A Novel Network Topology Sensing Method for Network Security Situation Awareness

In Network Security Situation Awareness (NSSA), topology information of the monitored network constitutes the foundation of the whole NSSA process. This paper presents a novel method for network topology sensing in non-collaborative networks. The proposed method leverages trusted agents and Group Decision Making (GDM) policies to provide more accurate and complete topology information. To ensure the reliability of the proposed approach, the initial trusted agents are regarded as the experts and the GDM process is carried out solely under their control. Additionally, a core topology description ontology is employed to integrate detected information in a more efficient manner. Furthermore, the approach is exemplified through a comparative analysis in a practical network environment comprising of 20 subnets and over 400 nodes. The experimental results demonstrate that compared with previous network topology sensing methods, our method exhibits a relatively higher coverage rate and is more adept at selecting worker agents. Such outcomes lend credence to the possibility that our approach is a useful practice in detecting complex network environments, ultimately contributing to a security analyst's cognitive perspective of situation awareness.