I. INTRODUCTION
Traditional network security devices such as Intrusion
Detection Systems (IDS), firewalls, and security scanners
operate independently of one another, with virtually no
knowledge of the network assets they are defending. This
lack of information results in numerous ambiguities when
interpreting alerts and making decisions on adequate
responses. Network systems are suffering from various
security threats including network worms, large scale
network attacks, etc, and network security situation
awareness is an effective way for solve these problems. The
general process is to perceive the network security events
happened in a certain time period and cyberspace
environment, synthetically manipulate the security data,
analyze the attack behaviors systems suffered, provide the
global view of network security, and assess the whole
security situation and predict the future security trends of the
network.