Hierarchical network security situation awareness data fusion method in cloud computing environment

Abstract

In order to improve the accuracy of hierarchical network security situational awareness data fusion and shorten the fusion time, this paper proposes a hierarchical network security situational awareness data fusion method in cloud computing environment. The hierarchical model is established to obtain the hierarchical structure of data fusion. Hierarchical network security situational awareness data are collected and processed in parallel by cloud computing technology. According to the data collection results, the similarity between security events is calculated by using the clustering idea, and the similar security events are merged to achieve the purpose of removing redundant events. The hierarchical network security situational awareness data is fused by grey relational analysis. Finally, the simulation results show that the accuracy of data fusion of this method is high, up to 98%, and the fusion time is short, the longest is 13 s. Compared with the comparison method, this method has a better performance, indicating that this method is suitable for data fusion of hierarchical network security situation awareness.

Keywords

Cloud computing environment hierarchical network security situational awareness data fusion hierarchical model grey correlation analysis clustering thought

1. Introduction

While the network brings convenience to people, many security problems also follow, the number of intrusion security events is also rising, the ways of network attacks are constantly updated and increasingly complex, and a large number of purposeful network attacks are gradually emerging [1]. According to the “Research Report on Information Security of Chinese Internet Users in 2013” released by CNNIC, as of December 31, 2013, 438 million Internet users had encountered security incidents in the past year [2]. Network security situational awareness comes into being under this background. It grasps the current network operation status as a whole, senses the threats faced by the current network environment in real time, and predicts the future security trend [3].

As the current network information system is becoming larger and larger, decision makers need to use situational awareness tools to display the continuous changes of the current environment [4]. Data fusion under hierarchical network security situational awareness is to eliminate the redundancy of large-scale network data and reduce the dimension of large-scale data sets, so as to classify and integrate faster and better, so that network managers can quickly realize situational awareness. Therefore, how to establish an appropriate data fusion algorithm is an important topic of network security situational awareness. The data fusion algorithm is mainly data dimensionality reduction, and feature extraction and feature selection are two commonly used data dimensionality reduction methods [5].

Chen and Teng [6] proposed a wireless sensor network data fusion (LTDA) method based on hierarchical topology. The simulation data show that the proposed LTDA method reduces the average energy consumption, packet loss rate and end-to-end transmission delay. Wen and Li [7] proposed an information fusion method combining compressed sensing and global information data forwarding. It is found that the proposed method reduces the transmission volume of network nodes, the data recovery rate after fusion is high, and the network delay is low. However, the accuracy of the above two methods for network data fusion is low, resulting in poor fusion effect. Ge [8] proposed a grid system-based multi-channel information fusion method for wireless networks, which uses the correlation function in fuzzy theory to calculate the support of wireless network sensors. Wu et al. [9] proposed a BP neural network data fusion method based on heuristic firefly. However, the above two methods take a long time for network data fusion, resulting in low fusion efficiency.

Based on the above research results and their respective limitations, in order to improve the accuracy of hierarchical network security situational awareness data fusion and shorten the fusion time, this paper proposes a hierarchical network security situational awareness data fusion method in cloud computing environment, and the feasibility of the method is verified by simulation experiments. This paper first analyzes the hierarchical structure of data fusion and designs a hierarchical model to make it run stably under the management and coordination of cloud computing platform. By using cloud computing technology to collect network traffic, the distributed traffic collector can be managed in parallel to complete the collection process of network information resources. Using the idea of clustering, the similarity of security events is calculated, the similar security events are merged, and the redundant events are eliminated. The difference between events is calculated, the similarity of events is obtained, the logical relationship between events is mined, and the hierarchical network security situation awareness data is fused by grey correlation analysis method.

2. Method design

2.1 The overall design flow of the method

Figure 1.

Flowchart of method design in this paper.

As shown in Fig. 1, this paper first analyzes the hierarchical structure of data fusion and designs a hierarchical model to make it run stably under the management and coordination of cloud computing platform. By using cloud computing technology to collect network traffic, the distributed traffic collector can be managed in parallel to complete the collection process of network information resources. Using the idea of clustering, the similarity of security events is calculated, the similar security events are merged, and the redundant events are eliminated. The difference between events is calculated, the similarity of events is obtained, the logical relationship between events is mined, and hierarchical network security situation awareness data is fused by grey correlation analysis method.

2.2 Data fusion hierarchy

According to the three levels of data fusion, a hierarchical model consisting of network traffic data acquisition layer, network traffic data feature fusion layer and network traffic decision fusion layer is designed. These three layers work under the management and coordination of cloud computing platform. The network traffic data acquisition layer is the basic layer of the model, which is responsible for collecting massive network data packets through multiple network node sensors distributed on large-scale complex networks, integrating them into network traffic according to five tuples, and calculating their statistical characteristics [11, 12]. The network traffic data feature fusion layer belongs to the feature layer fusion in the three-tier structure of data fusion, which is to reasonably and effectively reduce the dimension of the massive data collected by the network traffic data source layer, effectively eliminate the redundancy of large-scale network traffic data, reduce the complexity of classification model, and enhance the classification efficiency [13]. The network traffic decision fusion layer is decision-level fusion. Firstly, abnormal traffic is judged, and the attributes of each feature are extracted, identified or determined. After the preliminary conclusion is obtained, it is related and fused, and finally the attribute description of the target or environment is obtained, which can be used as the basis for making decisions. After the decision is made in the network traffic decision fusion layer, the data is transferred to the application layer, and the application situation is analyzed from the aspects of situation assessment, danger alarm, malicious flow detection, traffic engineering, etc. The hierarchical model is shown in Fig. 2.

Figure 2.

Hierarchical model.

In order to better show the interaction process between various components in the hierarchical model, the corresponding sequence diagram is summarized, as shown in Fig. 3.

Figure 3.

Hierarchical model component interaction sequence diagram.

Data layer fusion is the fusion carried out at the lowest layer. Before each sensor data is processed, it is directly carried out on the collected original data. The fused data information is required to come from homogeneous sensors. Data layer fusion can keep as much original data as possible, and provide the most accurate results. The corresponding limitations are also obvious. Due to the large number of processing, long time and poor real-time performance, the processing cost is higher. Data layer fusion is usually used for image analysis and understanding, multi-source image composition, multi-sensor remote sensing information fusion, l-homogeneous radar waveform synthesis, etc. [14]. The data layer fusion process is shown in Fig. 4.

Figure 4.

Data layer fusion process.

Feature level fusion is the fusion at the middle level. It first extracts the features of the original data from the sensor (the feature information can be the target speed, direction, region and distance, edge, etc.), then associates, classifies and synthesizes the multi-sensor data according to the information features, and finally performs the fusion processing. Feature level fusion can be divided into two categories: target state fusion and target feature fusion. For target state fusion, the fusion system first completes the calibration of data through sensor data preprocessing, and then carries out fusion processing, mainly to complete the state estimation related to parameters [15]. For target feature fusion, the specific fusion technology is still the corresponding method of pattern recognition, but before fusion, the feature association processing must be realized to divide the feature vector into meaningful combinations.

Figure 5.

Feature layer fusion process.

Decision level fusion gives the optimal decision according to certain criteria and decision reliability [16]. It first extracts, recognizes or determines the attributes of each feature to obtain a preliminary conclusion, then associates and fuses the results, and finally obtains the attribute description of the target or environment. The results are used as the basis for decision-making.

Figure 6.

Decision level fusion process.

2.3 Hierarchical network security situational awareness data collection based on cloud computing

Because collecting massive network data on large-scale complex networks requires the use of scattered multiple network node sensors, and a variety of network traffic collection technologies are adopted, in order to effectively collect the required network information resources, cloud computing technology needs to be introduced to manage the distributed traffic collector in parallel [17]. The general process of parallel network information collection is to use the MapReduce parallelization architecture to make a single map function in the MapReduce programming model correspond to a single network information collection node, and call the traffic collection tool to complete the collection process of network information resources [18].

Cloud computing platform provides powerful and scalable computing power and is the supporting platform of the whole model [19]. As a parallel processing technology for massive data, MapReduce parallel computing framework can make efficient use of platform resources and realize automatic scheduling and allocation of tasks through mapping and reduction methods. Therefore, based on cloud computing technology, this paper uses bp-mi-mp algorithm to collect and process hierarchical network security situational awareness data in parallel, so as to realize the integration and consolidation of hierarchical network security situational awareness data with different data characteristics, different application purposes and different systems, so as to make further use of these information data [20, 21].

The specific steps of parallel collection and processing of hierarchical network security situational awareness data through cloud computing technology are as follows:

(1)
Discrete data. The discrete method used is equal distance dispersion method. Firstly, cluster division is implemented according to the actual distribution characteristics of proximity and eigenvalues, then cluster division is implemented based on the top-down splitting principle, and cluster consolidation is implemented based on the bottom-up merging principle until it is divided into a specified number. In the case of discretization, enumerations and switching variables do not need to be processed because they are originally discrete variables [22].
(2)
Matrix processing of monitoring data. If the acquisition and monitoring matrix of a sensor at a certain time is set as a vector, the expression of the matrix is:

$\displaystyle E=({d_{1},d_{2},\ldots,d_{m},t})$ (1)

In Eq. (1), $m$ represents dimension; $t$ represents acquisition time; $d_{m}$ represents the corresponding data value of dimension $m$ .

Set the hierarchical network security situational awareness data monitoring matrix collected by a sensor at a certain time as $E_{q}$ , and the data monitoring matrix can be expressed by Eq. (2):

$\displaystyle E_{q}=\left[{{\begin{array}[]{{20}c}{E_{1}}\\ {E_{2}}\\ \vdots\\ {E_{n}}\\ \end{array}}}\right]=\left[{{\begin{array}[]{{20}c}{E_{11}}&{E_{12}}&\ldots&{% E_{1m}}&{t_{1}}\\ {E_{21}}&{E_{22}}&\ldots&{E_{2m}}&{t_{2}}\\ \vdots&\vdots&\ldots&\vdots&\vdots\\ {E_{n1}}&{E_{n2}}&\ldots&{E_{nm}}&{t_{n}}\\ \end{array}}}\right]$ (2)

In Eq. (2), $n$ represents a positive integer.

Set the value returned by multiple devices in a certain period of time to $M$ , which can be expressed as:

$\displaystyle M=\left[{{\begin{array}[]{{20}c}{E_{q1}}\\ {E_{q2}}\\ \vdots\\ {E_{qi}}\\ \end{array}}}\right]=\left[{{\begin{array}[]{{20}c}{E_{1}}\\ {E_{2}}\\ \vdots\\ {E_{n}}\\ \end{array}}}\right]$ (3)

Figure 7.
Execution flow of map function and reduce function.

(3)
The classification features are extracted by variable selection algorithm, and the input values are determined. The algorithm consists of following steps:

1)
Select relevant variables.

Firstly, the mutual information $\left\{{\begin{array}[]{l}I({X_{i};Y})\\ i=1,2,\ldots,L\\ \end{array}}\right.$ of output variable and input variable is calculated. Then, based on the set significant mutual information level $a$ , the input variables $X_{i}$ greater than $a$ are screened and arranged in descending order to form a set of related variables, represented by $C$ .
2)
Remove the variables with weak correlation with the output in the relevant variable set through the backward algorithm [23].

(4)
The training prediction is implemented through the parallelization algorithm as follows: block all the samples to be trained, and receive the data blocks after blocking through the calculation node. The map function is used to batch train the hierarchical network security situational awareness data samples, and output the actual change of each network weight. Then, the overall change of the weight of each network is counted through the reduce function, the weight is adjusted, and whether to continue the iteration is determined [24].

The execution flow of map function and reduce function is shown in Fig. 7.

In order to reduce the time complexity of the collected hierarchical network security situation awareness data, the collected data can be preprocessed, the similarity of security events can be calculated by using the clustering idea, and similar security events can be merged to achieve the purpose of eliminating redundant events. The specific solution process is described in the following.
2.4 Attribute similarity analysis

Using the idea of clustering, the merging of security events is realized by calculating the similarity between security events, so as to remove redundant events. The security events in the network do not exist in isolation, but connect each other via logical relationship. For example, the sequential logical relationship between the penetration stage and the attack stage in a continuous DDoS attack. Therefore, the key of data fusion is to find out the relationship between the security events.

Select source IP address, destination IP address, source port number, destination port number, event type, occurrence time and other attributes. The similarity of events is obtained by calculating the dissimilarity of events. In the calculation process, each attribute selects the corresponding attribute dissimilarity calculation formula, then calculates the dissimilarity between two security events through the security event dissimilarity function, and finally compares it with the set threshold to determine whether to generate a new event or merge with an existing event. The value range of dissimilarity is [0, 1]. Before streamlining events, a multivariate group needs to be defined to represent security events [25].

(1) Security event representation

Security events mainly include alarm events caused by intrusion or illegal operation of various security devices. It can be represented by a multivariate group:

$\displaystyle e_{i}=\{{\textit{srcIp}_{i},\textit{sport}_{i},\textit{desIp}_{i% },\textit{dport}_{i},\textit{ctime}_{i},\textit{type}_{i},\textit{confident}_{% i},\textit{severity}_{i}}\}$ (4)

where $\textit{srcIp}_{i}$ , $\textit{desIp}_{i}$ represents the source IP address and destination IP address of the security event, $\textit{sport}_{i}$ , $dport_{i}$ represents the source port number and destination port number of the security event, $\textit{ctime}_{i}$ represents the time of the event, $\textit{type}_{i}$ denotes the type of event, $\textit{confident}_{i}$ denotes the confidence of the event, and $\textit{severity}_{i}$ denotes the severity of the event to the network.

(2) Calculation method of dissimilarity of different types of attributes

Arbitrarily select two security events $e_{i}$ , $e_{j}$ and calculate their attribute dissimilarity. The dissimilarity of continuous attribute variables, such as event occurrence time, is measured by Euclidean distance.

1) Enumerative variable

Select the $k$ -th attribute of event $e_{i}$ , $e_{j}$ . If it is enumeration type, the degree of difference on attribute $k$ is:

$\displaystyle d_{i,j}^{k}=\frac{p-q}{p}$ (5)

where $p$ denotes the number of all enumerated variables, and $q$ denotes the number of attributes with the same value in event $e_{i}$ , $e_{j}$ .

2) Boolean variable

Select the $f$ -th attribute of event $e_{i}$ , $e_{j}$ . If it is Boolean, the degree of difference on attribute $f$ can be expressed as:

$\displaystyle d_{i,j}^{k}=\frac{r+s}{q+r+s+t}$ (6)

where $r$ is the number of attribute variables with attribute value of 1 in event $e_{i}$ and attribute value of 0 in $e_{j}$ , $s$ is the number of attribute variables with attribute value of 0 in event $e_{i}$ and attribute value of 1 in $e_{j}$ , $t$ is the number of attribute variables with attribute value of 0 in event $e_{i}$ , $e_{j}$ , and $q$ is the event $e_{i}$ , $e_{j}$ ; The number of attribute variables in which both attribute values are 1.

3) Continuous variable

Let events $e_{i}=(x_{i1},x_{i2},\ldots,x_{ip})$ and $e_{j}=(x_{j1},x_{j2},\ldots,x_{jp})$ , where $x_{im},\ldots,x_{in}$ is the continuity variable. Then the calculation formula of the dissimilarity of event $e_{i}$ , $e_{j}$ on the $m\ldots n$ -th attribute is as follows:

$\displaystyle d_{i,j}^{(m\ldots n)}=\sqrt{\left|{x_{i1}-x_{j1}}\right|^{2}+% \left|{x_{i2}-x_{j2}}\right|^{2}+\ldots+\left|{x_{ip}-x_{jp}}\right|^{2}}$ (7)

(3) Calculation method of dissimilarity of two events

Assuming that events $e_{i}=(x_{i1},x_{i2},\ldots,x_{ip})$ , $e_{j}=(x_{j1},x_{j2},\ldots,x_{jp})$ and $e_{i}$ , $e_{j}$ contain $n$ different types of attributes respectively, the data dissimilarity $d(i,j)$ between events $e_{i}$ , $e_{j}$ can adopt the following formula:

$\displaystyle d(i,j)=\sum\limits_{f=1}^{n}{w^{h}}\times d_{ij}^{h}$ (8)

where $h$ is one of $n$ attributes, $w$ represents the weight corresponding to attribute $h$ , and $n$ is the number of attributes in event $e_{i}$ , $e_{j}$ .

2.5 Data fusion based on grey correlation analysis

By calculating the dissimilarity between events, the similarity of events is obtained, and the logical relationship between events is determined. The closer the degree of dissimilarity is to 0, the more similar the events are. The closer the degree of dissimilarity is to 1, the less similar the events are. When a new event arrives, the correlation module will calculate the dissimilarity between the current event and each event in the whole security event database to mine the potential event relationship. If the dissimilarity meets a certain range, the correlation module will merge the new event into the existing event. On the contrary, a new event will be generated.

The grey correlation analysis method judges whether the relationship between the two series curves is close according to the similarity of the geometry of the series curves. Therefore, the grey correlation analysis method is adopted to fuse the hierarchical network security situational awareness data.

The specific calculation includes the following steps:

(1) Determine the evaluation index system. Collect the evaluation data and determine the reference sequence $X_{0}=\{{x_{0}(1),x_{0}(2),\ldots,x_{0}(n)}\}$ reflecting the system behavior characteristics. Select the sequence reflecting the system characteristics to form the reference column, which can be the reference sequence composed of the optimal value (or the worst value) of the index, or select other reference values.

Then determine the comparison sequence $X^{\prime}_{i}=\{{x_{i}(1)^{\prime},x_{i}(2)^{\prime},\ldots,x_{i}(n)^{\prime}}\}$ , $(i=1,2,\ldots,m)$ and $m$ as the number of indicators.

(2) Dimensionless processing of reference sequence and comparison sequence.

To eliminate the influence of magnitude and facilitate calculation and comparative analysis, the indexes need to be dimensionless before using the grey correlation method.

(3) Find the correlation coefficient between reference sequence and comparison sequence.

The difference between curves can be used as a measure of the degree of correlation.

$\Delta_{i}(j)=|{x_{0}(j)-x_{i}(j)}|$ is the absolute difference between the corresponding elements of the comparison sequence and the reference sequence, then the correlation coefficient of $x_{0}(j)$ , $x_{i}(j)$ can be given:

$\displaystyle r_{0i}=\frac{\min\Delta_{i}(j)+\rho\ast\max\Delta_{i}(j)}{\Delta% _{i}(j)+\max\Delta_{i}(j)}$ (9)

where $\rho$ is the resolution coefficient, which is taken within (0, 1). The more obvious $\rho$ is, the stronger the discrimination ability of the correlation coefficient is. Generally, $\rho$ is taken as 0.5, which can also be taken according to the specific situation. $\min\Delta_{i}(j)$ is the minimum difference of two levels and $\max\Delta_{i}(j)$ is the maximum difference of two levels.

(4) Find the correlation degree $r_{i}$ .

The correlation coefficient is the correlation degree value of the reference sequence and the comparison sequence at each time, so its number is more than one. Therefore, it needs to combine the correlation coefficients at each time into one value, and the correlation degree $r_{i}$ is expressed:

$\displaystyle r(X_{0},X_{I})=r_{i}=\frac{1}{n}\sum\limits_{j=1}^{n}{r_{oi}}(j)$ (10)

where $r_{i}$ is the grey correlation degree between the comparison sequence $x_{i}$ and the reference sequence $x_{0}$ . The closer the $r_{i}$ value is to 1, the better the correlation is.

(5) Relevance ranking.

The degree of correlation between factors can be expressed by the order of correlation degree, not just the value of correlation degree. The correlation degree values of M comparison sequences to the same reference sequence are arranged in order of magnitude to form the correlation sequence, which is recorded as $\{x\}$ . For the same reference sequence, $\{{x_{0}}\}$ is better than $\{{x_{j}}\}$ , $\{{x_{i}}\}>\{{x_{j}}\}$ , and $r_{oi}$ represents the eigenvalue of the $i$ comparison sequence to the reference sequence.

The grey correlation degree value obtained by the grey correlation model is the importance ranking of the influencing factors in the system, and the correlation degree value is normalized as the weight value of the influencing factors. According to the importance of attributes, the fusion processing of hierarchical network security situational awareness data is completed.

3. Simulation

Simulation is conducted to validate the feasibility of the proposed hierarchical network security situational awareness data fusion method.

The simulation environment parameter settings are shown in Tables 1 and 2.

Table 1
Hardware parameter settings

The server	Parameter
Type	Pentium(R) Dual-Core CPU E5300 @ 2.60GHz
Main memory	DDR2 4GB
Hard disk	160GB
Operating system version	Ubuntu 12.04.5 lts 32-bit
Edition	Snort2. Version 9.3 and corresponding rule base

Table 2

Software parameter setting

Operating system	Ubuntu 11.04 Windows XP
Data set	Darap2000 dataset
Playback tool	netpoke
Sensor	Network security situation sensor based on sFlow and SNMP

Figure 8.

Simulation experiment environment.

Under the above simulation environment parameter settings, obtain hierarchical network security situational awareness data samples, including security events and redundant events, as shown in Fig. 9.

Figure 9.

Data sample.

The proposed a fusion method, Literature [6] method and Literature [7] method are used to cluster the data samples. The results are shown in Fig. 10.

Figure 10.

Sample clustering effect of three methods.

From the clustering results of the three methods in Fig. 10 and the data samples in Fig. 9, it can be seen that the proposed method can effectively separate the security events and redundant events in the sample data, while the security events obtained in Literature [6] method and Literature [7] method are still mixed with some redundant events. It shows that the hierarchical network security situational awareness data fusion method proposed in this paper has the best effect on sample clustering in cloud computing environment. The reason for this result is that the proposed method adopts the idea of clustering to realize the merging of security events by calculating the similarity between security events, so as to eliminate redundant events.

The proposed fusion method, Literature [6] method and Literature [7] method are comparatively analyzed in terms of fusion accuracy.

Figure 11.

Comparison results of data fusion accuracy of hierarchical network security situational awareness.

By can be seen in Fig. 11, three methods of data fusion precision number not directly associated with the experiment, but on the whole, the precision of this method is always higher than 90%, far more than the Literature [6] method and the Literature [7] method of 70%, from the overall trend, the method of hierarchical network security situational awareness data fusion accuracy is higher. Specifically looking at the data under each method, when the number of experiments is 80, the proposed method achieves the highest accuracy of data fusion, which is 98%. When the number of experiments in Literature [6] method is 80, the accuracy of data fusion is the highest, which is 71%. When the number of experiments is 40, the data fusion accuracy of the method in Literature [7] is the highest, which is 70%, further indicating that the method in this paper has a high data fusion accuracy.

The proposed hierarchical network security situational awareness data fusion method, Literature [6] method and Literature [7] method were compared in terms of data fusion time.

Figure 12.

Comparison results of data fusion time of hierarchical network security situational awareness.

It can be seen from Fig. 12 that the data fusion time of the three methods increases with the increase of the number of experiments, and the time consumed by the proposed method for data fusion is always lower than that of the method in Literature [6] method and Literature [7] method, and the time consumed by the method in Literature [7] method is always the longest. When the number of experiments is 20, the time consumed by the method in this paper is 6 s, while the time consumed by the method in Literature [6] method and Literature [7] method are 14 s and 17 s, respectively. When the number of experiments is 100, the time consumed by the proposed method is 13 s, while the time consumed by the method in Literature [6] method and Literature [7] method are 37 s and 42 s, respectively. The above data show that the proposed hierarchical network security situational awareness data fusion method consumes less time, indicating that compared with the comparison method, the data fusion time in this paper is generally shorter and has higher fusion efficiency.

4. Conclusion

The data of network security situational awareness comes from various types of security systems. These systems provide different types of security events and data, and there are too many redundant information in these massive information. If directly used for security assessment and prediction, it will bring unnecessary trouble to the data processing and have an influence on the real-time performance of the processing results. In this paper, in order to improve the hierarchical network security situational awareness data fusion accuracy, shorten the convergence time, this paper proposes a new cloud computing environment layered network security situational awareness data fusion method, analyzing the hierarchical structure of the data fusion, and designing the hierarchical model, in the cloud computing platform under the management and coordination of stable operation. Using cloud computing technology to collect network traffic, it can manage distributed traffic collector in parallel and complete the collection process of network information resources. Using the clustering idea, the similarity of security events is calculated, similar security events are merged, and redundant events are eliminated. The difference between events is calculated, the similarity of events is obtained, the logical relationship between events is mined, and hierarchical network security situation awareness data is fused by grey correlation analysis method. Finally, the feasibility of the proposed method is verified by simulation.

The final simulation results show that:

(1)

With this method, security events and redundant events in sample data can be effectively separated. This is because the proposed method adopts the idea of clustering to realize the merging of security events by calculating the similarity between security events, so as to eliminate redundant events.

(2)

The fusion accuracy of the proposed method for hierarchical network security situation awareness data reaches 98%, which is much higher than the selected comparison method, indicating that the fusion accuracy of the proposed method for hierarchical network security situation awareness data is higher.

(3)

In this paper, the layered network security situational awareness in the process of data fusion method in the simulation time in 13 s, and two methods of comparing the consumed time of 37 s, respectively and 42 s, its take significantly longer than the paper in the process of data fusion method, this paper data fusion time relative to the contrast method, generally shorter, have higher efficiency.

However, there are still some limitations in the research of this paper. For example, this paper does not specifically analyze the subtle differences in the results obtained by the same method for the fusion of hierarchical network security situational awareness data under different experimental times. In the subsequent research, we will take this as a starting point to deeply explore the reasons for the differences.

References

Wang

Song

Liu

Xiang

. An efficient intelligent data fusion algorithm for wireless sensor network. Procedia Comput Sci. 2021; 183(3): 418-424.

Zhang

Gao

Cheng

. A hybrid neural network data fusion algorithm based on time series. Appl Math Mech. 2021; 42(1): 82-91.

Cai

Chen

Miao

Lin

Feng

. Feedback convolutional network for intelligent data fusion based on near-infrared collaborative IoT technology. IEEE Trans Ind Inf. 2022; 18(2): 1200-1209.

Zhang

. Research on technologies of data fusion for network security. Software Eng Appl. 2021; 10(2): 149-155.

. Research on multi-source data fusion for smart distribution network. China Southern Power Grid Technol. 2019; 13(4): 42-47.

Chen

Teng

. Data fusion algorithm for wireless sensor networks based on hierarchical topology. Mod Electr Technol. 2018; 41(24): 61-6570.

Wen

. Simulation of global information fusion method in multi-source communication network. Comput Simul. 2018; 35(1): 188-191.

. Wireless network multi-channel information fusion method based on grid system. J Jilin Univ (Inf Sci Ed). 2020; 37(6): 617-622.

Yan

Zhang

. BP neural network data fusion algorithm based on heuristic firefly. Sens Microsyst. 2021; 40(4): 146-149156.

10.

Ghobaei-Arani

Shamsi

Rahmanian

. An efficient approach for improving virtual machine placement in cloud computing environment. J Exp Theor Artif Intell. 2017; 29(6): 1149-1171.

11.

Wang

Mao

Xia

Shi

Huang

, et al. Data fusion in data scarce areas using a back-propagation artificial neural network model: A case study of the South China Sea. Front Earth Sci: English Version. 2018; 12(2): 19-26.

12.

Ghobaei-Arani

Shahidinejad

. An efficient resource provisioning approach for analyzing cloud workloads: A metaheuristic-based clustering approach. J Supercomput. 2021; 77: 711-750.

13.

Yang

Nan

Cui

. Evolutionary dynamics analysis of complex network with fusion nodes and overlap edges. J Syst Eng Electr. 2018; 29(3): 549-559.

14.

Zhang

Yang

Feng

Wei

Cui

Xie

, et al. A tensor-network-based big data fusion framework for Cyber-Physical-Social Systems (CPSS). Inf Fusion. 2021; 76: 337-354.

15.

Liu

Lun

Gao

Cai

, et al. A data-fusion-assisted telemetry layer for autonomous optical networks. J Lightwave Technol. 2021; 39(11): 3400-3411.

16.

Wang

Zhang

Zeng

Xia

. DeepIII: Predicting isoform-isoform interactions by deep neural networks and data fusion. IEEE/ACM Trans Comput Biol Bioinf. 2022; 19(4): 2177-2187.

17.

Zhou

Zhao

Alroobaea

Baqasah

Miglani

. Research on data mining method of network security situation awareness based on cloud computing. J Intell Syst. 2022; 31(1): 520-531.

18.

Liu

Zhu

Anjum

Wang

Zhang

. Intelligent data fusion algorithm based on hybrid delay-aware adaptive clustering in wireless sensor networks. Future Gener Comput Syst. 2020; 104: 1-14.

19.

Ghobaei-Arani

. A workload clustering based resource provisioning mechanism using biogeography based optimization technique in the ccloud based systems. Soft Comput. 2021; 25: 3813-3830.

20.

Cheng

Wang

Feng

Yan

. Remote sensing and social sensing data fusion for fine-resolution population mapping with a multi-model neural network. IEEE J Sel Top Appl Earth Obs Remote Sens. 2021; 14: 5973-5987.

21.

Xing

Zhang

. Hierarchical network security measurement and optimal proactive defense in cloud computing environments. Secur Commun Networks. 2022; 2022: 6783223.

22.

Zhao

Gao

Liu

Zhao

. Spatiotemporal data fusion in graph convolutional networks for traffic prediction. IEEE Access. 2020; 8: 76632-76641.

23.

Ghosh

Birch

Marxen

. Neural-network-based sensor data fusion for multi-hole fluid velocity probes. IEEE Sens J. 2020; 20(10): 5398-5405.

24.

Altaf

Mehmood

Imran

. Implementation of efficient artificial neural network data fusion classification technique for induction motor fault detection. J Eng Sci. 2018; 5(2): E4.

25.

Jia

Han

Liu

Hao

. Opportunistic routing with data fusion for multi-source wireless sensor networks. Wireless Networks. 2019; 25(6): 3103-3113.

Hierarchical network security situation awareness data fusion method in cloud computing environment

Abstract

Keywords

1. Introduction

2. Method design

2.1 The overall design flow of the method

(1) Security event representation

(2) Calculation method of dissimilarity of different types of attributes

1) Enumerative variable

2) Boolean variable

3) Continuous variable

(3) Calculation method of dissimilarity of two events

Table 1 Hardware parameter settings

References

Table 1
Hardware parameter settings