网络态势感知研究

微信服务号

微信订阅号

2025年8月19日 5:51 星期二

首页 > 过刊浏览>2010年第21卷第7期 >1605-1619

网络态势感知研究
DOI:
                        
                    
CSTR:
                        
                    
作者:
                        龚正虎龚正虎
国防科学技术大学 计算机学院,湖南 长沙 410073
在期刊界中查找
在百度中查找
在本站中查找
卓 莹卓 莹

在期刊界中查找
在百度中查找
在本站中查找

                    
作者单位:
作者简介:
通讯作者:
中图分类号:
基金项目:Supported by the National Basic Research Program of China under Grant No.2009CB320503 (国家重点基础研究发展计划(973)); the National High-Tech Research and Development Plan of China under Grant No.2008AA01A325 (国家高技术研究发展计划(863))

Research on Cyberspace Situational Awareness

Author:

GONG Zheng-Hu
GONG Zheng-Hu

在期刊界中查找
在百度中查找
在本站中查找
ZHUO Ying
ZHUO Ying

在期刊界中查找
在百度中查找
在本站中查找

Affiliation:

Fund Project:

摘要

图/表

访问统计

参考文献 [71]

相似文献

引证文献

资源附件

文章评论

摘要:

随着Internet规模的迅速扩大,复杂性和不确定性也随之增加,基于融合的网络态势感知必将成为网络管理的发展方向.在分析现有网络管理不足以及发展需求的基础上,介绍了网络态势感知的起源、概念、目标和特点.首先,提出了一个网络态势感知研究框架,介绍了研究历程,指出了研究重点以及存在的问题,并将现有评估方法分为3类:基于数学模型的方法、基于知识推理的方法、基于模式识别的方法.然后详细讨论了模型、知识表示和评估方法这3方面的研究内容,总结存在的共性问题,着重评价了每种评估方法的基本思路、评估过程和优缺点,并进行了对比分析.随后介绍了网络态势感知在安全、传输、生存性、系统评价等领域的应用研究.最后指出了网络态势感知的发展方向,并从问题体系、技术体系和应用体系3方面作了总结.

关键词:网络态势感知;数据融合;模型;知识表示;评估方法

Abstract:

The rapid development of Internet leads to an increase in system complexity and uncertainty. Traditional network management can not meet the requirement, and it shall evolve to fusion based Cyberspace Situational Awareness (CSA). Based on the analysis of function shortage and development requirement, this paper introduces CSA as well as its origin, conception, objective and characteristics. Firstly, a CSA research framework is proposed and the research history is investigated, based on which the main aspects and the existing issues of the research are analyzed. Meanwhile, assessment methods are divided into three categories: Mathematics model, knowledge reasoning and pattern recognition. Then, this paper discusses CSA from three aspects: Model, knowledge representation and assessment methods, and then goes into detail about main idea, assessment process, merits and shortcomings of novel methods. Many typical methods are compared. The current application research of CSA in the fields of security, transmission, survivable, system evaluation and so on is presented. Finally, this paper points the development directions of CSA and offers the conclusions from issue system, technical system and application system.

Key words:cyberspace situational awareness; data fusion; model; knowledge representation; assessment method

参考文献

[1] Bass T. Multisensor data fusion for next generation distributed intrusion detection systems. In: Proc. of the ’99 IRIS National Symp. on Sensor and Data Fusion. Laurel, 1999. 24?27. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.51.1753&rep=rep1& type=ps

[2] Bass T. Intrusion systems and multisensor data fusion. Communications of the ACM, 2000,43(4):99?105. [doi: 10.1145/ 332051.332079]

[3] Wang J, Zhang FL, Fu C, Chen LS. Study on index system in network situation awareness. Computer Applications, 2007,27(8): 1907?1909 (in Chinese with English abstract).

[4] Ticha B, Ranchin T. A case based reasoning data fusion scheme: Application to offshore wind energy resource mapping. In: Proc. of the Int’l Conf. on Information Fusion (FUSION). 2006. 1?5. http://ieeexplore.ieee.org/

[5] Gad A, Farooq M. Data fusion architecture for maritime surveillance. In: Proc. of the Int’l Society on Information Fusion (ISIF). 2002. 448?455. http://www.isif.org/fusion/proceedings/fusion02CD/pdffiles/papers/M4D03.pd

[6] Kadar I. Knowledge representation issues in perceptual reasoning managed situation assessment. In: Proc. of the FUSION. 2005. 13?15. http://ieeexplore.ieee.org/

[7] Hall D, Llinas J. An introduction to multisensor data fusion. Proceedings of the IEEE, 1997,85(1):6?23.

[8] Blasch E, Plano S. JDL level 5 fusion model “user refinement” issues and applications in group tracking. In: Proc. of the Signal Processing, Sensor Fusion, and Target Recognition XI, SPIE Vol.4729. 2002. 270?279. http://erikblasch.tripod.com/ UserRefineGroupTracking.pdf

[9] Blasch E, Plano S. DFIG level 5 issues supporting situational assessment reasoning. In: Proc. of the FUSION. 2005. 35?43. http://ieeexplore.ieee.org/

[10] Endsley M. Situayion awareness global assessment technique (SAGAT). In: Proc. of the IEEE ’88 National Aerospace and Electronics Conf. (NAECON). 1988. 789?795. http://www.satechnologies.com/services/measurement/SAGAT/

[11] Salerno J, Hinman M, Boulware D. Building a framework for situation awareness. In: Proc. of the FUSION. Stockholm, 2004. 1?8. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.63.1633&rep=rep1&type=pdf

[12] Tadda G, Salerno J, Boulwarea D, Hinmana M, Gorton S. Realizing situation awareness in a cyber environment. In: Multisensor BV, ed. Proc. of the Multisource Information Fusion, SPIE Vol.6242. 2006. 1?8. http://spiedl.aip.org/getabs/servlet/GetabsServlet? prog=normal&id=PSISDG006242000001624204000001&idtype=cvips&gifs=yes&ref=no

[13] Zhuo Y, Zhang Q, Gong ZH. Cyberspace situation representation based on niche theory. In: Proc. of the ICIA. Zhangjiajie, 2008. 1400?1405. http://ieeexplore.ieee.org/

[14] Klir G, Yuan B. Fuzzy Sets and Fuzzy Logic. New York: Prentice Hall, 1995.

[15] Chen LY, Huang J. Survey of research on measure of uncertainty. Journal of Circuits and Systems, 2004,9(3):105?111 (in Chinese with English abstract).

[16] Grenon P, Smith B. SNAP and SPAN: Towards dynamic spatial ontology. In: Proc. of the Spatial Cognition and Computation. 2003. 137?171. http://ontology.buffalo.edu/smith/articles/SNAP_SPAN.pdf

[17] Little E, Rogova G. Ontology meta-model for building a situational picture of catastrophic events. In: Proc. of the FUSION. 2005. 796?803. http://ieeexplore.ieee.org/

[18] Chen XZ, Zheng QH, Guan XH, Lin CG. Quantitative hierarchical threat evaluation model for network security. Journal of Software, 2006,17(4):885?897 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/17/885.htm [doi: 10.1360/ jos170885]

[19] Cai W. Extension Engineering Method. Beijing: Science Press, 1997 (in Chinese).

[20] Hinman M. Some computational approaches for situation assessment and impact assessment. In: Proc. of the ISIF. 2002. 687?693. http://ieeexplore.ieee.org/

[21] Jiang Y, Lin C, Wu JP. Integrated performance evaluation criteria for network traffic control. Chinese Journal of Computers, 2002, 25(8):869?877 (in Chinese with English abstract).

[22] Zhao KQ. Set Pair Analysis and Applications. Hangzhou: Science and Technology Press, 2000 (in Chinese).

[23] Das S, Lawless D, Ng B, Pfeffer A. Factored particle filtering for data fusion and situation assessment in urban environments. In: Proc. of the FUSION. 2005. 955?962. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.142.6057&rep=rep1&type=pd

[24] Zhang Y, Ji Q, Loonet C. Active information fusion for decision making under uncertainty. In: Proc. of the ISIF. 2002. 643?650. http://www.ecse.rpi.edu/homepages/qji/Papers/fusion02_zhang.pdf

[25] Mirmoeini F, Krishnamurthy V. Reconfigurable Bayesian networks for hierarchical multi-stage situation assessment in battlespace. In: Proc. of the 39th Asilomar Conf. on Signals, Systems and Computers. 2005. 104?108. http://ieeexplore.ieee.org/

[26] Shafer G. A Mathematical Theory of Evidence. Princeton: Princeton University Press, 1976.

[27] Xu XH, Liu ZL. A method for situation assessment based on D-S evidence theory. Electronics Optics &Control, 2005,12(5):36?37 (in Chinese with English abstract).

[28] Wei SZ, Zhao H, Wang G, Zhang XD. Situation assessment model of complex system and its implementation method based on ontology. Journal of System Simulation, 2005,17(5):1200?1202 (in Chinese with English abstract).

[29] Li WS, Wang BS. A synthetic method for situation assessment based on fuzzy logic and D-S evidential theory. Systems Engineering and Electronics, 2003,25(10):1278?1280 (in Chinese with English abstract).

[30] Deng JL. Gray Control System. Wuhan: Publishing House of Center-China University of Technology, 1985 (in Chinese).

[31] Pawlak Z. Rough Sets: Theoretical Aspects of Reasoning about Data. Boston: Kluwer Academic Publishers, 1991. 1?10.

[32] Wei SZ, Jin ND, Hui XJ, Liu H, Zhang XD. A situation assessment model and its application based on data mining. In: Proc. of the FUSION. 2006. 1?7. http://ieee-aess.org/isif/sites/default/files/proceedings/fusion06CD/Papers/322.pdf

[33] Zhuo Y, Zhang Q, Gong ZH. Network situation assessment based on RST. In: Proc. of the PACIIC. Wuhan, 2008. 502?506. http://ieeexplore.ieee.org/

[34] Lakhina A, Crovella M, Diot C. Mining anomalies using traffic feature distributions. In: Proc. of the ACM SIGCOMM. 2005. 217?228. http://www.sigcomm.org/sigcomm2005/paper-LakCro.pdf

[35] Wang H, Gong ZH. Algorithm based on entropy for finding critical traffic matrices. Journal of Software, 2009,20(5):1377?1383 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3308.htm [doi: 10.3724/SP.J.1001.2009.03308]

[36] Kosala R, Blocked H. Web mining research: A survey. ACM SIGKDD Explorations, 2000,2(1):1?15. [doi: 10.1145/ 360402.360406]

[37] Dhillon I, Guan Y, Kogan J. Iterative clustering of high dimensional text data augmented by local search. In: Proc. of the 2002 IEEE Int’l Conf. on Data Mining. 2002. 131?138. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.81.8317&rep= rep1&type=pdf

[38] Zhuo Y, Zhang Q, Gong ZH. Research and implementation of network transmission situation awareness. In: Proc. of the CSIE. Los Angeles, 2009. 210?214. http://ieeexplore.ieee.org/

[39] Sun JG, Liu J, Zhao LY. Clustering algorithms research. Journal of Software, 2008,19(1):48?61 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/19/48.htm [doi: 10.3724/ SP.J.1001.2008.00048]

[40] Bass T, Robichaux R. Defense-in-Depth revisited: Qualitative risk analysis methodology for complex network-centric operations. In: Proc. of the Communications for Network-Centric Operations: Creating the Information Force (MILCOM). IEEE, 2001. 64?70. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.65.5445&rep=rep1&type=pdf

[41] Wei Y, Lian YF, Feng GD. A network security situational awareness model based on information fusion. Journal of Computer Research and Development, 2009,46(3):353?362 (in Chinese with English abstract).

[42] Wei Y, Lian YF. A network security situational awareness model based on log audit and performance correction. Chinese Journal of Computers, 2009,32(4):763?772 (in Chinese with English abstract).

[43] Liu DP, Fei AG, Li G. Research on C4ISR information superiority measurement. Computer Simulation, 2007,24(6):27?30 (in Chinese with English abstract).

[44] Zhu L, Wang HQ, Zheng LJ. Survey of network security situation visualizations. 2006. http://www.paper.edu.cn

[45] Lau S. The spinning cube of potential doom. 2003. http://www.nersc.gov/nusers/security/TheSpinningCube.php

[46] Yang YH, Li XD. The study of a framework for IP network performance metrics. Journal on Communications, 2002,23(11):1?7 (in Chinese with English abstract).

[47] Lin C, Zhou WJ, Tian LQ. Research on performance evaluation criteria for IP network traffic control. ACTA Electronica Sinica, 2002,30(12A):1973?1977 (in Chinese with English abstract).

[48] Zhang DY, Hu MZ, Zhang HL. Study on network performance evaluation method based on measurement. Journal on Communications, 2006,27(10):74?79 (in Chinese with English abstract).

[49] Jiang XP. Design and realization of an integrated evaluation method of network performance. Journal of Naval University of Engineering, 2006,18(5):74?78 (in Chinese with English abstract).

[50] Blasch E, Pribilski M, Daughtery B, Roscoe B, Gunsett J. Fusion metrics for dynamic situation analysis. In: Kadar I, ed. Proc. of the Signal Processing, Sensor Fusion, and Target Recognition XIII, SPIE Vol.5429. Bellingham, 2004. 428?438. http://spiedl. aip.org/getabs/servlet/GetabsServlet?prog=normal&id=PSISDG005429000001000428000001&idtype=cvips&gifs=yes&ref=no

[51] Salernoa J, Blasch E, Hinmana M, Boulwarea D. Evaluating algorithmic techniques in supporting situation awareness. In: Multisensor BV, ed. Proc. of the Multisource Information Fusion: Architectures, Algorithms, and Applications 2005, SPIE Vol.5813. Bellingham, 2005. 96?104. http://adsabs.harvard.edu/abs/2005SPIE.5813...96S

附中文参考文献: [3] 王娟,张凤荔,傅翀,陈丽莎.网络态势感知中的指标体系研究.计算机应用,2007,27(8):1907?1909.

[15] 陈理渊,黄进.不确定度问题研究情况综述.电路与系统学报,2004,9(3):105?111.

[18] 陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报,2006,17(4):885?897. http://www.jos.org.cn/ 1000-9825/17/885.htm [doi: 10.1360/jos170885]

[19] 蔡文.可拓工程方法.北京:科学出版社,1997.

[21] 江勇,林闯,吴建平.网络传输控制的综合性能评价标准.计算机学报,2002,25(8):869?877.

[22] 赵克勤.集对分析及其初步应用.杭州:浙江科技出版社,2000.

[27] 徐晓辉,刘作良.基于D-S证据理论的态势评估方法.电光与控制,2005,12(5):36?37.

[28] 魏守智,赵海,王刚,张晓丹.复杂系统态势评估模型及其本体论实现方法.系统仿真学报,2005,17(5):1200?1202.

[29] 李伟生,王宝树.基于模糊逻辑和D-S证据理论的一种态势估计方法.系统工程与电子技术,2003,25(10):1278?1280.

[30] 邓聚龙.灰色控制系统.武汉:华中理工大学出版社,1985.

[35] 王宏,龚正虎.一种基于信息熵的关键流量矩阵发现算法.软件学报,2009,20(5):1377?1383. http://www.jos.org.cn/1000-9825/ 3308.htm [doi: 10.3724/SP.J.1001.2009.03308]

[39] 孙吉贵,刘杰,赵连宇.聚类算法研究.软件学报,2008,19(1):48?61. http://www.jos.org.cn/1000-9825/19/48.htm [doi: 10.3724/ SP.J.1001.2008.00048]

[41] 韦勇,连一峰,冯国登.基于信息融合的网络安全态势评估模型.计算机研究与发展,2009,46(3):353?362.

[42] 韦勇,连一峰.基于日志审计与性能修正算法的网络安全态势评估模型.计算机学报,2009,32(4):763?772.

[43] 刘东坡,费爱国,李革.C4ISR系统信息优势度量研究.计算机仿真,2007,24(6):27?30.

[44] 朱亮,王慧强,郑丽君.网络安全态势可视化研究评述.中国科技论文在线,2006. http://www.paper.edu.cn

[46] 杨雅辉,李小东.IP网络性能指标体系的研究.通信学报,2002,23(11):1?7.

[47] 林闯,周文江,田立勤.IP网络传输控制的性能评价标准研究.电子学报,2002,30(12A):1973?1977.

[48] 张冬艳,胡铭曾,张宏莉.基于测量的网络性能评价方法研究.通信学报,2006,27(10):74?79.

[49] 蒋序平.网络性能综合评估方法IEMoNP的设计和实现.海军工程大学学报,2006,18(5):74?78.

引用本文

龚正虎,卓莹.网络态势感知研究.软件学报,2010,21(7):1605-1619

复制

文章指标

点击次数:10187
下载次数: 26569
HTML阅读次数: 0
引用次数: 0

历史

收稿日期:2009-02-12
最后修改日期:2010-03-04
录用日期:
在线发布日期:
出版日期:

微信服务号

微信订阅号

引用本文

相关视频

分享

文章指标

历史

文章二维码

微信服务号

微信订阅号

引用本文

相关视频

分享

微信扫一扫：分享

文章指标

历史

文章二维码