Abstract: This paper proposes a novel Cyber Attack Situation Assessment method（CTDA） inspired by danger theory. Each host-based sensor takes charge of cyberspace threats detection, which is realized by artificial immune lymphocytes. The artificial immune response is triggered by the danger signal, which is caused by the unnaturally dying or distressed lymphocytes. Through receiving and dealing with danger signal, the cyberspace threat situation is evaluated by the assessment centre. Theoretical analysis and simulation results show that the presented method is feasible；it has overcome the deficiencies of the self and non-self based cyberspace situational awareness techniques, such as too huge self universe, too long time of immune tolerance, and etc. Therefore, it provides a novel solution to test and evalution of computer networking and information systems.

Key words: danger theory, cyber attack, situation assessment

摘要： 基于危险理论，提出了一种新的网络攻击态势评估方法。负责网络攻击检测的传感器部署在网络主机上，传感器中的人工免疫细胞受损或非正常死亡时发出危险信号；具有疫苗分发功能的评估中心通过接收、处理来自各传感器的危险信号并依据算法动态评估网络攻击态势。理论分析和实验结果表明该方法可行，能弥补基于自体/非自体识别机理的传统人工免疫网络态势感知技术自体集庞大、免疫耐受时间长等不足，为计算机网络与信息系统的安全测评提供了一种新途径。

关键词: 危险理论, 网络攻击, 态势评估