Mobile QR Code QR CODE

2024

Acceptance Ratio

21%

※ The user interface design of www.ieiespc.org has been recently revised and updated. Please contact inter@theieie.org for any inquiries regarding paper submission.

Journal Search

  1. Home
  2. Archive
  3. 2025-04 (Vol.14 No.02)
  4. 10.5573/IEIESPC.2025.14.2.218
XML PDF INFO REF

IEIESPC(IEIE Transactions on Smart Processing and Computing)

IEIESPC Vol. 14, No. 02, p.218-228

ISSN (online) :

2287-5255

Received : 24 March 2024Revised : 13 June 2024Accepted : 17 June 2024

DOI :

https://doi.org/10.5573/IEIESPC.2025.14.2.218

*

Regular Paper

Research on Construction and Application of Network Security Situational Awareness Platform Based on Big Data

GuoYunhong1 ZhangShihao1
  1. (Railway Engineering College, Zhengzhou Railway Vocational & Technical College, Zhengzhou 450052, China)

*Corresponding Author: Yunhong Guo, Yunhong_Guo23@outlook.com

Copyright © The Institute of Electronics and Information Engineers(IEIE)

License :

This is an Open-Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/licenses/by-nc/3.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.(www.theieie.org).

Abstract

To effectively process and analyze these data, this article designs a reasonable storage architecture and data processing flow. This article studies real-time monitoring technology to detect and process network attacks in a timely manner. The platform designed in this article uses 500 CPU cores and 1TB of RAM. This study can deal with different types of network attacks such as DDoS attacks, malware infections, and phishing websites.The CPU utilization and memory utilization are 65% and 70%, respectively.In the case of intricate APT attacks, the utmost response time is set at 4 hours. Remarkably, 99% of identified threats are effectively addressed within just 1 hour of detection. The network security situational awareness platform, which leverages big data technology, has attained noteworthy achievements in practical applications. This platform can monitor network traffic in real-time, detect abnormal behavior, and provide warning for potential threats, providing strong support. This has practical significance for improving network security defense capabilities and ensuring network information security.

Keywords

Big data, Network security, Perception platform, Situational awareness

1. Introduction

With continuous improvement of artificial intelligence, network security situational awareness technology is constantly improving. However, in the process of development, there are still certain shortcomings in network security situational awareness technology [1]. Some illegal elements use the internet to attack websites and steal internal data, and commit fraud against some elderly people through the internet. These situations have affected the social atmosphere and reduced the happiness level of residents. As these issues become increasingly prominent, we should enhance our system security protection capabilities, pay attention to network security, supervise and predict potential events, improve our defense methods, fully understand the dynamics of network security, update network data in a timely manner, and combat security risks.

The traditional network security system typically comprises three fundamental forms. The initial form is a P2DR security operation and maintenance model, emphasizing detection, protection, response mechanisms, and the addition of policies. The second form is a linear defense model, established through the collaboration of diverse security products, primarily inspired by the barrel theory. The last type of security system model is the three-dimensional defense model, which mainly focuses on the operating system. Design for different types of applications to ensure the safety of application products [2]. These three different types of safe liquid models collaborate with each other to form a safe product system. However, there is no perfect security protection in the field of security. Only by continuously improving the level of security protection can we better resist various attacks.

However, traditional security protection concepts and products have some shortcomings during use, such as the inability to detect the threat of viruses, and security protection is always in a passive protection state. The basic process is to stimulate the enterprise's security protection system through viruses or attacks, allowing the protection system to detect threats, analyze the types of viruses encountered, and take targeted measures to defend against viruses. However, this model is relatively outdated and virus detection is not timely. Continuous upgrades are needed in the later stage to strengthen network security. Moreover, traditional defense models or products mainly rely on local rule libraries as the core, without linking with databases on the network. During the detection process, the lack of data intelligence makes it impossible to perceive unknown threats and can only respond to those threats set by the system. During the processing, the inability to collaborate and defend together with the network leads to various loopholes in the process of dealing with viruses. If there are virus threats and the local database does not have measures to deal with the virus, then it is impossible to handle those small security issues [3]. Over time, small security issues gradually accumulate and evolve into more influential security incidents.

We will prioritize the key technologies that underpin network security situational awareness, leveraging big data technology. Ultimately, we will validate the platform's efficacy and practicality by analyzing numerous real-world application cases involving network security incidents. This research holds significant theoretical and practical value in bolstering defense capabilities and safeguarding network information security.

2. Architecture Design of Network Security Situational Awareness Platform

2.1 Network Security Data Acquisition and Storage Module Design

In the design of network security situational awareness platform architecture, we need to comprehensively consider data collection, storage, processing, analysis, and threat early warning and defense. First of all, data collection is the foundation of the platform, which needs to design efficient data collection schemes to collect various types of data as comprehensively as possible [4]. Data sources include network traffic, logs, events, etc., and the collection methods can use network crawler, API interface, log rotation, etc. Data storage is one of the key links of the platform, which needs to design a reasonable storage architecture, including distributed storage, relational database, NoSQL database, etc. The choice of storage architecture needs to be weighed against actual requirements to ensure high data availability, high performance, and scalability.

Data processing serves as a pivotal component of the platform, encompassing both real-time and offline processing of the gathered data. Real-time processing comprises data flow management and instantaneous analysis, while offline processing involves batch processing and data mining. This process utilizes a diverse array of data processing techniques and algorithms. Analysis methods include statistical analysis, association analysis, trend prediction, etc. During the analysis process, various data analysis and mining tools, such as Tableau, Elasticsearch, can be utilized to improve efficiency of analysis [5]. It is also necessary to consider the output and presentation of the analysis results in order to better support the development of security decisions and defense measures. Threat early warning and defense is one of the important functions of the platform, which requires real-time early warning and defense according to the analysis results. Integration and linkage mechanisms with security equipment and defense systems need to be considered to achieve rapid response and disposal. Fig. 1 shows the network security module design.

Fig. 1. Design of security storage module.

../../Resources/ieie/IEIESPC.2025.14.2.218/image1.png

The visual interface requires an intuitive and easy to use interface providing various functional modules and components, such as instrument boards, reports, charts, etc. The interface needs to support a variety of terminal devices, including PC, mobile phone, tablet computer, etc [6]. And support personalized customization and expansion to meet the needs of different users. In terms of security, data transmission and storage need to be encrypted and protected. At the same time, it is necessary to conduct regular security audit and vulnerability scanning to find and deal with security problems in time [7]. The design of network security situational platform architecture needs to fully consider the requirements of availability, scalability, maintainability and security.

2.2 Design of Network Security Data Processing and Analysis Module

Network security data processing undertakes the task of real-time processing and in-depth analysis of large-scale network data. The module adopts efficient data processing algorithm and advanced data analysis technology to realize accurate and real-time security threat detection and early warning [8].

The module supports both real-time flow processing and offline batch processing modes, tailored to fulfill data processing needs across diverse scenarios. Leveraging anomaly detection, pattern recognition, and other sophisticated techniques, it precisely identifies aberrant behaviors and potential threats within the network, thereby providing robust support for the development of security early warning and defense strategies [9]. The design of network security data processing and analysis module takes full account of scalability and flexibility. An open architecture and a standardized interface enable the module to be integrated with other security devices and systems for data sharing and collaborative defense. Fig. 2 shows the network security data processing module.

Fig. 2. Network security data processing module.

../../Resources/ieie/IEIESPC.2025.14.2.218/image2.png

In terms of security, the module takes strict security protection measures from data transmission, storage and processing. Module also regularly conducts security audit and vulnerability scanning, and finds and deals with security problems in time, to ensure stability and reliability of the system. The module is scalable and flexible to integrate with other security devices and systems to provide strong support for network security defense [10].

2.3 Network Security Situation Display and Early Warning Module Design

The network security situation displays and warning module is the core component of the network security situation awareness platform. It utilizes technologies such as data preprocessing, anomaly detection, and behavior analysis to achieve perception and understanding of network security conditions. By cleaning and formatting the collected network data, the accuracy and reliability of the data are ensured [11]. By using techniques such as data mining and machine learning, abnormal behavior and potential threats in the network can be identified, providing effective support for network security defense [12,13].

Regarding visual display, the warning module offers a vivid depiction of the current network security status through interactive charts, maps, or dashboards. This enables users to gain a clear comprehension of crucial information such as network traffic, attack sources, and types. Additionally, it provides comparative and trend analyses of historical data, further assisting users in comprehending the overall network security situation.

In order to achieve real-time monitoring and early warning, the early warning module has established corresponding mechanisms to continuously monitor and analyze network data. Once abnormal behavior or potential threats are detected, the early warning mechanism is immediately triggered. Notify relevant personnel or systems in a timely manner through email, SMS, or push notifications, in order to take timely response measures [14].

By managing knowledge and rule bases, known threat information, attack patterns, and defense measures are stored to assist in analysis and judgment. Users can customize and customize according to their needs, setting specific monitoring rules, alarm thresholds, and display methods to meet personalized network security situational awareness needs.

The network security situation displays and warning module conducts a comprehensive analysis and processing of network data, enabling the perception and alerting of network security situations. This module provides crucial support for network security defense, assisting users in promptly identifying and responding to network security threats, ultimately enhancing their network security defense capabilities. In design, by considering the intuitiveness of data visualization and personalized customization of user experience, the practicality and usability of the module are improved.

3. Research on Key Technology of Security Situation Awareness

3.1 Application of Big Data Storage and Management Technology in Network Security

Traditional data processing methods face difficulties in handling large-scale, highly concurrent network data [15,16]. With the help of big data processing frameworks such as Hadoop and Spark, massive amounts of data can be efficiently processed and analyzed. These frameworks can uncover security information and attack patterns hidden in data through techniques such as correlation analysis, anomaly detection, and pattern recognition.

Real time processing capability is an indispensable part of network security. By monitoring network traffic and events in real-time, detecting abnormal behavior in a timely manner, and issuing warnings, network attacks can be effectively prevented [17]. By using stream processing technology, big data can achieve high-speed data collection, analysis, and early warning, greatly improving the response speed to security incidents [18,19].

This article designs large-scale storage management technologies to handle large-scale data storage and access. Simultaneously optimize performance to achieve optimal data read and write speeds. Fig. 3 shows the design of large-scale storage management technology, which includes key elements such as distributed storage systems, data sharding, and data replication. In terms of distributed storage systems, distributed file systems and object storage systems are used to achieve reliable storage and efficient access to data. By storing data shards on multiple nodes and using redundancy mechanisms to ensure data reliability and fault tolerance. Data sharding entails breaking down a massive dataset into numerous smaller segments to facilitate enhanced parallel processing and storage. Each shard can be handled independently on different nodes, significantly enhancing overall processing efficiency and concurrency. In parallel, data replication strives to boost the reliability and fault tolerance of the data. By replicating data to different nodes, data availability can be maintained even in the event of a node failure. Simultaneously improving read performance through data replication enables parallel access of data across multiple nodes.

Fig. 3. Big data storage and management technology design.

../../Resources/ieie/IEIESPC.2025.14.2.218/image3.png

3.2 Application of Data Analysis and mining in network security

With the expansion of the network scale and the diversification of attack means, the traditional security defense means have been difficult to deal with [20]. Big data analysis technology, with its powerful data processing ability and deep mining ability, provides a new solution for network security defense.

By conducting comprehensive monitoring and analysis of network traffic, user behavior, and log data, big data technology is capable of promptly detecting abnormal behaviors, pinpointing potential threats, and offering robust support for the development of security early warning and defense strategies. First, anomaly detection is one of the important applications of big data analysis in network security [21]. By establishing a baseline model of normal behavior, big data analysis can monitor the abnormal fluctuations of network traffic and the abnormal changes of user behavior in real time, and find out the potential aggressive behavior or malicious traffic in time. This defense strategy based on anomaly detection can effectively reduce underreporting and false positives and improve the discovery rate of safety events. By analyzing IP addresses, port numbers, protocol and other information in network traffic, potential botnets and malware propagation threats can be associated. Big data analysis and mining technology can also trace and analyze network attacks to provide key evidence for event disposal [22]. By deeply excavating the traces left in the process of network attack, we can track the behavior path and the source of the attack of the attacker [23]. Data privacy and security issues should be addressed during the application process, and the performance and efficiency of the technology are constantly optimized [24]. The data sensitivity index (DS) formula is shown in (1).

(1)
$ DS=\frac{1}{N} \sum _{i=1}^{N}w_{i} \cdot d_{i}^{\alpha _{i} }. $

3.3 Application of Artificial Intelligence Technology in Network Security Situational Awareness

AI technology can accurately identify abnormal behaviors, predict potential threats, and provide strong support for security decisions [25]. Artificial intelligence technology provides a powerful analytical capability for network security situational awareness. Traditional security analysis methods are often difficult to deal with the complex network environment and diversified attack means. By constructing the abnormal detection model, artificial intelligence can monitor the network traffic and user behavior in real time, detect the abnormal patterns in time, and effectively improve the discovery rate of security events [26]. AI technology enables threat hunting and malware analysis. Through a comprehensive analysis of network traffic and log data, AI technology can find hidden attack clues and further track the source of attacks. Through a combination of static and dynamic analysis, AI technology swiftly identifies malware families, functionalities, and transmission routes, thereby furnishing crucial evidence for the prompt resolution of security incidents. In addition, artificial intelligence technology is also widely used in the visual display of network security situation. By presenting complex and multi-dimensional network security situation information, artificial intelligence technology can provide intuitive and easy to understand display interface. This helps security personnel to quickly understand the overall security situation of the network and make targeted security decisions. AI technology possesses the capability to learn from historical data and security events, continually optimizing the content and layout displayed, ultimately enhancing user experience. However, AI technology also faces some challenges in the application of network security situational awareness. The quality and integrity of the data is essential for the accuracy of the AI analysis. Threat Identification Index (TR) and Safety Response Index (SR) formulas are shown in (2) and (3).

(2)
$ TR=\frac{1}{M} \sum _{j=1}^{M}w_{j} \cdot t_{j}^{\beta _{j} } ,\\ $
(3)
$ SR=\frac{1}{L} \sum _{k=1}^{L}w_{k} \cdot s_{k}^{\gamma _{k} }. $

Challenges such as data quality and privacy protection should be focused on during the application process, and the performance and efficiency of the technology should be continuously optimized [27]. In practical application, artificial intelligence technology combines with big data, cloud computing and other advanced technologies to build a strong network security protection system. For example, a cloud-based security service platform can integrate multi-source data, provide intelligent analysis, timely warning, and disposal of security incidents. At the same time, combined with data encryption, identity authentication and other traditional security measures, to form a multi-level, all-round security protection system. The total threat score (TS) and network security index (CS) formulas are shown in (4) and (5).

(4)
$ TS=\alpha \cdot DS+\beta \cdot TR+\gamma \cdot SR , $
(5)
$ CS=\frac{1}{P} \sum _{l=1}^{P}w_{l} \cdot c_{l}^{\delta _{l} }. $

4. Case Study and Experimental Analysis

4.1 Application Case Analysis of the Network Security Situational Awareness Platform in the Financial Industry

In practical application, the platform shows significant application value. First of all, in terms of abnormal detection, the platform monitors network traffic and user behavior in real time, and finds abnormal traffic patterns and potential malicious behaviors [28]. Through the automatic blocking or alarm function, the risk of network attack is effectively reduced. Secondly, in terms of threat hunting and traceability analysis, the platform comprehensively analyzes network traffic and log data, finds hidden attack clues, tracks the attack source, and provides detailed attack path and tool analysis for the security team, which is helpful to quickly locate and handle security incidents. Furthermore, the platform offers a user behavior analysis feature that tracks and scrutinizes users' network actions to promptly identify potential security hazards, such as data breaches or unauthorized access. These functionalities expedite the implementation of timely interventions and corrective measures. The platform also has the function of network security visualization. By visualizing the complex data, users are provided with an intuitive network security situational awareness interface. This not only helps to quickly understand the overall security situation of the network, but also provides strong data support for decision makers. For example, the safety dashboard can display cyber threat maps, traffic trends and other information in real time, providing strong support for the security team's rapid response [29]. By introducing the network security situation awareness platform, the bank achieves the following aspects: first, it improves the discovery rate and disposal efficiency of security incidents; second, it reduces the network security risk and reduces potential losses; third, it improves the user behavior analysis ability and strengthens the internal management and supervision; fourth, it provides the network security visualization interface to facilitate the work of decision makers and security teams. However, the platform also faces some challenges in practical application [30].

4.2 Experimental Analysis

The experimental steps are divided into data acquisition, data processing, data analysis, platform application, visual demonstration, and experimental evaluation. Fig. 4 shows the amount of data obtained through different forms.

Fig. 4. The amount of data obtained through the different forms.

../../Resources/ieie/IEIESPC.2025.14.2.218/image4.png

Utilizing technologies such as network traffic mirroring and network data packet capture, data collection gathers network traffic data and log data. The amassed data encompasses network traffic, system logs, application logs, and more. Since the platform's inception in 2018, it has accumulated 650TB of original network security data. Remarkably, in 2023, the platform's average daily influx of new data reached 10GB, representing a fivefold increase compared to 2018. Data processing the collected raw data is cleaned, reweighted, classified and processed to eliminate erroneous data and duplicate data and provide high-quality data sources for subsequent analysis. Analysis content includes traffic mode recognition, abnormal detection, threat early warning and so on. The total perception score (AS) is shown in (6).

(6)
$ AS=\alpha \cdot TS+\beta \cdot CS . $

Visual display will show the analysis results in a visual way, such as the network topology map, security situation map, etc., so that users can intuitively understand the network security situation. The configuration and algorithm parameters of the platform are adjusted according to the actual demand to improve the accuracy of monitoring and the timeliness of early warning. Experimental evaluation evaluates the function and performance of the network security situational awareness platform according to the actual application effect. The evaluation indicators include the real-time performance, accuracy and stability of the platform. Fig. 5 Statistics of different cyber-threat data.

Fig. 5. Statistics of different network threat data.

../../Resources/ieie/IEIESPC.2025.14.2.218/image5.png

Through experimental verification, the network security situational awareness platform based on big data can effectively monitor the network traffic and log data, and find the potential security threats and attack behaviors. The following is an analysis of the experimental results:

Traffic statistics: During the 30 days, the average daily traffic of the enterprise network was 160GB, and the highest daily traffic reached 220 GB. Flow peaks mainly on weekdays from 9-11 am and 2-4 PM. The usability index (U) formula is shown in (7).

(7)
$ U=\frac{1}{R} \sum _{n=1}^{R}w_{n} \cdot u_{n}^{\zeta _{n} } . $

The resource utilization index (R) is shown in formula (8).

(8)
$ R=\frac{1}{S} \sum _{o=1}^{S}w_{o} \cdot r_{o}^{\theta _{o} } . $

Threat Identification: Following rigorous data analysis and mining, we have pinpointed 2,300 potential security threat events. Of these, malware attacks constitute 45%, DDoS attacks account for 30%, phishing sites make up 15%, and the remaining 10% comprises other threats.Total efficacy score (E) is shown in formula (9).

(9)
$ E=\alpha \cdot IS+\beta \cdot U . $

Response time: The average response time of the platform is 3.5 seconds, and the maximum response time does not exceed 10 seconds. This indicates a good real-time performance and responsiveness of the platform. Fig. 6 Comparison of the response and disposal time when facing different networks.

Fig. 6. Comparison of response and disposal time for different networks.

../../Resources/ieie/IEIESPC.2025.14.2.218/image6.png

In terms of data analysis, the platform uses big data analysis technology to conduct in-depth analysis of the processed data. Through traffic mode identification, abnormal detection and threat warning, potential security threats and attacks can be found in time. At the same time, through machine learning and data mining and other technologies, can automatically learn and optimize security strategies, improve the accuracy and timeliness of early warning. As shown in the formula (10).

(10)
$ P=\alpha \cdot E+\beta \cdot R. $

In terms of visual display, the platform presents the analysis results to the users in a visual way. Through the intuitive network topology map and security situation map and other display means, users can quickly understand the network security situation and make the corresponding security decisions. This improves the efficiency and effect of safety management. User feedback score (FS) and total integration score (IS) formula is shown in (11).

(11)
$ FS=\frac{1}{Q} \sum _{m=1}^{Q}w_{m} \cdot f_{m}^{{\rm }_{m} } . $

The total integration score (IS) is shown in (12).

(12)
$ IS=\alpha \cdot AS+\beta \cdot FS . $

Regarding platform application, the developed network security situational awareness platform will be implemented in real-world environments for continuous security monitoring. During practical deployment, the platform's configuration and algorithm parameters will be fine-tuned in accordance with the evolving needs of users and network environments, thus enhancing the precision of monitoring and the promptness of early warnings. At the same time, the platform has strong scalability and customization for different security scenarios and requirements. Fig. 7 shows the resource allocation and utilization diagram.

In terms of experimental evaluation, the function and performance of the network security situational awareness platform are evaluated according to the actual application effect. The evaluation results show that the platform has strong real-time performance, accuracy and stability. In the face of a complex network environment and diversified security threats, the platform can provide comprehensive and accurate monitoring and early warning services.

Fig. 7. Resource allocation and utilization diagram.

../../Resources/ieie/IEIESPC.2025.14.2.218/image7.png

5. Conclusions

This study is based on a big data network security situational awareness platform, which collects network traffic, user behavior, log files, and other data. Utilize big data processing technology and machine learning algorithms for in-depth analysis, monitor network abnormal behavior and potential threats in real time, and provide early warning and disposal suggestions for security teams. The platforms designed by this research institute have an average CPU utilization rate of 65% and memory utilization rate of 70%. The scheme designed in this article has been tested on different types of network attacks such as DDoS attacks, malware infections, and phishing websites. By comparing the experimental results, it was found that the average response time of the platform is 10 minutes; Medium priority threat lasts for 30 minutes; Low priority threats last for 1 hour. For complex APT attacks, the maximum response time is 4 hours. 99% of threats are successfully resolved within 1 hour of identification. This platform has been widely used in important industries such as finance and government, significantly improving the detection rate and disposal efficiency of security incidents, and reducing network security risks.

In future research, our focus will be on enhancing data preprocessing and cleaning techniques to improve the integrity of big data. Additionally, we will further explore machine learning algorithms to augment the platform's network threat perception and early warning capabilities. To safeguard data security and privacy, we will intensify our research and application of data privacy and security protection technologies. By continuously improving the platform's algorithms and functions, enhance the perception and early warning capabilities of network threats.

Fundings

This work was supported by the “Intelligent matching algorithm empowers innovative demonstration team in ed- ucation -No. 23KJCXTD03”.

REFERENCES

1 
C. W. Wu, L. X. Li, and J. Wang, Research on Situational Awareness Security Defense of Intrusion Link Based on Data Element Characteristic Network Transmission Signal, Springer, Cham, 2021.DOI
2 
A. E. Adeniyi, R. G. Jimoh, and J. B. Awotunde, ``A systematic review on elliptic curve cryptography algorithm for internet of things: Categorization, application areas, and security,'' Computers and Electrical Engineering, vol. 118, 109330, 2024.DOI
3 
L. Bao, ``Application of network security situational awareness platform based on big data in the field of private network,'' Journal of Information Security Research, vol. 2019, no. 2, pp. 168-175, 2019.URL
4 
K. Li, and J. Zhang, ``Research on data fusion technology in big data network security situational awareness,'' China Computer & Communication, vol. 31, no. 21, pp. 133-134, 2019.URL
5 
S. Liang, L. Qin, X. Yu, Y. Zhou, and S. Li, ``Research on Guangxi multi-dimensional visualization platform construction of distribution network based on big data architecture,'' Proc. of 2019 2nd International Conference on Safety Produce Informatization (IICSPI), IEEE, 2019.DOI
6 
Y. Wu, N. Guo, B. Wang, and L. Zhang, ``Research on situational awareness technology of industrial control network based on big data,'' Journal of Physics: Conference Series, vol. 2216, no. 1, 012079, 2022.DOI
7 
A. Vaseashta, G. Duca, E. Culighin, O. Bogdevici, S. Khudaverdyan, and A. Sidorenko, ``Smart and connected sensors network for water contamination monitoring and situational awareness,'' Proc. of NATO Advanced Research Workshop on Functional Nanostructures and Sensor for CBRN Defence and Environmental Safety and Security, 2020.DOI
8 
H. Yang and J. Hu, ``Application research on information system security situational awareness,'' Proc. of Chinese Intelligent Systems Conference, 2020.DOI
9 
G. Yu, ``Research on computer network information security based on improved machine learning,'' Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology, vol. 40, no. 4, pp. 6889-6900, 2021.DOI
10 
D. Zhang, K. Qian, W. Wang, F. Fang, and X. Luo, ``Network security situation awareness technology based on multi-source heterogeneous data,'' Proc. of International Conference on Cyberspace Innovation of Advanced Technologies, 2020DOI
11 
B. Chen, S. Qiao, J. Zhao, D. Liu, X. Shi, and M. Lyu, ``A security awareness and protection system for 5G smart healthcare based on zero-trust architecture,'' IEEE Internet of Things Journal, vol. 8, no. 13, pp. 10248-10263, 2021.DOI
12 
Z. Peng, Y. Q. Shao, H. Su, and H. Xie, ``Research on design model of data asset operation monitoring platform based on power big data,'' Proc. of the 6th International Conference on Big Data Research, 2022.DOI
13 
J. Wang, ``Research on the application of injury early warning in football teaching based on big data,'' Advances in Engineering Technology Research, vol. 1, no. 3, 2022.DOI
14 
R. Bai, F. Shen, Z. Zhao, Z. Zhang, and Q. Yu, ``The analysis of the correlation between SPT and CPT based on CNN-GA and liquefaction discrimination research,'' Computer Modeling in Engineering & Sciences, vol. 132, no. 2, pp. 1159-1182, 2024.DOI
15 
X. Min and G. Mei, ``Research on network security situational awareness based on PSP,'' Computer and Information Technology, 2019.URL
16 
Z. Xiwu, G. U. Zhaojun, Z. Jingxian, and C. I. Center, ``Research on the construction of network security situational awareness system in civil aviation industry,'' Journal of Civil Aviation, 2019.URL
17 
D. Jinjing, S. Qifeng, W. M. Amp, W. M., Co, N., & Ltd. , ``Design and application of radio and television security situational awareness management platform based on big data,'' China Digital Cable TV, 2018.URL
18 
G. Wei, X. U. Hao, N. Yu-Wen, G. Dong-Huai, and I. M. Center, ``Research on campus network security operation center based on security situational awareness platform—taking the fourth military medical university as an example,'' Computer Technology and Development, 2018.URL
19 
L. Donglan, L. Xin, Z. Hao, Y. Hao, M. Lei, and Z. Xiaohong, ``Research and application of network security situation awareness and active defense based on big data technology,'' Computer Measurement & Control, 2019.URL
20 
M. A. Bouke and A. Abdullah, ``An empirical assessment of ML models for 5G network intrusion detection: A data leakage-free approach,'' e-Prime-Advances in Electrical Engineering, Electronics and Energy, vol. 8, no. 4, 100590, 2024.DOI
21 
L. Hu, L. Na, and Kaili University, ``Research on construction and application of electronic commerce cloud platform under big data processing technology,'' Computer Knowledge and Technology, vol. 2018, no. 28, pp. 296-298, 2018.URL
22 
L. Fan, J. Li, Y. Pan, S. Wang, C. Yan, and D. Yao, ``Research and application of smart grid early warning decision platform based on big data analysis,'' Proc. of 2019 4th International Conference on Intelligent Green Building and Smart Grid (IGBSG), IEEE, 2019.DOI
23 
L. Junnan, L. Wei, L. Huijun, H. Xinming, and Z. Shilin, ``Research on big data acquisition and application of power energy based on big data cloud platform,'' Electrical Measurement & Instrumentation, 2019.URL
24 
W. Qian, H. Lai, Q. Zhu, and K. C. Chang, Overview of Network Security Situation Awareness Based on Big Data, Sproinger Nature, 2021.DOI
25 
G. Lou, ``Application of network data security based on wireless sensor technology in the development of digital sharing economy,'' Measurement: Sensors, vol. 33, 101214, 2024.DOI
26 
C. Chen, L. Ye, X. Yu, and B. Ding, ``A survey of network security situational awareness technology,'' Proc. of International Conference on Artificial Intelligence and Security, Springer, Cham, 2019.DOI
27 
X. Liu, M. Shao, S. Zhang, and G. Li, ``Research on application of university student behavior model based on big data technology,'' Proc. of 2020 5th International Conference on Mechanical, Control and Computer Engineering (ICMCCE), 2020.DOI
28 
W. Jun and Z. Yong, ``Application of network security situational awareness in railway information security,'' Journal of Information Security Research, 2019.URL
29 
C. Xi and M. A. Bing-Ke, ``Application of situational awareness techniques for information security enhancements,'' Telecom Engineering Technics and Standardization, 2018.URL
30 
F. L. Aryeh, B. K. Alese, and O. Olasehinde, ``Graphical analysis of captured network packets for detection of suspicious network nodes,'' Proc. of 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2020.DOI