| ¡¡ | Chinese Journal of Computers Full Text |
| Title | A Network Security Situational Awareness Model Based on Log Audit and Performance Correction |
| Authors | WEI Yong1),2) LIAN Yi-Feng2) |
| Address | 1)(Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei 230027) 2)(State Key Laboratory of Information Security£¬ Institute of Software, Chinese Academy of Sciences, Beijing 100190) |
| Year | 2009 |
| Issue | No.4(763¡ª772) |
| Abstract & Background | Abstract This paper analyzes and compares the existing situational awareness methods and proposes a network security situational awareness model based on log audit and performance correction algorithm. First, nodes theoretic security threat is got by log audit and the value of nodes security situation is computed by performance correction algorithm. Then the value of network security situation is computed using service information, the future threat is predicted by several prediction models, and the Security Situational Graph(SSG) is drawn. Finally an example is given to validate the network security situational awareness model and algorithm by simulation software. The example proves that the model is more effective and accurate to reflect the network security situational and its trends than traditional methods. Keywords security situational awareness; log audit; performance correction; security situational graph; predict Background As a result of the wider application of computer network, network security gets more and more attention. Security situational awareness is a hot topic in network security. There are many works on situational awareness modeling and quantitatively analyzing, but they have some shortcomings such as lacking for security factors, inaccurate quantitative analysis, with out forecasting, and so on. In this paper, a new network security situational awareness model based on log and performance correction algorithm is proposed. First, nodes theoretic security threat is got by log audit and the value of nodes security situational is computed by performance correction algorithm. Then the value of network security situational is computed using service information, the future threat by several prediction models is predicted, and the Security Situational Graph is drawn. This model is more effective and accurate to reflect the network security situational and its trends than traditional methods through the example. This research work is a part of research plan on security model and key technology of distributed computing. The plan is to establish security policy framework of distributed computing, research network vulnerability assessment model and security situational awareness model. The security model, vulnerability assessment model and security situational awareness model can help network administrators to comprehend the overall network security and execute some security policies to improve network security. This research work is supported by the National High Technology Research and Development Program (863 Program) of China under grant Nos.2006AA01Z437, 2007AA01Z475, 2006AA01Z412, 2006AA01Z433. |