Zhaoyang Li1,2, Hao Duan1,3, Jiarui Lei1,3, Zijiang Yang4, Feng Lin4, Yumei Li4, and Zhiwei Zhang1,5,*
Zhiwei Zhang
1 School of Computer Science and Technology, Xidian University, Xi’an, Shaanxi, 710071, China
2 Qingdao Institute of Computing Technology, Xidian University, Qingdao, Shandong, 266109, China
3 Guangzhou Institute of Technology, Xidian University, Guangzhou, Guangdong, 510555, China
4 ZhongXinDa Information Technology Co., Ltd., Haikou, Hainan, 570100, China
5 Hebei Key Laboratory of Network and Information Security, Hebei Normal University, Shijiazhuang, Hebei, 050024, China
*Corresponding author
In this intelligent era, with deeper research, faster development, and wider application of information technologies, the network infrastructure plays one more and more important role in data communication and processing that affects almost every field worldwide. Correspondingly, cyberspace security, especially the security of network infrastructure has become elementary for countries and companies. Then, various security standards and specifications have been proposed to guide network infrastructure’s design, development, and operation. Consequently, it is the key to assess whether a network infrastructure is compliant with the related standards and specifications. However, most of the existing security assessment schemes are manual, that is, testers should check all issues depending on their understanding of the network infrastructures and related documents. That results in the lack of accuracy, continuity as well as comprehensiveness. Therefore, in this paper, we propose an Al-based network infrastructure security assessment (ISA-CN) scheme, which concerns China’s current fundamental network infrastructure security assessment related standards and specifications and evaluates the object’s security states with multi-dimensional automatically monitored network traffic data continuously and comprehensively. The analytical and experimental results show that our ISA-CN scheme is suitable for the assessment of real-world network infrastructure systems.
Deep Belief Network, Intrusion Detection, Hierarchical Evaluation Model, National Standard, Network Infrastructure
Zhaoyang Li, Hao Duan, Jiarui Lei, Zijiang Yang, Feng Lin, Yumei Li, and Zhiwei Zhang (2022). An Integrated Assessment Scheme of Network Infrastructure Following Security Standards and Specifications. Journal of Networking and Network Applications, Volume 2, Issue 3, pp. 95–106. https://doi.org/10.33969/J-NaNA.2022.020301.
[1] National Institute of Standards and Technology. Framework for improving critical infrastructure cybersecurity[J]. Natl. Inst. Stand. Technol., 2014, 1: 1-41.
[2] European Union Agency for Network and Information Se-curity. Methodologies for the identification of Critical In-formation Infrastructure assets and services[Z]. 2015.2.23.
[3] European Union Agency for Network and Information Security. Stocktaking, Analysis and Recommendations on the protection of CIIs. 2016.1.21.
[4] European Union Agency for Network and Information Security. Technical Guidelines for the implementation of minimum security measures for Digital Service Providers. 2017.2.16.
[5] Zuo X, Chen Z et al. Research on Network Security Eval-uation Method Based on Information Security Framework “Golden Triangle Model”[J]. Journal of Adhesion 2020. 41(2): 106-110.
[6] Zhou J, Wang S, Han Y, et al. Model of information system security evaluation based on asset sassociation degree[J]. Computer Engineering and Design. 2017, 38(7): 1691-1696.
[7] Cui M. Research on Key Technologies of Network Se-curity Situation Evaluation and Prediction[D]. China Na-tional Knowledge Internet. 2019.1-90.
[8] Tsaregorodtsev A V, Kravets O J, Choporov O N, et al. Information Security Risk Estimation for Cloud Infrastruc-ture[J]. International Journal on Information Technologies & Security, 2018, 10(4): 67-76.
[9] Yermalovich P, Mejri M. Information security risk as-sessment based on decomposition probability via bayesian network[C]//2020 International Symposium on Networks, Computers and Communications. IEEE, 2020: 1-8.
[10] Classified criteria for security protection of computer information system: GB 17859-1999[S]. Beijing, Office of the Central Cyberspace Affairs Commission, 1999.
[11] Wang L F. Information security technology – Operat-ing systems security evaluation criteria: GB/T 20008-2005[S].Beijing. National Information Security Standard-ization Technical Committee. 2006.
[12] Zhang B F, Bi H Y, Ye X J, et al. Information secu-rity technology—Security evaluation criteria for database management system: GB/T 20009-2005[S]. Beijing: Na-tional Information Security Standardization Technical Committee. 2019.
[13] Information technology-Guidelines for the management of IT Security: GB/T 19715-2005[S]. Beijing. National In-formation Security Standardization Technical Committee. 2005.
[14] Lu K, Zhan B H, Chen Y G, et al. Information security technology—Risk assessment method for information se-curity: GB/T 20984-2007[Ss]. Beijing: National Informa-tion Security Standardization Technical Committee, 2018.
[15] Min J H, Zhou Y C, Wang H L et al. Information technol-ogy—Security techniques—Information security incident management: GB/T 20985-2007[S]. Beijing: National In-formation Security Standardization Technical Committee, 2021.
[16] Masduki B W, Ramli K, Salman M. Leverage intrusion detection system framework for cyber situational aware-ness system[C]//2017 International Conference on Smart Cities, Automation & Intelligent Computing Systems. IEEE, 2017: 64-69.
[17] Shi L Y, Liu J, Liu Y H, et al. Survey of research on network security situation awareness[J]. Comput. Eng. Appl, 2019, 55(24): 1-9.
[18] Wang J, Li Z, Zhang H. Situation Awareness Based Resource Requirement in Cloud Computing Environ-ment[C]//2017 9th International Conference on Intelligent Human-Machine Systems and Cybernetics. IEEE, 2017, 2: 93-96.
[19] Wang Y, Li Y, Chen X, et al. Implementing Network Attack Detection with a Novel NSSA Model Based on Knowledge Graphs[C]//2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications. IEEE, 2020: 1727-1732.
[20] Yang H, Zeng R, Xu G, et al. A network security situation assessment method based on adversarial deep learning[J]. Applied Soft Computing, 2021, 102: 107096.
[21] Yang H, Zhang Z, Xie L, et al. Network security situation assessment with network attack behavior classification[J]. International Journal of Intelligent Systems, 2022.
[22] Yi B, Cao Y P, Song Y. Network security risk assessment model based on fuzzy theory[J]. Journal of Intelligent & Fuzzy Systems, 2020, 38(4): 3921-3928.
[23] Tang Y, Li C. CGA-ELM: A network security situation prediction model[C]//2021 International Conference on Computer Technology and Media Convergence Design. IEEE, 2021: 58-62.
[24] Jia X, Liu Y, Yan Y, et al. A network security situational awareness approach based on capability opportunity intent model [J]. Application Research Of Computers, Computer Application Research, 2016, 33(06): 1775-1779.
[25] Qian W, Lai H, Zhu Q, et al. Overview of network secu-rity situation awareness based on big data[C]//International Conference on Advanced Machine Learning Technologies and Applications. Springer, Cham, 2021: 875-883.
[26] Yu L. Research on intrusion detection based on deep con-fidence network [J]. Computer Science and Application. 2018, 8(05): 687-701.