Abstract
The traditional network security situational awareness method is difficult to deal with high-speed multi-source data flow because it relies on a centralized data processing architecture, resulting in poor real-time performance and weak data association. Therefore, building a perception prediction model that can fuse multi-source data in real time, understand the internal structure of the network, and have cognitive reasoning capabilities similar to experts is of great theoretical significance for realizing active intelligent network security defense. The study hypothesizes that the integration of distributed flow processing, network structure mode decomposition, and a cognitive decision-making framework can build a security perception model with high-precision perception and forward-looking prediction ability. The core of this method is to integrate the above components into a unified model of “data structure cognition” three-tier collaboration: Kafka+spark stream processing layer is responsible for real-time data fusion and feature supply. The Structural Modal Modeling and Decomposition (SMMD) layer analyzes the functional topology of the network to achieve fine-grained situation decoupling; The Estimation Memory Control (EMC) cognitive layer simulates the closed-loop process of expert evaluation, experience reuse, and predictive decision-making. This architecture realizes the deep coupling of data-driven, structural understanding, and cognitive intelligence, which is different from the existing situational awareness framework that mainly relies on a single data dimension or lacks explicit cognitive reasoning. To verify this hypothesis, several experiments are designed and implemented. Firstly, a distributed stream processing framework is built based on Kafka+spark to realize the real-time fusion and feature extraction of multi-source security data. Secondly, a safety perception prediction model combining the EMC framework and SMMD is proposed. The network functional topology is analyzed by structural mode decomposition, and the EMC framework is introduced to simulate the expert cognitive decision-making process. The core findings are as follows: Experiments on the Canadian Institute for Network Security network intrusion detection dataset (cic-ids-2017) show that the accuracy of the model in predicting the macro situation level is 93.7%, and the F1-Score for identifying five types of attacks is up to 97.2%. This performance is superior to the mainstream baseline models of LSTM, TCN, and GBDT. In the verification of the real network range, the model can shorten the average response time of high-risk threats to 3.5 minutes, improve the attack containment rate to 95.2%, reduce the false positive intervention rate to 8%, and improve the analysis efficiency by about 83%. The conclusion is that the proposed model is superior to the mainstream methods in perception accuracy, response speed, and operation and maintenance efficiency. This study provides effective technical support for the construction of an active and intelligent network security protection system.
This study also recognizes that the model has some limitations: Its performance depends on high-quality labeled data for initial training and pattern library construction; When dealing with large-scale networks (such as more than 10,000 devices), the computational cost of mode division and state estimation needs to be further optimized; In addition, the prediction ability of the model to the new attack mode (zero day) that has not appeared in the training data remains to be explored. Although the model has been validated on the cic-ids-2017 standard dataset and enterprise-wide, its ability to generalize to other network architectures (such as cloud native, IoT) and more complex real-world operational environments is a direction that needs to be evaluated before actual deployment in the future.
References
Xu H, Berres A, Yoginath S B, Sorensen H, Nugent P J, Severino J. Smart mobility in the cloud: Enabling real-time situational awareness and cyber-physical control through a digital twin for traffic. IEEE Transactions on Intelligent Transportation Systems, 2023, 24(3): 3145–3156. DOI:10.1109/TITS.2022.3226746.
Lill B, Sauerwein C, Mexis N, Langner K. A Comprehensive Review of Information Security Research regarding SMEs and Future Directions. Journal of Cyber Security and Mobility, 2025, 14(5): 1245–1288. DOI:10.13052/jcsm2245-1439.1459.
Li Y F. Application Mode of Blockchain Technology in User Data Sovereignty and Privacy Protection. Journal of Cyber Security and Mobility, 2025, 14(5): 1199–1220. DOI:10.13052/jcsm2245-1439.1457.
Chen Z. Research on internet security situation awareness prediction technology based on improved RBF neural network algorithm. Journal of Computational and Cognitive Engineering, 2022, 1(3): 103–108. DOI:10.47852/bonviewJCCE149145205514.
Oladosu S A, Ige A B, Ike C C, Adepoju P A. Next-generation network security: Conceptualizing a unified, AI-powered security architecture for cloud-native and on-premise environments. International Journal of Science and Technology Research Archive, 2022, 3(2): 270–280. DOI:10.53771/ijstra.2022.3.2.0143.
Vimal V, Muruganantham R, Prabha R, Arularasan A N, Nandal P, Chanthirasekaran K, et al. Enhance Software-Defined Network Security with IoT for Strengthen the Encryption of Information Access Control. Computational Intelligence and Neuroscience, 2022, 2022(1): 4437507. DOI:10.1155/2022/4437507.
Sheng C, Yao Y, Li W, Yang W, Liu Y. Unknown attack traffic classification in SCADA network using heuristic clustering technique. IEEE Transactions on Network and Service Management, 2023, 20(3): 2625–2638. DOI:10.1109/TNSM.2023.3238402.
Nafees M N, Saxena N, Cardenas A, Grijalva S, Burnap P. Smart grid cyber-physical situational awareness of complex operational technology attacks: A review. ACM computing surveys, 2023, 55(10): 1–36. DOI:10.1145/3565570.
Mokayed, H., Quan, T. Z., Alkhaled, L., and Sivakumar, V. Real-time human detection and counting system using deep learning computer vision techniques. Artificial Intelligence and Applications. 2023, 1(4): 221–229. DOI:0000-0001-6158-3543.
Wang X, Mei J, Cui S, Wang C X, Shen X S. Realizing 6G: The operational goals, enabling technologies of future networks, and value-oriented intelligent multi-dimensional multiple access. IEEE Network, 2023, 37(1): 10–17. DOI:10.1109/MNET.001.2200429.
Li M, Naeem F, Kaddoum G, Hossain E. Metaverse communications, networking, security, and applications: Research issues, state-of-the-art, and future directions. IEEE Communications Surveys & Tutorials, 2023, 26(2): 1238–1278. DOI:10.1109/COMST.2023.3347172.
Venkatesan K, Rahayu S B. Blockchain security enhancement: an approach towards hybrid consensus algorithms and machine learning techniques[J]. Scientific Reports, 2024, 14(1): 1149. DOI:s41598-024-51578-7.
Palbar Misas J D, Hopcraft R, Tam K, Jones K. Future of maritime autonomy: cybersecurity, trust and mariner’s situational awareness. Journal of Marine Engineering & Technology, 2024, 23(3): 224–235. DOI:10.1080/20464177.2024.2330176.
Lee C E, Baek J, Son J, Ha Y G. Deep AI military staff: Cooperative battlefield situation awareness for commander’s decision making. The Journal of Supercomputing, 2023, 79(6): 6040–6069. DOI:10.1007/s11227-022-04882-w.
Talukder M A, Islam M M, Uddin M A, Hasan K F, Sharmin S, Alyami S A, et al. Machine learning-based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction[J]. Journal of big data, 2024, 11(1): 33. DOI:10.1186/s40537-024-00886-w.
Bringhenti D, Marchetto G, Sisto R, Valenza F. Automation for network security configuration: State of the art and research trends. ACM Computing Surveys, 2023, 56(3): 1–37. DOI:10.1145/3616401.
Abou El Houda Z, Brik B, Senouci S M. A novel IoT-based explainable deep learning framework for intrusion detection systems[J]. IEEE Internet of Things Magazine, 2022, 5(2): 20–23. DOI:10.1109/IOTM.005.2200028.
Aminu M, Akinsanya A, Dako D A, Dickson A. Enhancing cyber threat detection through real-time threat intelligence and adaptive defense mechanisms. International Journal of Computer Applications Technology and Research, 2024, 13(8): 11–27. DOI:10.7753/IJCATR1308.1002.
Jiang J, Karran A J, Coursaris C K, Leger P M, Beringer J. A situation awareness perspective on human-AI interaction: Tensions and opportunities. International Journal of Human–Computer Interaction, 2023, 39(9): 1789–1806. DOI:10.1080/10447318.2022.2093863.
Yang L, El Rajab M, Shami A, Muhaidat S. Enabling automl for zero-touch network security: Use-case driven analysis. IEEE Transactions on Network and Service Management, 2024, 21(3): 3555–3582. DOI:10.1109/TNSM.2024.3376631.
Mohy-Eddine M, Guezzaz A, Benkirane S, Azrour M. An efficient network intrusion detection model for IoT security using K-NN classifier and feature selection. Multimedia Tools and Applications, 2023, 82(15): 23615–23633. DOI:10.1007/s11042-023-14795-2.
Sarker I H, Khan A I, Abushark Y B, Alsolami F. Internet of things (iot) security intelligence: a comprehensive overview, machine learning solutions and research directions. Mobile Networks and Applications, 2023, 28(1): 296–312. DOI:10.1007/s11036-022-01937-3.
Ofoegbu K D O, Osundare O S, Ike C S, Fakeyede O. Proactive cyber threat mitigation: Integrating data-driven insights with user-centric security protocols. Computer Science & IT Research Journal, 2024, 5(8): 2083–2106. DOI:10.51594/csitrj.v5i8.1493.
Alharbi F, Kashyap G S. Empowering Network Security through Advanced Analysis of Malware Samples: Leveraging System Metrics and Network Log Data for Informed Decision-Making. International Journal of Networked and Distributed Computing, 2024, 12(2): 250–264. DOI:10.1007/s44227-024-00032-1.
Lv Z, Chen D, Cao B, Song H, Lv H. Secure deep learning in defense in deep-learning-as-a-service computing systems in digital twins. IEEE Transactions on Computers, 2023, 73(3): 656–668. DOI:10.1109/TC.2021.3077687.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright (c) 2026 Journal of Cyber Security and Mobility