Network Security Situation Awareness Framework based on Threat Intelligence  被引量：3

作　　者：Hongbin Zhang Yuzi Yi Junshe Wang Ning Cao Qiang Duan 

机构地区：[1]School of Information Science and Engineering,Hebei University of Science and Technology,Shijiazhuang,050000,China [2]Hebei Key Laboratory of Network and Information Security,Hebei Normal University,Shijiazhuang,050024,China [3]College of Information Engineering,Qingdao Binhai University,Qingdao,266000,China [4]Department of Information Science&Technology,Pennsylvania State University,1600 Woodland Rd.Abington,Pa,19001,USA

出　　处：《Computers, Materials & Continua》2018年第9期381-399,共19页计算机、材料和连续体（英文）

基　　金：This research was supported in part by the National Natural Science Foundation of China under grant numbers 61672206,61572170.

摘　　要：Network security situation awareness is an important foundation for network security management,which presents the target system security status by analyzing existing or potential cyber threats in the target system.In network offense and defense,the network security state of the target system will be affected by both offensive and defensive strategies.According to this feature,this paper proposes a network security situation awareness method using stochastic game in cloud computing environment,uses the utility of both sides of the game to quantify the network security situation value.This method analyzes the nodes based on the network security state of the target virtual machine and uses the virtual machine introspection mechanism to obtain the impact of network attacks on the target virtual machine,then dynamically evaluates the network security situation of the cloud environment based on the game process of both attack and defense.In attack prediction,cyber threat intelligence is used as an important basis for potential threat analysis.Cyber threat intelligence that is applicable to the current security state is screened through the system hierarchy fuzzy optimization method,and the potential threat of the target system is analyzed using the cyber threat intelligence obtained through screening.If there is no applicable cyber threat intelligence,using the Nash equilibrium to make predictions for the attack behavior.The experimental results show that the network security situation awareness method proposed in this paper can accurately reflect the changes in the network security situation and make predictions on the attack behavior.

关 键 词：SITUATION awareness stochastic game cloud computing virtual machine INTROSPECTION CYBER THREAT INTELLIGENCE NASH equilibrium 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]