Affiliation:
1. Beijing Institute of System Engineering
2. Nation Key Laboratory of Science and Technology on Information System Security
Abstract
Situation awareness is a kind of the third generation of information security technology, which aims to provide the global security views of the cyberspace for administrators. A framework of cyber security situation awareness based on data mining is proposed in this paper. The framework can be viewed from two perspectives, one is data flow, which presents the abstracting of cyber data, and the other one is logic view, which presents the procedure of situation awareness. The frameworks core component is correlation state machine, which is an extension of state machine. The correlation state machine is a data structure of achieving situation awareness, which is created based on the technology of data mining. After being created, it can be used to assess and predict the threat situation to achieve cyber knowledge. We conclude with an example of how the framework can be applied to real world to provide cyber security situation for administrators.
Publisher
Trans Tech Publications, Ltd.
Reference13 articles.
1. Bass T. Multi-Sensor Data Fusion for next Generation Distributed Intrusion Detection Systems [C]. 1999 IRIS National Symposium on Sensor and Data Fusion, Laurel, USA, 1999(1): 24-27.
2. Bass T. Intrusion Detection Systems and Multi-Sensor Data Fusion: Creating Cyberspace Situation Awareness [J]. Communications of the ACM, 2000, 43(4): 99-105.
3. Feng Xuewei, Wang Dongxia. A Framework of Network Security Situation Analysis Based on the Technologies of Event Correlation and Situation Assessment. 2011 International workshop on Frontiers of Secure Networks.
4. Wang Huiqiang, Lai Jibao, Hu Mingming. Research on the key implement technology of network security situation awareness[J]. Geomatics and Information Science of Wuhan University. 2008, Vol. 33 No. 10 (in Chinese).
5. Wang Yanbo, Wang Huiqiang, Wang Xiufeng, Yu Ming. Design of multi-source and heterogeneous log sensor for network situational awareness. Transducer and Microsystem Technologies. 2010. Vol. 29 No. 3 (in Chinese).