Research on Network Security Situation Awareness Based on the LSTM-DT Model

Zhang, Haofang; Kang, Chunying; Xiao, Yao

doi:10.3390/s21144788

Cited by 37 publications

(13 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Situational awareness has emerged as a hot topic in the cyber security industry, due to its capacity to improve decision-making by applying a three-layer model of observation, understanding, and prediction [12,13]. In the early stage when security situational awareness was proposed, literature [14] proposed a security situational awareness model based on simple weighting method and gray theory; literature [14] proposed a network security situational assessment scheme based on attack mode identification; literature [15] summarized the current research direction and found that the research work mainly focused on the simple static evaluation, and the dynamic analysis from the possible transformation of attack activities was seriously insufficient, including early warning analysis and other aspects; Reference [16] discusses that the security situational awareness elements are extracted from the attacker, the defender, and the network environment, and a security situational prediction method based on the analysis of the spatiotemporal dimension is further formed. Reference [17] applies the LAMBDA language to support the elaboration of the template and matching process.…”

Section: Literature Reviewmentioning

confidence: 99%

Research on Network Security Situational Awareness Based on Crawler Algorithm

Wei

Vasgi³

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Network security situation awareness is a critical basis for security solutions because it displays the target system’s security state by assessing actual or possible cyber-attacks in the target system. Aiming at the security and stability of global information flow, this paper studies the perception and measurement of the overall situation of network security. Through the Scrappy web crawler framework, data were collected from several Zhiming network security event websites, and based on the vulnerability database of China Computer Network Intrusion Prevention Center, the network security event database was designed and established, which enriched the data of situational awareness research. This study investigates the analysis and processing of network security events, a crucial parameter in the stage of security insight and perception, and builds and implements a text-based network security event analysis tool. By designing a network security event analysis tool based on text processing, the data cleaning of network security time text information is completed, and a set of network security event processing solutions with high applicability and comprehensiveness are formed. Statistical experimental results show that the network security event database built based on the crawler algorithm contains 43,848 pieces of data, which increases the capacity by 12.79% and 29.33% compared with the traditional algorithm, and reduces the reading time by 63.5% and 87.2%.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

Research on Network Security Situational Awareness Based on Crawler Algorithm

Wei

Vasgi³

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Recurrent Neural Network (RNN) [ 8 ] is a deep learning network for processing serialized data. By introducing recurrent connections between hidden layer units in adjacent time steps, RNN can effectively use historical information and it can make decisions on time series data, so it is widely used in the field of network traffic detection [ 9 , 10 , 11 ]. However, the phenomenon of exploding or vanishing gradients after multi-stage propagation of all time series data will cause the neural network to lose its long-term learning ability.…”

Section: Methodsmentioning

confidence: 99%

Anomalous Network Traffic Detection Method Based on an Elevated Harris Hawks Optimization Method and Gated Recurrent Unit Classifier

Xiao

Kang

et al. 2022

Sensors

Self Cite

View full text Add to dashboard Cite

In recent years, network traffic contains a lot of feature information. If there are too many redundant features, the computational cost of the algorithm will be greatly increased. This paper proposes an anomalous network traffic detection method based on Elevated Harris Hawks optimization. This method is easier to identify redundant features in anomalous network traffic, reduces computational overhead, and improves the performance of anomalous traffic detection methods. By enhancing the random jump distance function, escape energy function, and designing a unique fitness function, there is a unique anomalous traffic detection method built using the algorithm and the neural network for anomalous traffic detection. This method is tested on three public network traffic datasets, namely the UNSW-NB15, NSL-KDD, and CICIDS2018. The experimental results show that the proposed method does not only significantly reduce the number of features in the dataset and computational overhead, but also gives better indicators for every test.

show abstract

“…(3) Assessment methods based on semiquantitative information first set the initial parameters of the model according to expert experience and then use quantitative data to train the model to obtain the network security situation values. Some example methods include dynamic Bayesian networks [24], hidden Markov models [25], D-S and BP neural networks [26], D-S and radial basis perceptron (RBP) neural networks [27], long short-term memory networks and decision tree algorithms [28]. Such methods consider both qualitative knowledge and quantitative data and utilize expert knowledge for modeling in the early stage to ensure that the model can accurately evaluate the security situation of the complex Industrial Internet network system when few data samples are available.…”

Section: Introductionmentioning

confidence: 99%

A New Model for Network Security Situation Assessment of the Industrial Internet

Cheng¹,

Li²,

Wang³

et al. 2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

To address the problem of network security situation assessment in the Industrial Internet, this paper adopts the evidential reasoning (ER) algorithm and belief rule base (BRB) method to establish an assessment model. First, this paper analyzes the influencing factors of the Industrial Internet and selects evaluation indicators that contain not only quantitative data but also qualitative knowledge. Second, the evaluation indicators are fused with expert knowledge and the ER algorithm. According to the fusion results, a network security situation assessment model of the Industrial Internet based on the ER and BRB method is established, and the projection covariance matrix adaptive evolution strategy (P-CMA-ES) is used to optimize the model parameters. This method can not only utilize semiquantitative information effectively but also use more uncertain information and prevent the problem of combinatorial explosion. Moreover, it solves the problem of the uncertainty of expert knowledge and overcomes the problem of low modeling accuracy caused by insufficient data. Finally, a network security situation assessment case of the Industrial Internet is analyzed to verify the effectiveness and superiority of the method. The research results show that this method has strong applicability to the network security situation assessment of complex Industrial Internet systems. It can accurately reflect the actual network security situation of Industrial Internet systems and provide safe and reliable suggestions for network administrators to take timely countermeasures, thereby improving the risk monitoring and emergency response capabilities of the Industrial Internet.

show abstract

Research on Network Security Situation Awareness Based on the LSTM-DT Model

Cited by 37 publications

References 24 publications

Research on Network Security Situational Awareness Based on Crawler Algorithm

Research on Network Security Situational Awareness Based on Crawler Algorithm

Anomalous Network Traffic Detection Method Based on an Elevated Harris Hawks Optimization Method and Gated Recurrent Unit Classifier

A New Model for Network Security Situation Assessment of the Industrial Internet

Contact Info

Product

Resources

About