• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2011, Vol. 33 ›› Issue (8): 8-13.

• 论文 • Previous Articles     Next Articles

A Network Security Situation Awareness Model Based on Stream Cube

CHENG Wencong1,ZOU Peng2,JIA Yan2   

  1. (1.Institute of Aeronautical Meteorology and Chemical Defense,Equipment Academy of Air Force,Beijing 100085;
    2.School of Computer Science,National University of Defense Technology,Changsha 410073,China)
  • Received:2009-09-15 Revised:2010-01-25 Online:2011-08-25 Published:2011-08-25

Abstract:

Network security situation awareness is a new trend of network security monitoring technology. The awareness of the situation is very important to network security. Based on the existing research about data cube, we propose a network security situation awareness model to describe and abstract the multidimensional analysis structure related to the network security situation awareness. We can analyze the network security situation from the aspect of the network security events’ statistical characteristics based on this model and give an instance of the model based on frequency, trend and entropy characteristics. Then we improve the efficiency of the method by studying the correlation of the cells among the neighboring levels in the data cube on the basis of keeping the accuracy of the results. We also prove that we only need to get the lowest level cube’s characteristics from the raw data, and get the higher level cube’s characteristics by an indirect way. Building the practical applications and extensive experiments based on the real network security dataset demonstrates the effectiveness of the proposed model and methods.

Key words: information security;network security situation awareness;data cube;data stream