网络安全态势感知分析框架与实现方法比较

doi:10.3969/j.issn.0372-2112.2019.04.021

摘要/Abstract

摘要： 信息技术已经深入到全社会政治、经济、文化的方方面面，信息革命改变了全世界的沟通方式，促使人类社会有了巨大的发展，也使网络安全问题受到了前所未有的关注.针对网络安全问题的研究主要经历了理想化设计保证安全、辅助检测被动防御、主动分析制定策略、全面感知预测趋势4个主要阶段，在各国都在争夺数字控制权的新战略制高点背景下，针对网络安全态势感知的探讨无论是在学术研究上还是在产业化实现上都呈现出了全新的特点.本文对网络安全态势感知进行了尽可能详尽的文献调研，首先介绍了国内外研究现状及网络安全态势感知与传统态势感知之间的区别与联系；然后从数据价值链角度提出了网络安全态势感知的逻辑分析框架，将整个过程分解为要素采集、模型表示、度量确立、求解分析和态势预测五个连续的处理阶段，随后对每个阶段的作用，主流的方法进行了阐述，并对在实验对象上的应用结果以及方法间的横向比较进行了说明.本文意图对网络安全态势感知提供全景知识，为网络安全的产业化方案提供辅助思想，希望能够对此领域的科研和工程人员起到参考作用.

关键词: 网络安全, 网络态势感知, 攻击模型, 入侵检测, 数据融合分析

Abstract: Information technology has penetrated into all aspects of politics,economy and culture in the whole society.The information revolution has changed the way of communication all over the world,promoted the development of human society,and made the problem of network security get unprecedented attention.The research on network security has mainly experienced 4 main stages:idealized design ensures safety,passive defense after auxiliary detection,actively analyze and formulate security strategies,forecast trend after comprehensive perception.Under the background of the new strategic commanding point for the power of digital control in all countries,the research on the Cyber Security Situation Awareness Analysis (CSSA) has presented new features in both academic research and industrialization.This paper makes a detailed literature survey on CSSA.First,it introduces the status of the research and the difference and connection between CSSA and traditional awareness analysis.Then the logical analysis framework of CSSA is proposed from the perspective of data value chain.The whole process is decomposed into five continuous stages of processing,including factor collection,model representation,measurement establishment,solution analysis and situation prediction.After that,the role and the mainstream method of each stage are expounded,and the application results on the experimental object and the horizontal comparison between the methods are explained.The purpose of this paper is to provide a panoramic knowledge of CSSA,and to provide an auxiliary idea for the network security industrialization scheme,and hope that it can serve as a reference for scientific research and engineering personnel in this field.

Key words: network security, network situation awareness, attack model, intrusion detection, data fusion analysis

中图分类号:

TN915.08

李艳, 王纯子, 黄光球, 赵旭, 张斌, 李盈超. 网络安全态势感知分析框架与实现方法比较[J]. 电子学报, 2019, 47(4): 927-945.

LI Yan, WANG Chun-zi, HUANG Guang-qiu, ZHAO Xu, ZHANG Bin, LI Ying-chao. A Survey of Architecture and Implementation Method on Cyber Security Situation Awareness Analysis[J]. Acta Electronica Sinica, 2019, 47(4): 927-945.

参考文献

[1] Miller B P.Fuzz-revisited:A re-examination of the reliability of UNIX utilities and services[J/OL].ftp://grilled.cs.wisc.edu/technical_papers/fuzz-revisited.ps.Z,2001.
[2] Smaha S E.Haystack:an intrusion detection system[A].Aerospace Computer Security Applications Conference[C].US:IEEE,2002.37-44.
[3] Anderson J P.Computer security threat monitoring and surveillance[A].James P Anderson Co Fort[C].Washington,1980.26-32.
[4] Phillips C,Swiler L P.A graph-based system for network-vulnerability analysis[A].The Workshop on New Security Paradigms[C].US:IEEE,1998.71-79.
[5] Ritchey R W,Ammann P.Using model checking to analyze network vulnerabilities[A].Proceedings of IEEE Symposium on Security and Privacy[C].IEEE,2000.156-165.
[6] Bass T.Multisensor data fusion for next generation distributed intrusion detection systems[A].Proceedings of the Iris National Symposium on Sensor & Data Fusion[C].US:Hopkins University Applied Physics Laboratory,1999.24-27.
[7] Mcdermott J.Attack-potential-based survivability modeling for high-consequence systems[A].IEEE International Workshop on Information Assurance[C].US:IEEE Computer Society,2005.119-130.
[8] Wang Yuanzhuo,Lin Chuang,Cheng Xueqi,et al.Analysis for network attack-defense based on stochastic game model[J].Chinese Journal of Computers,2010,33(33):1748-1762.
[9] Poolsappasit N,Dewri R,Ray I.Dynamic security risk management using Bayesian attack graphs[J].Dependable and Secure Computing,2012,9(1):61-74.
[10] Theureau J.Nuclear reactor control room simulators:human factors research and development[J].Cognition Technology & Work,2000,2(2):97-105.
[11] Endsley M R.Design and evaluation for situation awareness enhancement[J].Proceedings of the Human Factors & Ergonomics Society Annual Meeting,1988,32(1):97-101.
[12] Endsley M R.Toward a theory of situation awareness in dynamic systems[J].Human Factors,1995,37(1):32-64.
[13] Endsley M R,Garland D J.Situation Awareness:Analysis and Measurement[M].Lawrence Erlbaum Associates,2000.1740-1741.
[14] Tadda G P,Salerno J S.Overview of Cyber Situation Awareness.Cyber Situational Awareness[M].Springer US,2010.15-35.
[15] Kopylec J,D'Amico A,Goodall J.Visualizing Cascading Failures in Critical Cyber Infrastructures.Critical Infrastructure Protection[M].US:Springer,2007.351-364.
[16] Goodall J R.Introduction to Visualization for Computer Security[A].The Workshop on Vizsec[C].DBLP,2008.1-17.
[17] Jajodia S,Liu P,Swarup V,et al.Cyber Situational Awareness[M].Springer US,2010.132(2):1-4.
[18] Giacobe N A.Application of the JDL data fusion process model for cyber security[J].Proc Spie,2010,7710(5):1-10.
[19] Klein G,Tolle J,Martini P.From detection to reaction-A holistic approach to cyber defense[A].Defense Science Research Conference and Expo[C].US:IEEE,2011.1-4.
[20] Schreiber-Ehle S,Koch W.The JDL model of data fusion applied to cyber defense-A review paper[A].Sensor Data Fusion:Trends,Solutions,Applications[C].US:IEEE,2012.116-119.
[21] Manuel Cheminod,Luca Durante,Adriano Valenzano.Review of Security Issues in Industrial Networks[J].IEEE Transactions on Industrial Informatics,2013,9(1):277-293.
[22] Franke U,Brynielsson J.Cyber situational awareness-A systematic review of the literature[J].Computers & Security,2014,46:18-31.
[23] Lenders V,Tanner A,Blarer A.Gaining an edge in cyberspace with advanced situational awareness[J].IEEE Security & Privacy,2015,13(2):65-74.
[24] Mukherjee B,Heberlein L T.Network Intrusion Detection[M].US:IEEE Network,1994.26-41.
[25] Stevens-Adams S,Carbajal A,Silva A,et al.Enhanced Training for Cyber Situational Awareness.Foundations of Augmented Cognition[M].Berlin Heidelberg:Springer,2013.90-99.
[26] Roschke S,Cheng F,Meinel C.High-quality attack graph-based IDS correlation[J].Logic Journal of the Igpl,2013,21(4):571-591.
[27] Liang X,Xiao Y.Gametheory for network security[J].IEEE Communications Surveys & Tutorials,2013,15(1):472-486.
[28] Sanfilippo F.A multi-sensor fusion framework for improving situational awareness in demanding maritime training[J].Reliability Engineering & System Safety,2017,161:12-24.
[29] Adhikari U,Morris T H,Dahal N,et al.Development of power system test bed for data mining of synchrophasors data,cyber-attack and relay testing in RTDS[A].Power and Energy Society General Meeting[C].US:IEEE,2012.1-7.
[30] Hinman M L.Some computational approaches for situation assessment and impact assessment[A].International Conference on Information Fusion[C].US:IEEE,2002.687-693.
[31] Ammann P,Wijesekera D,Kaushik S.Scalable,graph-based network vulnerability analysis[A].ACM Conference on Computer and Communications Security 2002[C].Washington DC:DBLP,2002.217-224.
[32] Dietterich T G,Bao X,Keiser V,et al.Machine Learning Methods for High Level Cyber Situation Awareness.Cyber Situational Awareness[M].US:Springer,2010.227-247.
[33] Dapoigny,Richard,Barlatier,et al.Formal foundations for situation awareness based on dependent type theory[J].Information Fusion,2013,14(1):87-107.
[34] Paffenroth R,Toit P D,Nong R,et al.Space-time signal processing for distributed pattern detection in sensor networks[J].IEEE Journal of Selected Topics in Signal Processing,2013,7(1):38-49.
[35] Mathews M L,Halvorsen P,Joshi A,et al.A collaborative approach to situational awareness for cybersecurity[A].International Conference on Collaborative Computing:Networking,Applications and Worksharing[C].US:IEEE,2012.216-222.
[36] Bearavolu R,Lakkaraju K,Yurcik W.NVisionIP:An animated state analysis tool for visualizing netFlows[EB/OL].http://www.cert.org/flocon/2005/presentations/NVisionIPFlocon2005.pdf,2005.
[37] Yin X,Yurcik W,Slagell A.The design of VisFlowConnect-IP:A link analysis system for IP security situational awareness[A].IEEE International Workshop on Information Assurance[C].US:IEEE,2005.141-153.
[38] Zhenmin Li,Jed Taylor,Elizabeth Partridge,et al.UCLog:A unified,correlated logging architecture for intrusion detection[J].Telecommunication Systems-TELSYS,2004.12-27.
[39] Ross K J,Hopkinson K M,Pachter M.Using a distributed agent-based communication enabled special protection system to enhance smart grid security[J].IEEE Transactions on Smart Grid,2013,4(2):1216-1224.
[40] Giles K,Hagestad W.Divided by a common language:Cyber definitions in Chinese,Russian and English[A].International Conference on Cyber Conflict[C].US:IEEE,2013.1-17.
[41] Adam Doupé,Egele M,Caillat B,et al.Hit'em where it hurts:a live security exercise on cyber situational awareness[A].Twenty-Seventh Computer Security Applications Conference[C].Orlando,Fl,USA:DBLP,2011.51-61.
[42] Fink G,Best D,Manz D,et al.Gamification for Measuring Cyber Security Situational Awareness.Foundations of Augmented Cognition[M].Berlin Heidelberg:Springer,2013.656-665.
[43] Klein G,Günther H,Träber S.Modularizing cyber defense situational awareness-Technical integration before human understanding[J].Communications in Computer & Information Science,2012,318:307-310.
[44] D'Amico A,Whitley K.The real work of computer network defense analysts[A].The Workshop on Vizsec[C].US:DBLP,2008.19-37.
[45] Erbacher R F,Frincke D A,Wong P C,et al.A multi-phase network situational awareness cognitive task analysis[J].Information Visualization,2010,9(3):204-219.
[46] Ralston P A,Graham J H,Hieb J L.Cyber security risk assessment for SCADA and DCS networks[J].Isa Transactions,2007,46(4):583-594.
[47] Kirillov I A,Metcherin S A,Klimenko S V.Metamodel of shared situation awareness for resilience management of built environment[A].International Conference on Cyberworlds[C].US:IEEE,2012.137-143.
[48] Adams K,Wassell A,Ceruti M G,et al.Emergency-management situational-awareness prototype (EMSAP)[A].IEEE First International Multi-disciplinary Conference on Cognitive Methods in Situation Awareness & Decision Support[C].US:IEEE,2011.110-114.
[49] Liu XW,Wang HQ,Lü HW,Yu JG,Zhang SW.Fusion-based cognitive awareness-control model for network security situation[J].Journal of Software,2016,27(8):2099-2114.(in Chinese)
[50] Gong J,Zang XD,Su Q,Hu XY,Xu J.Survey of network security situation awareness[J].Journal of Software,2017,28(4):1010-1026.(in Chinese)
[51] Shen Changxiang,Zhang Huanguo,Feng Dengguo,Cao Zhenfu,Huang Jiwu.Overview of information security[J].SCIENCE IN CHINA Ser E Information Sciences,2007,37(2):129-150.(in Chinese)
[52] Liu J,Su P,Yang M,He L,Zhang Y,Zhu XY,Lin H.Software and Cyber Security-A Survey[J].Journal of Software,2018,29(1):42-68.(in Chinese)
[53] Jian-chun Jiang,Heng-tai Ma,Dang-en Ren,Si-han Qing.A survey of intrusion detection research on network security[J].Journal of Software,2000,11(11):1460-1466.(in Chinese)
[54] Ying-xu LAI,Zeng-hui LIU,Xiao-tian CAI,Kai-xiang YANG.Research on intrusion detection of industrial control system[J].Journal of Communications,2017,38(2):143-156.(in Chinese)
[55] Lin Chuang,Wang Yang,Li Quanlin.Stochastic modeling and evaluation for network security[J].Chinese Journal of Computers,2005,28(12):1943-1956.(in Chinese)
[56] Wang HQ,Lai JB,Zhu L,Liang Y.Survey of network situation awareness system[J].Journal of Computer Science,2006,33(10):5-10.(in Chinese)
[57] Gong ZH,Zhuo Y.Research on cyberspace situational awareness[J].Journal of Software,2010,21(7):1605-1619.(in Chinese)
[58] Chen XZ,Zheng QH,Guan XH,Lin CG.Quantitative hierarchical threat evaluation model for network security[J].Journal of Software,2006,17(4):885-897.(in Chinese)
[59] HU Hao,YE Run-guo,ZHANG Hong-qi,YANG Ying-jie,LIU Yu-ling.Quantitative method for network security situation based on attack prediction[J].Journal on Communications,2017,38(10):122-134.(in Chinese)
[60] Lei Kenan,Zhang Yuqing,Wu Chensi,Ma Hua.A system for scoring the exploitability of vulnerability based types[J].Journal of Computer Research and Development,2017,54(10):2296-2309.(in Chinese)
[61] Jiang Wei,Fang Bin-Xing,Zhang Hong-Li.Evaluating network security and optimal active defense based on attack-defense game model[J].Chinese Journal of Computers,2009,4(1):817-827.(in Chinese)
[62] Ye Yun,Xu Xi-shan,Jia Yan.An attack graph based probabilistic computing approach of network security[J].Chinese Journal of Computers,2010,33(10):1987-1996.(in Chinese)
[63] Di Wu,Yi-feng Lian,Kai Chen,Yu-ling Liu.A security threats identification and analysis method based on attack graph[J].Chinese Journal of Computers,2012,35(9):1938-1950.(in Chinese)
[64] Zhang YZ,Fang BX,Chi Y,Yun XC.Risk propagation model for assessing network information systems[J].Journal of Software,2007,18(1):137-145.(in Chinese)
[65] Tang Chenghua,Liu Pengcheng,Tang Shensheng,Xie Yi.Anomaly intrusion behavior detection based on fuzzy clustering and features selection[J].Journal of Computer Research and Development,2015,52(3):718-728.(in Chinese)
[66] Wei Yong,Lian Yifeng,Feng Dengguo.A network security situational awareness model based on information fusion[J].Journal of Computer Research and Development,2009,46(3):353-362.(in Chinese)
[67] YAN Feng,LIU Shu-fen,LENG Huang.Study on analysis of attack graphs based on conversion[J].Acta Electronica Sinica,2014,42(12):2477-2480.(in Chinese)
[68] Ma Chunguang,Wang Chenghong,Zhang Donghong,Li Yingtao.A dynamic network risk assessment model based on attacker's inclination[J].Journal of Computer Research and Development,2015,52(9):2056-2068.(in Chinese)
[69] Shahriari H R,Jalili R.Vulnerability take grant (VTG):An efficient approach to analyze network vulnerabilities[J].Computers & Security,2007,26(5):349-360.
[70] Tianfield H.Cybersecurity situational awareness[A].IEEE International Conference on Internet of Things[C].IEEE,2017.782-787.
[71] CHEN Xiao-Jun,FANG Bin-Xing,TAN Qing-Feng,ZHANG Hao-Liang.Inferring attack intent of malicious insider based on probabilistic attack graph model[J].Chinese Journal of Computers,2014,37(1):62-72.(in Chinese)
[72] Cisco.OpenSOC:Big data security analytics framework[EB/OL].http://opensoc.github.io/,2017-03-20.
[73] Zhang SJ,Li JH,Song SS,Li L,Chen XZ.Using Bayesian inference for computing attack graph node beliefs[J].Journal of Software,2010,21(9):2376-2386.(in Chinese)
[74] Ye Yun,Xu Xishan,Qi Zhichang,et al.Attack graph generation algorithm for large-scale network system[J].Journal of Computer Research and Development,2013,10:2033-2139.(in Chinese)
[75] Zhang Y,Tan XB,Cui XL,Xi HS.Network security situation awareness approach based on Markov game model[J].Journal of Software,2011,22(3):495-508.(in Chinese)
[76] Wang Lingyu,Noel S,Jajodia S.Minimum cost network hardening using attack graphs[J].Computer Communications,2006,29(18):3812-3824.
[77] Feng Xuewei,Wang Dongxia,Huang Minhuan,Li Jin.A mining approach for causal knowledge in alert correlating based on the Markov property[J].Journal of Computer Research and Development,2014,51(11):2493-2504.(in Chinese)
[78] Wang Jinrong,Fang Dingyi,Chen Xiaojiang,Wang Huaijun,He Lu.Taxonomy of software attack technique oriented to automated modeling[J].Journal of Sichuan University:Engineer Science Edition,2015,47(Z1):91-98.(in Chinese)
[79] J Christy.Cyber threat & legal issues[A].Shadowcon Conference[C].USA:1999.29-50.
[80] CVSS.Common Vulnerability Scoring System[EB/OL].http://nvd.nist.gov/cvss.cfm,2008-01-01.
[81] HUANG Jia-Hui,FENG Dong-Qin,WANG Hong-Jian.A method for quantifying vulnerability of industrial control system based on attack graph[J].Acta Automatica Sinica,2016,42(5):792-798.
[82] WANG Yufei,GAO Kunlun,ZHAO Ting,QIU Jian.Assessing the harmfulness of cascading failures across space in electric cyber-physical system based on improved attack graph[J].Proceedings of the CSEE,2016,36(6):1490-1499.
[83] LI Min-zheng,LAN Jian-ping.Smart home intrusion detection algorithm based on spatial-temporal field information fusion[J].Journal of Beijing University of Posts & Telecommunications,2017,40(3):76-84.
[84] Wang Yichuan,Ma Jianfeng,Lu Di,Zhang Liumei,Meng Xianjia.Game optimization for internal DDoS attack detection in cloud computing[J].Journal of Computer Research and Development,2015,52(8):1873-1882.(in Chinese)
[85] Ni Gao,Ling Gao,Yue-yi He.Dynamic security risk assessment model based on Bayesian attack graph[J].Journal of Sichuan University:Engineering Science Edition,2016,48(1):111-118.(in Chinese)
[86] Wang L,Wang B,Peng Y.Research the information security risk assessment technique based on Bayesian network[A].International Conference on Advanced Computer Theory and Engineering[C].US:IEEE,2010.600-604.
[87] Liao Y T,Ma C B,Zhang C.A new fuzzy risk assessment method for the network security based on fuzzy similarity measure[A].The 6th World Congress on Intelligent Control and Automation[C].US:IEEE,2006.8486-8490.
[88] Chen T P,Zhang X Y,Zheng L Q.Network security risk assessment based on fuzzy integrated judgment[J].Journal of Naval University of Engineering,2009:38-41.
[89] Zhao L,Xue Z.Synthetic security assessment based on variable consistency dominance-based rough set approach[J].High Technology Letters,2010,16(4):413-421.
[90] Kong L S,Ren X F,Fan Y J.Study on assessment method for computer network security based on rough set[A].IEEE International Conference on Intelligent Computing and Intelligent Systems[C].US:IEEE,2009.617-621.
[91] Feng PH,Lian YF,Dai YX,Bao XH.A vulnerability model of distributed systems based on reliability theory[J].Journal of Software,2006,17(7):1633-1640.(in Chinese)
[92] Li Yan,Huang Guangqiu,Cao Lixia.The probability controllability of complex network via attack[J].Journal of Frontiers of Computer Science & Technology,2016,10(10):1407-1419.
[93] Scheier B.Attack trees:modeling security threats[J].Dr Dobb's Journal,1999,12(24):21-29.
[94] Sheyner O,Haines J,Jha S.Automated generation and analysis of attack graphs[A].Proceedings of the IEEE Symposium on Security and Privacy[C].Oakland:IEEE Computer Society Press,2002.273-284.
[95] Swiler LP,Phillips C,Ellis D,Chakerian S.Computer attack graph generation tool[A].Proceedings of the DARPA Information Survivability Conference and Exposition Ⅱ[C].Anaheim,CA,2001.307-321.
[96] Ingols K,Chu M,Lippmann R,Webster S,Boyer S.Modeling modern network attacks and counter measures using attack graphs[A].Proceedings of the 25^th Annual Computer Security Applications Conference[C].Honolulu,Hawaii,USA,2009.117-126.
[97] Liu Weixin,Zeng Kangfeng,Wu Bin.Alert processing based on attack graph and multi-source analyzing[J].Journal on Communications,2015,36(9):135-144.(in Chinese)
[98] Dacier M.Towards Quantitative Evaluation of Computer Security[D].Institut National Polytechnique de Toulouse,France,1994.
[99] Ortalo R,Deswarte Y,Kaaniche M.Experimenting with quantitative evaluation tools for monitoring operational security[J].IEEE Transactions on Software Engineering,1999,25(5):633-650.
[100] Porras P A,Kemmerer R.A penetration state transition analysis:a rule-based intrusion detection approach[A].Proceedings of the Eighth Annual Computer Security Applications Conference[C].US:IEEE,1992.220-229.
[101] Stevens F,Courtney T,Singh S,Agbaria A,Meyer JF,Sanders WH,Pal P.Model-based validation of an intrusion-tolerant information system[A].Proceedings of 23rd Symposium on Reliable Distributed Systems(SRDS 2004)[C].Florianópolis,Brazil,2004.184-194.
[102] Madan B,Go eva-Popstojanova K,Vaidyanathan K,Trivedi KS.A method for modeling and quantifying the security attributes of intrusion tolerant systems[J].Performance Evaluation,2004,56(1-4):167-186.
[103] Gao Xiang,Zhu Yue-fei,Liu Sheng-li.Attack composition model based on generalized stochastic colored Petri nets[J].Journal of Electronics & Information Technology,2013,35(11):2608-2614.(in Chinese)
[104] LIN Chuang,WANG Yuan-zhuo,YANG Yang,QU Yang.Research on network dependability analysis methods based on stochastic Petri net[J].Acta Electronica Sinica,2006,34(2):322-332.(in Chinese)
[105] GAO Xiang,ZHU Yue-fei,LIU Sheng-li,FEI Jin-long,LIU Long.Risk assessment model based on fuzzy Petri nets[J].Journal on Communications,2013,(s1):126-132.(in Chinese)
[106] ANDERSON R.Why information security is hard-an economic perspective[A].Proceedings of 17th Annual Computer Security Application Conference[C].Washington,DC,USA:IEEE Computer Society,2001.39-40.
[107] REDDY Y B.A game theory approach to detect malicious nodes in wireless sensor networks[A].3rd International Conference on Sensor Technologies and Application[C].Washington,DC:IEEE Computer Society,2009.462-468.
[108] SHEN S G,LI Y J,XU H Y.Signaling game based strategy of intrusion detection in wireless sensor networks[J].Computers & Mathematics with Applications,2011,62(6):2404-2416.
[109] Jia Chunfu,Zhong Anming,Zhang Wei,Ma Yong.Incomplete informational and dynamic game model in network security[J].Journal of Computer Research and Development,2006,43(s2):530-533.(in Chinese)
[110] ZHU Jian-ming,SONG Biao,HUANG Qi-fa.Evolution game model of offense-defense for network security based on system dynamics[J].Journal on Communications,2014,35(1):54-61.(in Chinese)
[111] Ran J X,Xiao B.Risk evaluation of network security based on NLPCA-RBF neural network[A].International Conference on Multimedia Information Networking and Security[C].US:IEEE,2010.398-402.
[112] Liang Y,Wang H Q,Lai J B.Quantification of network security situational awareness based on evolutionary neural network[A].The 6th International Conference on Machine Learning and Cybernetics[C].US:IEEE,2007.3267-3272.
[113] Wang G,Hao J,Ma J,et al.A new approach to intrusion detection using artificial neural networks and fuzzy clustering[J].Expert Systems with Applications,2010,37(9):6225-6232.
[114] Gao Ni,Gao Ling,He Yiyue.A lightweight intrusion detection model based on autoencoder network with feature reduction[J].Acta Electronica Sinica,2017,45(3):730-739.(in Chinese)
[115] S A Hofmeyr,S Forrest.Architecture for an artificial immune system[J].Evolutionary Computation,2000,7(1):45-68.
[116] J Kim,J B Peter.Towards network intrusion detection:artificial immune system for investigation of dynamic clone selection[A].Proceedings of the World Congress on Computational Intelligence[C].Piscataway:IEEE Press,2002.1015-1020.
[117] Li Tao.Network security risk detection based on immune[J].SCIENCE IN CHINA Ser E Information Sciences,2005,35(8):798-816.
[118] Li Tao.An immune based model for network monitoring[J].Chinese Journal of Computers,2006,29(9):1515-1522.
[119] Fangfang Dai,Kangfeng Zheng,Shoushan Luo,Bin Wu.Towards a multi objective framework for evaluating network security under exploit attacks[A].Proc of 2015 IEEE International Conference on Communications[C].New York:IEEE Press,2015.8814-8819.
[120] Zhang J,Liu F,Han W,et al.Research and implement of configurable network security index system[A].International Conference on Applied Robotics for the Power Industry[C].US:IEEE,2012.645-648.
[121] Zhang Y Z,Yun X C.Network operation security index classification model with multidimensional attributes[J].Chinese Journal of Computers,2012,35(8):1666-1674.(in Chinese)
[122] Bao XH,Dai YX,Feng PH,Zhu PF,Wei J.A detection and forecast algorithm for multi-step attack based on intrusion intention[J].Journal of Software,2005,16(12):2132-2138.(in Chinese)
[123] Ilgun K,Kemmerer RA,Porras PA.State transition analysis:A rule-based intrusion detection approach[J].IEEE Trans on Software Engineering,1995,21(3):181-199.
[124] Shifflet J.A technique independent fusion model for network intrusion detection[A].Proceedings of the Midstates Conference on Undergraduate Research in Computer Science and Mathematics[C].IEEE,2005,3(1):13-19.
[125] REN Wei-wu,HU Liang,ZHAO Kuo.Intrusion alert correlation model based on data mining and ontology[J].Journal of Jilin University (Engineering Science),2015,45(3):899-906.
[126] Fu X,Shi J,Xie L.Layered intrusion scenario reconstruction method for automated evidence analysis[J].Journal of Software,2011,22(5):996-1008.(in Chinese)
[127] LUO Zhi-yong,YOU Bo,XU Jia-zhong,LIANG Yong.Automatic recognition model of intrusive intention based on three layers attack graph[J].Journal of Jilin University (Engineering Science),2014,44(5):1392-1397.
[128] Keim D,Konlhammer J,Ellis G,Mansmann F.Mastering the information age:Solving problems with visual analytics[J].Goslar:Eruographics Association,2010.1-168.
[129] Phan D,Gerth J,Lee M,Paepcke A,Winograd T.Visual analysis of network f low data with timelines and event plots[A].Viz SEC 2007[C].GER:Springer,2008.85-99.
[130] Tamassia R,Palazzi B,Papamanthou C.Graph drawing for security visualization[A].Graph Drawing[C].GER:Springer,2009.2-13.
[131] YE Yun,XU Xi-shan,JIA Yan,QI Zhi-chang,CHENG Wen-cong.Research on the risk adjacency matrix based on attack graphs[J].Journal on Communications,2011,32(5):112-120.
[132] Erbacher R.Visualization design for immediate high-level situational assessment[A].ACM International Conference Proceeding Series[C].US:IEEE,2012.17-24.
[133] Wang Shuzhen,Zhang Zonghua,Youki Kadobayashi.Exploring attack graph for cost-benefit security hardening[J].Computers & Security,2013,32:158-169.
[134] Steven Noel,Sushil Jajodia,O'Berry B,et al.Efficient minimum-cost network hardening via exploit dependency graphs[A].Proc of the 2003 Annual Computer Security Applications Conference[C].New Jersey:IEEE Press,2003.86-95.
[135] Sushil Jajodia,Steven Noel.Topological vulnerability analysis:a powerful new approach for network attack prevention,detection,and response[J].Algorithms,Architectures and Information Systems Security,Indian Institute Platium Jubilee Series,2009:285-305.
[136] Ingols K,Chu M,Lippmann R,et al.Modeling modern network attacks and countermeasures using attack graphs[A].Proc of the 2009 Annual Computer Security Applications Conference[C].New Jersey:IEEE Press,2009.117-126.
[137] Frigault M,Wang L Y,Singhal A,Jajodia S.Measuring network security using dynamic Bayesian network[A].Proceedings of the 4th ACM Workshop on Quality of Protection[C].US:IEEE,2008.23-30.
[138] Rinku Dewri,Indrajit Ray,Nayot Poolsappasit,et al.Optimal security hardening on attack tree models of networks:a cost-benefit analysis[J].International Journal of Information Security,2012,11(3):167-188.