| 摘要: |
With the different sources of threats to the Networks, from the physical and human threats to the extreme diverse methods used by hackers to exploit networks and disseminate different types of malware from simple kinds of comic, propaganda, ads, and viruses to highly sophisticated with a very advanced levels of Obfuscation Techniques like Packers, Polymorphism, Metamorphism [1] it’s becoming more and more difficult the task entrusted to network security scientists and engineers. Many kinds and different names of security monitoring and analysis tools have been used to detect the penetration on the networks and analyze the effectiveness of the network. The list is too long but we may mention Antivirus, firewalls, log audit tools, Host-based and Network-based Intrusion Detection Systems IDS, Low and High interaction based honeypots, general purpose and special purpose honeypots, network flow analysis tools,… It’s too difficult for network security engineers to be aware of the huge amount of data produced by these different tools, at the same time it has been proved that depending on one kind of these tools is not enough to protect the network from being exploited. In 1999 Bass Tim[2, 3] was the first author who recommended the application of Situational Awareness in the future Network Security. He foresees that next generation cyberspace intrusion detection systems will fuse data from heterogeneous distributed network sensors to create cyberspace situational awareness. In this paper we summarize the state of the art in situational awareness and its application in Network security, we will mention the different efforts done by scientists to apply the concept of Situational Awareness SA in network security. |