Computer Engineering and Applications ›› 2019, Vol. 55 ›› Issue (24): 1-9.DOI: 10.3778/j.issn.1002-8331.1906-0349

Previous Articles     Next Articles

Survey of Research on Network Security Situation Awareness

SHI Leyi, LIU Jia, LIU Yihao, ZHU Hongqiang, DUAN Pengfei   

  1. College of Computer and Communication of Engineering, China University of Petroleum, Qingdao, Shandong 266580, China
  • Online:2019-12-15 Published:2019-12-11



  1. 中国石油大学(华东) 计算机与通信工程学院,山东 青岛 266580

Abstract: Different from traditional security measures, network security situation awareness can identify the behavior of various activities in the network and conduct intent understanding and impact assessment from a macro perspective so as to provide reasonable decision support. It has great significance in improving network monitoring capabilities, emergency response capabilities, and predicting the development trend of network security. This paper first separately generalizes the definitions of situation awareness and network security situation awareness, and then sorts out the classical and newly developed system models. It introduces the key technologies of network security situation awareness, which is mainly divided into hierarchical analysis, machine learning, immune system and game theory. Then the latest application of network security situation awareness in Internet, industrial control network and Internet of Things are explained. It summarizes and forecasts the future development trends and problems that need to be solved.

Key words: network security, situation awareness, data fusion, situation assessment, situation prediction

摘要: 网络安全态势感知不同于传统的安全措施,它可以对网络中各种活动的行为进行辨识,从宏观的角度进行意图理解和影响评估,进而提供合理的决策支持,在提高网络的监控能力、应急响应能力及预测网络安全的发展趋势等方面都具有重要的意义。分别对态势感知和网络安全态势感知的定义进行了归纳梳理,对经典的态势感知模型和新发展的网络安全态势感知模型进行了总结与对比;介绍了网络安全态势感知的关键技术,主要分为基于层次化分析、机器学习、免疫系统和博弈论的技术;介绍了近年来网络安全态势感知在因特网、工控网和物联网中的应用;对其未来发展趋势和待解决的问题进行了总结与展望。

关键词: 网络安全, 态势感知, 数据融合, 态势评估, 态势预测