and consists of two parts, the modeling of network security
situation and the generation of network security situation, as
shown in figure 1. The modeling of network security
situation is to construct the formal model adapted for the
measuring of network security situation based upon the D-S
Evidence Theory, and support the general process of the
fusion and correlation analysis of various types of alert
events from security situation sensors. The generation of
network security situation primarily consists of three steps: