combined with simulated annealing algorithm (SA). In this method, the SVM is embedded into the fitness function calculation of the improved WOA, and the global optimization characteristics of WOA are used to determine the optimal penalty parameter c and kernel function parameter g of the SVM. To solve the problem of the WOA being prone to falling into local extremum and slow convergence when solving large and complex data problems, an adaptive weight is used to adjust the whale position update coefficient, and a simulated annealing algorithm (SA) is used to increase random search factors to avoid falling into local extremum, so as to improve the global optimization ability. The experimental results show that this method is feasible, can assess the network security situation more accurately, and has better convergence than other assessment algorithms based on an improved SVM.

Brief Analysis of Security Protection Practice of Key Information Infrastructure in Communication Industry

To solve the problem how to effectively identify critical information infrastructure challenges that the communications industry, improve pertinence and effectiveness of the security and protection work, this paper reports the legislative background of critical information infrastructure protection at home and abroad and the status quo, on the communications industry key information infrastructure security framework are discussed in this paper, by adopting the method of analytic hierarchy process (AHP), by calculating the key, Through the calculation of the critical degree, the paper proposes how to accurately identify the critical information infrastructure in the communication industry. This research is the latest practical exploration of the security protection work method of the critical information infrastructure in the communication industry, and is the urgent need of the current communication network security situation in China. It is hoped to take the implementation of the Regulations on the Security protection of Critical Information Infrastructure as an opportunity to publicize and promote the research method, continuously strengthen the security protection of critical information infrastructure, realize the high-quality development of the communication industry, and better empower the economic and social development.

Malicious traffic detection combined deep neural network with hierarchical attention mechanism

Given the gradual intensification of the current network security situation, malicious attack traffic is flooding the entire network environment, and the current malicious traffic detection model is insufficient in detection efficiency and detection performance. This paper proposes a data processing method that divides the flow data into data flow segments so that the model can improve the throughput per unit time to meet its detection efficiency. For this kind of data, a malicious traffic detection model with a hierarchical attention mechanism is also proposed and named HAGRU (Hierarchical Attention Gated Recurrent Unit). By fusing the feature information of the three hierarchies, the detection ability of the model is improved. An attention mechanism is introduced to focus on malicious flows in the data flow segment, which can reasonably utilize limited computing resources. Finally, compare the proposed model with the current state of the method on the datasets. The experimental results show that: the novel model performs well in different evaluation indicators (detection rate, false-positive rate, F-score), and it can improve the performance of category recognition with fewer samples when the data is unbalanced. At the same time, the training of the novel model on larger datasets will enhance the generalization ability and reduce the false alarm rate. The proposed model not only improves the performance of malicious traffic detection but also provides a new research method for improving the efficiency of model detection.

Vehicle Network Security Situation Assessment Method Based on Attack Tree

In order to solve the problem that the current vehicle network security situation assessment methods are seriously few, and the existing methods have low accuracy and are greatly affected by subjective factors, an attack tree-based vehicle network security situation assessment method is proposed. Firstly, the attack tree models are established to describe the network attacks the internet of vehicles may suffer from. Secondly, the security attributes of the attack path are determined, and each attack path is scored. At the same time, the fuzzy analytic hierarchy process is used to solve the weight values of each attack path. After that, weights and ratings are used to assess the security situation level of the threat. Finally, a comparative analysis of the security situation assessment with the analytic hierarchy process shows that the fuzzy analytic hierarchy process method can reduce the influence of human subjective factors and improve the credibility of the security situation assessment.

Research and Application of Hybrid Adaptive Forecasting Method Based on SOA

The current network security situation is becoming more and more severe. In order to improve the accuracy of network security situation prediction, a network security situation prediction method based on crowd search algorithm optimized BP neural network is proposed. This algorithm uses the four characteristics of egoism, altruism, pre-action and uncertain reasoning unique to the crowd search algorithm to determine the search strategy, finds the best fitness individual, obtains the optimal weights and thresholds, and then performs random initialization of the BP neural network The threshold and weight are assigned, and the predicted value is obtained after neural network training. Finally, it is compared with the predicted value obtained by the other two optimization algorithms. Experiments show that the algorithm used in network security situation prediction has higher accuracy, smaller errors, and better stability.

Dynamical model for individual defence against cyber epidemic attacks

When facing the on-going cyber epidemic threats, individuals usually set up cyber defences to protect their own devices. In general, the individual-level cyber defence is considered to mitigate the cyber threat to some extent. However, few previous studies focus on the interaction between individual-level defence and cyber epidemic attack from the perspective of dynamics. In this study, the authors propose a two-way dynamical framework by coupling the individual defence model with the cyber epidemic model to study the interaction between the network security situation and individual-level defence decision. A new individual-based heterogeneous model for cyber epidemic attacks is established to emphasise the individual heterogeneity in defence strategy. In the meanwhile, a Markov decision process is used to characterise the defence decision in the individual defence decision model. The theoretical and numerical results illustrate that the individual-level defence can dampen the cyber epidemic attack, but the current network security situation, in turn, influences the individual defence decision. Moreover, they obtain a glimpse of the network security situation and the individual defence with respect to different cyber epidemic scenarios.

An Adaptive Assessment and Prediction Mechanism in Network Security Situation Awareness

Network intrusion attempts have reached an alarming level. Cisco's 2014 Security Report indicated that 50,000 network intrusions were detected and 80 million suspicious web requests were blocked daily. Hence, Intrusion Prevention System (IPS) had been chosen as a defence mechanism in many organizations. However, the University of South Wales reported that seven big-brand IPS had failed to detect and block 34-49% of attacks in web-based applications. The accuracy of IPS can be improved if the network situation is also considered in preventing intrusion attempts. Knowledge about current and incoming network security situation is required before any precaution can be taken. Situation assessment and prediction are two main phases of Network Security Situation Awareness. This paper presents a network security situation assessment and prediction mechanism that proposes an Entropy-based situation assessment scheme to assess current network security status with the aid of the Analytical Hierarchy Process and the introduction of an adaptive situation prediction mechanism based on Grey Verhulst and Kalman Filtering to predict the incoming security situation. The effectiveness of the mechanism is evaluated using National Advanced IPv6 Center (NAv6) 2015 dataset. The findings demonstrated that Entropy-based Network Security Situation Assessment (E-NESSAS) assessed more comprehensively network security situation by using Entropy concept. Meanwhile, Adaptive Grey Verhulst-Kalman Network Security Situation Prediction (AGVK-NESSIP) provided high predictive accuracy with accuracy of 82.77%. The results clearly revealed that the proposed mechanism could assess current security situation systematically by E-NESSAS and was able to predict the situation more accurately by AGVK-NESSIP regardless of the time intervals and behaviour of the data sequence.

The Current Network Security Situation and Emergency Network Response

The Current Network Security Situation and Emergency Network Response

Constructing general cube to be aware of network security situation

Concerning the problems of limited current network security situation assessment scope,single information source,higher time and space complexity and larger deviation of the accuracy,a method was put forward to construct general cube,which can be aware of the network security situation. The continuous situation factor data monitored can be pretreated by discretizing by "3σ rule"and aggregated in the general built cube,that fused into component security situation vertically and merged into the network security situation from component security situation using statistical methods horizontally. It can provide reliable reference to enhance network security. Finally,making full use of network data,the network security situation awareness model and algorithm proposed are verified and the experimental results show correctness of this method.

Network Threat Identification and Analysis Based on a State Transition Graph

Abstract With the rapid popularity of Internet and information technology, local area network is becoming insecure. Along with the improving advantages, security threats are emerging continually and bringing great pressure and challenges. An identification and analysis method for network real-time threats is proposed to accurately assess and master the current network security situation, and thereby preferably guide a dynamic defense. This method recognizes the current threats and predicts the subsequent threats by modeling attack scenarios and simulating attack state transferring. The threat identification model is called Attack State Transition Graph and Real-Time Attack State Graph, which is constructed by an Expanded Finite-State Automata. Based on the former possible threat paths, the state transitions can be illustrated and based on the latter, actually successful threats and threat paths are described. Then a threat identification algorithm is presented based on the above model. With this algorithm, various invalid threats are filtered; current valid threats are obtained by correlating the dynamic alarms with a static attack scenario. Further on, combining the Attack State Transition Graph with a Real-Time Attack State Graph, a possible next threat and a threat path can be identified and an attack target can also be predicted. Finally, the simulated results in an experimental network verify the feasibility and validity of the model and algorithm. This method provides a novel solution to evaluate and analyze the network security situation.

A New Network Security Evaluation Conceptual Model

Network security situation awareness model is the research basis in network security situation awareness. Through building this model, we can measure the relationships among system components and that between the components and environments. We put forward the conceptual model of network security situation awareness, and establish the model of current network security situation evaluation and future network security situation prediction.

The Quantification of Overlay Network Congestion Based on Compressive Sensing

To obtain overlay network traffic and delay information between two hosts is important for network management, monitoring, design, planning and assessment. Traffic matrix and delay matrix represent the traffic and delay information between two hosts, so introduce the concept of the overlay network traffic matrix and delay matrix. Compressive sensing theory restores traffic matrix and delay matrix but is not suitable for overlay network. This paper improves compressive sensing algorithm to make it more applicable to overlay network traffic matrix and delay matrix restoration. After calculating the traffic matrix and delay matrix this paper quantifies overlay network congestion, which reflect the current network security situation. The experimental results show the restoration effect of traffic matrix and delay matrix is well and the congestion degree reflects the actual network state.

WNN-Based Network Security Situation Quantitative Prediction Method and Its Optimization

The accurate and real-time prediction of network security situation is the premise and basis of preventing intrusions and attacks in a large-scale network. In order to predict the security situation more accurately, a quantitative prediction method of network security situation based on Wavelet Neural Network with Genetic Algorithm (GAWNN) is proposed. After analyzing the past and the current network security situation in detail, we build a network security situation prediction model based on wavelet neural network that is optimized by the improved genetic algorithm and then adopt GAWNN to predict the non-linear time series of network security situation. Simulation experiments prove that the proposed method has advantages over Wavelet Neural Network (WNN) method and Back Propagation Neural Network (BPNN) method with the same architecture in convergence speed, functional approximation and prediction accuracy. What is more, system security tendency and laws by which security analyzers and administrators can adjust security policies in near real-time are revealed from the prediction results as early as possible.