CSA architecture
CSA architecture

Cyberspace Situational Awareness Model based on Spatial Traffic Clustering, Ying Zhuo, Qiang Zhang and Zhenghu Gong, 2010 International Conference on Intelligent Network and Computing (ICINC 2010), School of Computer Science National University of Defense Technology Changsha, Hunan.,

INTRODUCTION

“With the rapid expansion of the information network scale, the complexity and uncertainty of system also increase. Each function unit of traditional network management works in an independent state. Due to the absence of effective information extraction and information fusion mechanism, network management system is unable to establish the contact between network resources, and the representation ability of overall information is poor. The massive network management information could not strengthen management, but instead has increased the burden on administrators. Modern network management should be able to provide diverse, individual managements supplying the detailed information about the managed objects, understanding the operating status of the whole network, providing the service according to the commanders’ demand, etc. Therefore, Fusion based Cyberspace Situational Awareness will certainly become the development direction of network management in the future [1,2].”

“Cyberspace Situation is that the current state and trend of the whole-network which is composed of operating status of various network equipments, network actions, user behaviors and other situation factors. It is worth noting that situation is a state, a trend, an overall concept, and no single state can be called situation. The so-called situation factor is an element which can bring changes in network situation, and the set is a subset of monitor index set. Cyberspace Situational Awareness (CSA) refers to the acquirement, comprehension, assessment, visualization of situation factors and forecast the trend of future development in the large-scale network environments. In short, CSA is a mapping from the situation factor set R to the situation space θ, f: R→θ.”

“CSA’s goal is to introduce situation awareness techniques into the network management field, organize each kind of information efficiently in the rapid-change
complex environment, synthesize existing indices which represent network partial features, integrate each function of traditional network management unit working independently and provide the comprehensive macroscopic view of network operating status, so as to enhance the network comprehension ability of administrators and provide the decision support for the high-level commander. CSA research includes three main aspects: model, knowledge representation and assessment method. The majority research focuses on the security situation, while a small amount touches upon transmission, information superiority, survivability, system evaluation and so on. The related works as well as the existing problems have been discussed detailed in another paper [3].”

Full paper (English) may be downloaded at the above link.