A. Basic Concepts
For the convenience of description and avoiding
confusion, the associated notional definitions are given as
follows:
Security Situation. It refers to the global security status of
the supervised network, the cyber-attacks suffered in a
certain time window, and the effect to the total objective of
network security. Generally, the security situation
information consists of two aspects, the time dimension and
the space distribution dimension.
Security Event. It refers to the alert events generated by
various network security situation sensors and resulted from
network intrusions or from the monitored parameter exceeds
the threshold value. It is represented as a multi-tuple:
ei ={ detectTimei ' eventTypei ' attacki ' src/