A Network Security Situational Awareness Framework Based on Situation Fusion

摘要

With the rapid development of the Internet, security issues in cyberspace have received more and more attention, and network security situation awareness has become a research focus. This paper proposes a network security situation awareness framework based on situation fusion, which decomposes the network security situation into two parts: the host security situation and the network attack situation. First, the host asset information and network topology information are used to calculate the weight vector of all hosts to make the weight setting more reasonable. Then using CVSS to evaluate the host security situation value. Meanwhile, security events are extracted from the alarm information of the intrusion detection system, and we designed threat downgrading rules and escalation rules based on system environment matching and the attacker's willingness, so as to calculate the threat of network attacks, and ultimately integrated into the overall network security situation value. The results of the case analysis show that the framework proposed in this paper can quantify the security situation better.