2.6 本章小结
本章介绍了传统A&A领域内的态势感知概念,并在A&A态势感知研究的基础上,对网络安全态势感知进行了概念性介绍;比较了其与传统A&A领域态势感知的异同。介绍了网络安全态势感知过程中各个阶段的主要功能,并着重叙述了一些术语之间的区别和联系。结合当前网络安全态势感知领域的研究,描述IDS在整个网络安全态势感知过程中的功能定位以及态势感知指标体系的选择类别,为后续章节的研究奠定基础。
【注释】
[1]Yin Xiaoxin,Yurcik William,Treaster Michael.VisFfowConnect:NetFlow Visualizations of Link Relationships for Security Situational Awareness[C].Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security,Washington,DC,2004:26-34.
[2]Mica R.Endsley.Design and Evaluation for Situation Awareness Enhancement[C].Proeeedings of the Human Factors Society 32nd Annual Meeting,Santa Monica,CA,1988:97-101.
[3]贾焰.大规模网络安全态势感知——需求、挑战与技术[EB/OL].http:// 2009.cert.org.cn/PPT/jiayan.pdf,2011.
[4]Miea R.Endsley.Toward a Theory of Situation Awareness in Dynamic Systems[J].Human Factors Journal,1995,37(l):32-64.
[5]蒋立新.BS7799(ISO/IEC17799)信息安全管理标准[J].世界标准化与质量管理,2004(2):46-48.
[6]Feng DG,Zhang Y,Zhang YQ.Survey of Information Security Risk Assessment[J].Journal of China Institute of Communications,2004,25(7):10-18.
[7]Guo Y J.Theory and Method of Comprehensive Evaluation[M].Beijing:Science Press,2002.
[8]Zhuang Y,Yang Y,Wu F,et al.Manifold Learning Based Cross-media Retrieval:A Solution to Media Object Complementary Nature[J].The Journal of VLSI Signal Processing,2007,46(2-3):153-164.
[9]Tim Bass.Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems [A].1999 IRIS National Sympo2 Sium on Sensor and Data Fusion,Laurel,USA,1999:51.
[10]Hunte J.M,Matlack T,Schweer K G.Applications of Networking Capabilities to Assist in Situational Awareness[C].Systems and Information Engineering Design Symposium 2004,2004:25-32.
[11]Bass T.Intrusion Detection Systems and Multi-Sensor Data Fusion:Creating Cyberspace Situational Awareness[J].Communications of the ACM,2000,43(4):99-105.
[12]Bass T.Multi-Sensor Data Fusion for Next Generation Distributed Intrusion Detection Systems [C].1999 IRIS National Symposium on Sensor and Data Fusion,Laurel,USA,1999(1):24-27.
[13]Steinberg A N,Bowman C L,White F E.Revision to the JDL Data Fusion Model[C].Proceedings of the SPIE Aero Sense,Orlando,Florida,USA,1999(3719):430-441.
[14]方滨兴.信息安全技术发展趋势[R].2007年第二届技术创新大会,2007:101.
[15]陈秀真,郑庆华,管晓宏等.网络化系统安全态势评估的研究[J].西安交通大学学报,2004,38(4):404-408.
[16]姚婷婷,郑庆华,管晓宏等.一种基于主机实时流量的安全评估方法[J].西安交通大学学报,2006,40(4):415-419.
[17]Goldman R P,Heimerdinger W,Harp S A,et al.Information Modeling for Intrusion Report Aggregation[C].Proceedings of the DARPA Information Survivability Conference&Exposition II(DISCEX’01),2001(1):329-342.
[18]Yegneswaran V,Barford P,Paxson V.Using Honeynets for Internet Situational Awareness[C].Proceedings of the Fourth Workshop on Hot Topics in Networks(HotNets-IV),College Park,MD,2005(1):1-6.
[19]Lakkaraju K,Yurcik W,Lee A J.NVisionIP:NetFlow Visualizations of System State for Security Situational Awareness[C].Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security(VizSEC/DMSEC),Washington DC,USA,2004:345-352.
[20]Yin X X,Yurcik W,Treaster M,et al.VisFlowConnect:NetFlow Visualizations of Link Relations for Security Situational Awareness[C].Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security(VizSEC/DMSEC),Washington DC,USA,2004:86-92.
[21]Lau S.The Spinning Cube of Potential Doom[J].Communications of the ACM.2004,47(6):25-26.