Cyberspace Situational Awareness Method Based on Traffic Volume

doi:10.3969/j.issn.1006-2475.2025.06.009

Abstract

Abstract: Abstract: Network anomalies can seriously influence the normal operation of infrastructure and cause huge financial losses. Existing studies perceived the changes of network state by observing the changes of network traffic. However， due to the lack of quantitative indicators， these cyberspace situational awareness methods have the problems of high false positive rate and low accuracy. This paper proposes a new cyberspace situational awareness method to address these challenges. Specifically， we use the public data set to obtain the traffic information of the links in the detection area. Firstly， a traffic critical value determination algorithm based on Wilson score is proposed to calculate the corresponding traffic threshold of each link. Secondly， a network state awareness scheme is proposed， which perceives the change of network state by monitoring whether the traffic volume of any link in the detection area is lower than the critical value and lasts for 11 minutes. Finally， this paper perform experiments with data from public measurement infrastructures （RIPE Atlas） to evaluate the performance of our approach， and the results show that our approach can effectively perceive the changes of network state.

Key words: Key words: cyberspace situational awareness, network traffic, Wilson score, critical value

CLC Number:

TP393

KUANG Ye1, ZHOU Mo2, LIU Ceyue1. Cyberspace Situational Awareness Method Based on Traffic Volume[J]. Computer and Modernization, 2025, 0(06): 56-60.

References

［1］孔珍，孔硕. 网络安全态势感知关键技术研究［J］. 中国信息化， 2022，11（4）:60-62.
［2］陈华山，皮兰，刘峰，等. 网络空间安全科学基础的研究前沿及发展趋势［J］. 信息网络安全， 2015，15（3）:1-5.
［3］李留英. 基于大数据的网络空间安全战略的构建［J］. 数字图书馆论坛， 2014，32（2）:16-19.
［4］申志伟，辛叶舟. 基于新技术的网络空间安全架构分析［J］. 互联网天地， 2015，12（10）:20-23.
［5］ KISANGA P， WOUNGANG I. Network anomaly detection using a graph neural network［C］// 2023 International Conference on Computing， Networking and Communications. IEEE， 2023:61-65.
［6］李程雄. 网络安全态势感知系统关键技术研究［J］. 电子技术与软件工程， 2022，45（23）:231-233.
［7］ ROY B， ACHARYA I， PAPALKAR D， et al. Top-performing unifying architecture for network intrusion detection in SDN using fully convolutional network［C］// 2023 5th International Conference on Inventive Research in Computing Applications. IEEE， 2023:1340-1344.
［8］ LEE B S， KIM J W， CHOI M J. Federated learning based network intrusion detection model［C］// 2023 24st Asia-Pacific Network Operations and Management Symposium. IEEE， 2023:330-333.
［9］ GUMMADI A N， NAPIER J C， ABDALLAH M. XAI-IoT: An explainable AI framework for enhancing anomaly detection in IoT systems［J］. IEEE Access. 2024，20（24）:1-2.
［10］ NAKIP M， GELENBE E. Online self-supervised deep learning for intrusion detection systems［J］. IEEE Transactions on Information Forensics and Security， 2024.109（21）:160-174.
［11］ MARKOPOULOU A， IANNACCONE G， BHATTACHARY
YA S， et al. Characterization of failures in an operational IP backbone network［J］. IEEE/ACM Transactions on Networking， 2008，16（4）:749-762.
［12］ RUSSELL P， ELSAYED M A， NANDY B， et al. On the fence: Anomaly detection in IoT networks［C］// NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium. IEEE， 2023:1-4.
［13］ KUANG Y， LI D， HUANG X. KL‐Dection: An approach to detect network outages based on key links［J］. Wireless Communications and Mobile Computing， 2022，20（22）:1-11.
［14］ KUANG Y， LI D D， HUANG X H， et al. On the modeling of RTT time series for network anomaly detection［J］. Security and Communication Networks， 2022，20（22）:1-12.
［15］ HEIDEMANN J， QUAN L， PRADKIN Y. A preliminary analysis of network outages during hurricane sandy［C］// In Proceedings of the ACM Special Interest Group on Data Communication. ACM， 2012:211–221.
［16］ DAINOTTI A， SQUARCELLA C， ABEN E， et al. Analysis of country-wide internet outages caused by censorship［J］. IEEE/ACM Transactions on Networking， 2014，22（6）:1964-1977.
［17］ QUAN L， HEIDEMANN J， PRADKIN Y. Trinocular: Understanding internet reliability through adaptive probing ［C］// In Proceedings of the ACM Special Interest Group on Data Communication. ACM， 2013:255-266.
［18］ PADMANABHAN R， SCHULMAN A， LEVIN D， et al. Residential links under the weather ［C］// In Proceedings of the ACM Special Interest Group on Data Communication. ACM， 2019:145-158.
［19］ SUNDARESAN S， DENG X H， FENG Y， et al. Challenges in inferring internet congestion using throughput measurements［C］// Proceedings of the 2017 Internet Measurement Conference. ACM， 2017:43-56.
［20］ DI BARTOLOMEO M， DI DONATO V， PIZZONIA M， et al. Extracting routing events from traceroutes: A matter of empathy［J］. IEEE/ACM Transactions on Networking， 2019，27（3）:1000-1012.
［21］ FONTUGNE R， PELSSER C， ABEN E， et al. Pinpointing delay and forwarding anomalies using large-scale traceroute measurements［C］// Proceedings of the 2017 Internet Measurement Conference. ACM， 2017: 15-28.
［22］ MARCHETTA P， PESCAPÉ A. DRAGO: Detecting， quantifying and locating hidden routers in traceroute IP paths［C］// 2013 IEEE Conference on Computer Communications. IEEE， 2013:3237-3242.
［23］ MARCHETTA P， DE DONATO W， PESCAPÉ A. Detecting third-party addresses in traceroute traces with IP timestamp option［C］// International Conference on Passive and Active Network Measurement. Springer， 2013:21-30.
［24］ RipeAltas［EB/OL］.（2006-03-01）［2024-07-20］. https://data-store.ripe.net/datasets/atlas-daily-dumps/
［25］ PADMANABHAN R， SCHULMAN A， LEVIN D， et al. Residential links under the weather［C］// Proceedings of the ACM Special Interest Group on Data Communication. ACM， 2019:145-158.
［26］ JIANG H， DOVROLIS C. Passive estimation of TCP round-trip times［J］. ACM SIGCOMM Computer Communication Review， 2002，32（3）:75-88.
［27］ FONTUGNE R， PELSSER C， ABEN E， et al. Pinpointing delay and forwarding anomalies using large-scale traceroute measurements［C］// Proceedings of the Internet Measurement Conference. ACM， 2017:15-28.
［28］ MANSFIELD-DEVINE S. DDoS goes mainstream: How headline-grabbing attacks could make this threat an organisation's biggest nightmare［J］. Network Security， 2016， 2016（11）:7-13.

[1]	LIANG Yun-de, CHEN Shou-ming, LU Yan-qian, LI Xue-wu, YU Shun-huai. Adaptive Traffic Control Method of IDC Network Based on Envelope Feature [J]. Computer and Modernization, 2021, 0(03): 7-11.
[2]	HAO Yi-ran, SHENG Yi-qiang, WANG Jing-lin, . Anomaly Detection of Network Traffic Based on t-SNE Dimensionality Reduction Preprocessing [J]. Computer and Modernization, 2021, 0(02): 109-116.
[3]	GAO Bai-hong1, LIU Zhao-hui1, LIU Hua2. Network Traffic Prediction Based on SCSO-GRU Model [J]. Computer and Modernization, 2020, 0(04): 72-.
[4]	YANG Yong-jiao, TANG Liang-liang. An Anomaly Detection Method for Network Traffic of Servers #br# in Smart Grid Based on Deep Encoder-Decoder Neural Network [J]. Computer and Modernization, 2019, 0(10): 66-.
[5]	CAO Zuo-wei1,2,CHEN Xiao1,NI Hong1 . Comparison and Analysis of Cache Replacement Algorithms for Network Traffic [J]. Computer and Modernization, 2019, 0(08): 50-.
[6]	SONG Zi-hua1,2, GUO Chun1,2, JIANG Chao-hui1,2. A Fast Trojan Detection Method Based on Network Traffic Analysis [J]. Computer and Modernization, 2019, 0(06): 9-.
[7]	MA Jia-yan, WANG Ping,XIA Wei, SHEN Hong-wei. Research on Network Traffic Prediction and Early Warning in Complex Networks [J]. Computer and Modernization, 2018, 0(01): 102-106.
[8]	CHEN Jing-zhu. Network Traffic Prediction Model Based on Mixed Kernels RVM Optimized by CS Algorithm [J]. Computer and Modernization, 2015, 0(5): 94-97.
[9]	LI Qing-ping. Study on Modeling of Network Traffic Based on Custom Packet [J]. Computer and Modernization, 2010, 1(8): 37-40.