A. Lu and J. Li, “A Method of Data Preprocessing for Network Security Situational Awareness Based on Conditional Random Fields”, 2010 3rd International Conference on Computer and Electrical Engineering (ICCEE 2010), IPCSIT vol. 53 (2012) © (2012) IACSIT Press, Singapore, DOI: 10.7763/IPCSIT.2012.V53.No.2.3
“Network Security Situational Awareness(NSSA) has been a hot research in the network security domain. Because of the large amount of Intrusion Detection System (IDS), We propose a new method of data preprocessing for NSSA based on conditional random fields(CRFs). It takes advantages of the CRFs models which can stitch to sequence data marking and add random attributes to deal with the amount of data from IDS, and provide the data for NSSA. It uses KDD Cup 1999 data sets as experimental data and comes to a conclusion that our proposed method is practicable, reliable and efficient.”
“In 1999, Tim Bass first proposed the concept of cyberspace situation awareness and established a functional framework for it, which constructed a theoretical foundation for subsequent research on NSSA. Stephen G. Batsell, Jason Shifflet also made a similar model which integrated the existing network security system to realize the system framework, coped with the large-scale network security incidents. But these methods were only limited detection of attacks, which could not truly implement the network security situational awareness. The network situation refers to the current state and the changes in trends of network which includes the operation of a variety of network equipments, network acts, and user behaviors etc. It is worth noting that the situation is a state, a trend as a whole and the overall concept. Network security situational awareness is defined to acquire, understand, and display the security elements which can change the network security state, and to predict the future development trend among the large-scale network environment. This requires to integrated data of network security status which belong to different levels and types, to quantify network security situation, to draw a map of the current security situation state, and to provide a basis decision-making for administrator.”
Researches may download full text in PDF format here.