Toward real-time network-wide cyber situational awareness

Jirsík, Tomáš; Čeleda, Pavel

doi:10.1109/noms.2018.8406166

Cited by 11 publications

(10 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Having introduced the architecture for real-time IP flow monitoring, we combine the traditional batch-based approach to IP flow monitoring with the real-time approach to achieve a complex solution that provides real-time network-wide cyber situation awareness in [11]. To combine these two approaches we take advantage of the concept called lambda architecture.…”

Section: B Toward Real-time Network-wide Cyber Situation Awarenessmentioning

confidence: 99%

Cyber Situation Awareness via IP Flow Monitoring

Jirsík

Čeleda

2020

NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium

Self Cite

View full text Add to dashboard Cite

Cyber situation awareness has been recognized as a vital requirement for effective cyber defense. Cyber situation awareness allows cybersecurity operators to identify, understand, and anticipate incoming threats. Achieving and maintaining the cyber situation awareness is a challenging task given the continuous evolution of the computer networks, increasing volume and speeds of the data in a network, and rising number of threats to network security. Our work contributes to the continuous evolution of cyber situation awareness by the research of novel approaches to the perception and comprehension of a computer network. We concentrate our research efforts on the domain of IP flow network monitoring. We propose improvements to the IP flow monitoring techniques that enable the enhanced perception of a computer network. Further, we conduct detailed analyses of network traffic, which allows for an in-depth understanding of host behavior in a computer network. Last but not least, we propose a novel approach to IP flow network monitoring that enables real-time cyber situation awareness.

show abstract

Section: B Toward Real-time Network-wide Cyber Situation Awarenessmentioning

confidence: 99%

Cyber Situation Awareness via IP Flow Monitoring

Jirsík

Čeleda

2020

NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…Probably the best-known tools were proposed by MITRE [92], such as CyGraph [73]. Applied research and experimental deployment are becoming subject of research by other research groups as well [48,54,56,78,80].…”

Section: Publications On Csamentioning

confidence: 99%

“…Finally, a research group on CSA has been established at the Computer Security Incident Response Team of Masaryk University 7 . The network-wide cyber situational awareness with a focus on the perception and comprehension using IP flows is investigated by Jirsík et al [53,54]. Husák et al focused on the predictive aspects of CSA [46,47].…”

Section: Research Groupsmentioning

confidence: 99%

SoK

Husák

Jirsík

Yang

2020

Proceedings of the 15th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Cyber situational awareness is an essential part of cyber defense that allows the cybersecurity operators to cope with the complexity of today's networks and threat landscape. Perceiving and comprehending the situation allow the operator to project upcoming events and make strategic decisions. In this paper, we recapitulate the fundamentals of cyber situational awareness and highlight its unique characteristics in comparison to generic situational awareness known from other fields. Subsequently, we provide an overview of existing research and trends in publishing on the topic, introduce front research groups, and highlight the impact of cyber situational awareness research. Further, we propose an updated taxonomy and enumeration of the components used for achieving cyber situational awareness. The updated taxonomy conforms to the widely-accepted three-level definition of cyber situational awareness and newly includes the projection level. Finally, we identify and discuss contemporary research and operational challenges, such as the need to cope with rising volume, velocity, and variety of cybersecurity data and the need to provide cybersecurity operators with the right data at the right time and increase their value through visualization. CCS CONCEPTS • Security and privacy → Formal security models; • Networks → Network security.

show abstract

“…An active and reliable security strategy is urgently needed. Network security situation awareness (NSSA) is a process that can comprehensively analyze the network security status [5]. It can obtain the situation elements in a large-scale network and calculate and analyze them to predict the future trend of the network [6].…”

Section: Introductionmentioning

confidence: 99%

Research on gray correlation analysis and situation prediction of network information security

Shi

Zhang

2021

EURASIP J. on Info. Security

View full text Add to dashboard Cite

In order to further improve the accuracy and efficiency of network information security situation prediction, this study used the dynamic equal-dimensional method based on gray correlation analysis to improve the GM (1, N) model and carried out an experiment on the designed network security situation prediction (NSSP) model in a simulated network environment. It was found that the predicted result of the improved GM (1, N) model was closer to the actual value. Taking the 11th hour as an example, the predicted value of the improved GM (1, N) model was 28.1524, which was only 0.8983 larger than the actual value; compared with neural network and Markov models, the error of the improved GM (1, N) model was smaller: the average error was only 2.3811, which was 67.88% and 70.31% smaller than the other two models. The improved GM (1, N) model had a time complexity that was 49.99% and 39.53% lower than neural network and Markov models; thus, it had high computational efficiency. The experimental results verify the effectiveness of the improved GM (1, N) model in solving the NSSP problem. The improved GM (1, N) model can be further promoted and applied in practice and deployed in the network of schools and enterprises to achieve network information security.

show abstract

Toward real-time network-wide cyber situational awareness

Cited by 11 publications

References 10 publications

Cyber Situation Awareness via IP Flow Monitoring

Cyber Situation Awareness via IP Flow Monitoring

SoK

Research on gray correlation analysis and situation prediction of network information security

Contact Info

Product

Resources

About