Loading...

Table of Content

    05 June 2020, Volume 6 Issue 6
    Flow Anomaly Detection Based on Hierarchical Clustering Method
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (1784KB) ( )  
    Related Articles | Metrics
    With the advent of the big data era, the attacks in network traffic are rising dramatically. Detecting malicious traffic through abnormal flow detection is vital. Nowadays, the equipment of abnormal flow detection used in industry mainly adopts statistical analysis method or simple machine learning method. However, the amount of flow data and redundant data is large. The precision rate is low and the false alarm rate is high. In order to solve these problems, this paper presents a new method to detect flow anomalies based on hierarchical clustering in data processing. This method first uses the hierarchical clustering algorithm to achieve the purpose of data reduction. Then based on seven different machine learning algorithms, an abnormal traffic model based on hierarchical clustering is constructed. The experimental results show that this method can detect the abnormal behavior on the DARPA dataset with a precision rate of 99% and a recall rate of 99%. At the same time, while maintaining the precision rate of 90%, the data reduction can be up to 47.58%, which greatly improves the detection efficiency.
    A Situation Awareness Conceptual Model for Advanced Persistent Threat
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (1479KB) ( )  
    Related Articles | Metrics
    Most existing researches on advanced persistent threats focus on the detection and discovery of threats, and the description of threats is not comprehensive. Network security situational awareness provides a clear network status for decision makers from a holistic perspective, which helps to comprehensively understand threats. Although scholars have carried out a lot of researches on situational awareness, most of them focus on their own state, only achieving the effect of "know ourselves", and relatively few studies on "know the enemy". Based on the situational awareness model, combined with related research such as the kill chain model, a conceptual situational awareness model for advanced persistent threats is proposed. This paper comprehensively discussed the functional tasks and related technologies of situation acquisition, understanding, and prediction from both perspectives. And then we made a discussion on the formal definition of each phase, providing a theoretical basis for advanced persistent threat detection and recognition.
    Research and application of remote mobile office security standard
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (2195KB) ( )  
    Related Articles | Metrics
    In recent years, with the promotion of national network security level protection and key information infrastructure protection, the construction of government network security system has been continuously improved. In view of the organized, hidden and normalized threat of network security attack, it is more and more important to build the overall combat capability based on continuous monitoring, dynamic defense and collaborative disposal. Security monitoring is the first line of defense. To build a security monitoring platform covering the whole network, the whole domain and the whole business, the key is to solve the difficult problems of multi-source heterogeneous big data collection, fusion analysis and display application, and improve the ability of perception, prediction and prevention of all risk elements. Based on the needs of government network security monitoring, this paper proposes a “1+1+N” model of government network security monitoring platform architecture, presents a data bus structure integrating multi-source data collection, integrated interface and normalization process, introduces the data association analysis model based on multi analysis engine and large data fusion analysis technology, and finally gives a practical case of government network security monitoring platform.
    Network Situation Prediction Model Based on MEA-LVQ
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (1996KB) ( )  
    Related Articles | Metrics
    Network security incidents happen all the time, and the Internet continues to be in danger, The network security situation is an index to evaluate the network security situation in a period of time, which provides a precondition for preventing the occurrence of network security incidents. The regression neural network is often used to solve the problem of network security situation evaluation, but there are many defects in the model, resulting in low prediction accuracy. In order to improve the classification accuracy, network situation prediction model based on MEA-LVQ is established, using the mind evolutionary algorithm to optimize the initial weights of the network can effectively make up for the shortcomings of LVQ neural network. Five experiments are carried out with datasets, and the accuracy of each classification of the model is more than 90%. The experiment results show that the model can effectively deal with the classification problem of network security situation, has better evaluation and classification ability, and can provide managers with more reliable reference value, managers can deal with the incidents threatening the network security in time, and effectively maintain the network security and stability.
    Survey of Security Situation Prediction Technology Based on Artificial Intelligence
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (1601KB) ( )  
    Related Articles | Metrics
    With the rapid development of Internet technology, technologies such as the Internet of Things, cloud computing, and big data have emerged one after another, China's Internet has entered a new era. At the same time, the cyberspace security threats are becoming more and more serious, it is of great significance to research cybersecurity situational awareness. The security situational awareness model is composed of situational element extraction, situational comprehension and situational prediction. Security situational prediction is the highest level technology in the entire security situational awareness model and plays an important role in the defense of network security. First, the concepts and models of security situation awareness are summarized, and then the general research contents and hot topics of security situation prediction are introduced, the key technologies of security situation prediction are detailed summarized from traditional machine learning and deep learning respectively, and finally the problems that need to be solved in the research of security situation prediction technology are elaborated.
    Research on Technologies of Windows Malware Detecting Based on Abnormal Behavior in KVM Environment
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (2220KB) ( )  
    Related Articles | Metrics
    With the development of cloud computing, Kernel-based Virtual Machine(KVM) virtualization technology has been widely used in various cloud environments, and Windows virtual machine occupies a large proportion. Windows virtual machine security in KVM environment has been paid more and more attention. At present, malware and malicious code attacks are developing in the direction of scale, high level, complexity and servitization, and are happening in cloud hosts. However, the static protection method based on the feature code has faced a great challenge in the cloud environment. The dynamic detection technology is still lacking in the KVM virtualization platform. Therefore, it is of great significance to research the dynamic detection technology of malware in Windows system virtual host. To solve this problem, this paper proposes a Windows malicious detecting architecture based on abnormal behavior in KVM environment, and validates it. Experimental results show that the technology improves malicious detecting efficiency and accuracy in cloud environment.
    Research on dynamic network asset monitoring based on traffic perception
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (1329KB) ( )  
    Related Articles | Metrics
    With the rapid development of network technology, the security problem has become more and more serious as the number and types of assets in cyberspace have become more and more complex, which poses a new challenge to the management department of network security. It is the premise to realize the effective management of network assets to accurately identify the large network whose asset status is changing dynamically and to carry out real-time dynamic monitoring in an all-round way. It also lays a foundation for threat correlation analysis. Based on real-time traffic, to establish fingerprint characteristic, collection and processing network assets identification technology, proposed the idea to the dynamic monitoring network assets. Using flow field data extraction characteristics, adopts many the angles of the fingerprint matching method to realize the effective identification network assets, on this basis, through three aspects of the server, information systems and asset internal to the dynamic monitoring of network assets, which provides a strong support for asset management and safety assessment for network.
    Application of Situation Awareness in E-government Information Security
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (1607KB) ( )  
    Related Articles | Metrics
    With the advancement of global information technology, cyberspace has become the "fifth space", and situation awareness technology for cyber security situation has emerged as required. Basing on the analyzing the development, history and current circumstances of cyber security situation awareness technology in the United States, NATO and China, this paper propose the application of cyber security situation awareness platform for real-time monitoring and early warning of e-government information security. Futher more, it explains the function and implementation technology of situation awareness in the field of information security of e-government network. According to the key technologies , demand and existing difficulties of the existing situation awareness platform, the development direction and prospect are proposed from the perspective of regulators.
    Research on Web Traffic Baseline Analysis of Government Website
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (1187KB) ( )  
    Related Articles | Metrics
    With the construction of the government cloud platform and the continuous expansion of the scope of government monitoring, the type and quantity of data collected has increased significantly. How to extract valuable information from the massive data effectively is the most important. This paper analyzes the problems existing in the monitoring of government websites, puts forward the classification method of website traffic data, and builds the network monitoring and early warning system based on the analysis of website traffic baseline. The web traffic baseline will improve the ability of security monitoring and operation and maintenance service system, discover the abnormal situation in the website traffic in time, improve the ability of threat analysis, and ensure the continuous and effective operation of monitoring and warning.
    Anomaly Detection Method of Industrial Control System Based on Control Behavior Model
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (2077KB) ( )  
    Related Articles | Metrics
    Aiming at the problem of anomaly detection in the information security dynamic protection of industrial control systems, and combining the control behavior characteristics of industrial control systems, this paper proposes an anomaly detection method based on the control behavior model. Ac-cording to the control behavior of the system, a normal control behavior model is constructed, and the data predicted by the model are compared with the extracted real-time data to analyze whether there is an abnormality. Experimental results show that the proposed method not only has higher detection accuracy for control behavior abnormalities, but also can detect early.
    A Study of Civil Aviation Network Security Situation Awareness Technology Based on "Business + Data" Perspective
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (2443KB) ( )  
    Related Articles | Metrics
    Based on a careful review of the current status and needs of civil aviation network security, faced with the characteristics of civil aviation information system network complex, multiple data exchange interfaces, frequent information exchange, and fast information flow, the core is to define the security strategy of "business + data", from the perspective of meeting the civil aviation's "ecological + rigid needs + compliance + credible" security requirements, to discuss the practice of network security situation awareness technology, including business security, data security, and IT critical infrastructure security, to guarantee the safety of important information systems and core key data of civil aviation, and improve civil aviation's ability to analyze and detect cyber security risks, and help civil aviation identify the core, understand the threat, predict the risk, and then achieve proactive defense, and finally build an integrated civil aviation integrated safety monitoring system.
    Research on Security Architecture for Cloud Data Center
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (4112KB) ( )  
    Related Articles | Metrics
    While cloud computing brings convenience to railways, it also brings new security risks. By studying the information security model, a cloud security architecture structure is constructed in line with the actual situation of the railway. In terms of responsibility, according to the level of protection, the responsibility sharing model should be divided into cloud security protection and cloud platform basic protection. In construction, according to the sliding scale model, it should be superimposed and evolved to gradually complete infrastructure security, defense in depth, active defense, and threat intelligence Several stages of security construction.
    The Research on European Commission’s European Date Strategy of 2020
    2020, 6(6):  0-0. 
    Asbtract ( )   PDF (715KB) ( )  
    Related Articles | Metrics