Mobile QR Code QR CODE

2025

Reject Ratio

81.5%

Main Menu

※ The user interface design of www.ieiespc.org has been recently revised and updated. Please contact inter@theieie.org for any inquiries regarding paper submission.

Journal Search

IEIESPC(IEIE Transactions on Smart Processing and Computing)

IEIESPC Vol. 15, No. 2, p.258-271

ISSN (online) :

2287-5255

Received : 26 June 2024Revised : 3 August 2024Accepted : 20 August 2024

DOI :

10.5573/IEIESPC.2026.15.2.258

Regular Paper

Research on Security Evaluation Technology of Active Defense Network Driven by Big Data

Yunhong Guo¹^* Shihao Zhang¹

(Railway Engineering College, Zhengzhou Railway Vocational & Technical College, Zhengzhou 450052, China)

^* Corresponding Author: Yunhong Guo, guoyh1995@126.com

License :

This is an Open-Access article distributed under the terms of the Creative Commons Attribution Non-Commercial License (http://creativecommons.org/licenses/by-nc/3.0/) which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.(www.theieie.org).

Abstract

In the context of the rapid development of big data technology, the network security environment has become increasingly complex, making traditional passive defense strategies difficult to meet the needs of modern network security. Therefore, active defense network security assessment technology has become the focus of research. This comprehensive article offers an insightful examination of the intricate challenges confronting network security amidst the proliferation of big data, emphasizing the paramount significance of adopting proactive defense strategies. It meticulously explores the cornerstone of proactive defense network security evaluation technology, encompassing its fundamental principles, nuanced classification, established standards, and a meticulously crafted indicator system that together form a robust framework for assessing and enhancing cybersecurity posture. Through data comparison, it was found that active defense technology has a significant effect on network security. Out of 10 system paralysis events, organizations using passive defense technology experienced 8 paralysis incidents, with a success rate of up to 80%. In terms of data leakage incidents, passive defense technology has 65 leaks out of 100 incidents with a success rate of 65%, while active defense technology has reduced this rate to 30%, a decrease of about 45%. After adopting proactive defense technology, the average response time for security incidents has been reduced from 3 hours to 1 hour, and the average response time for serious security incidents has been reduced from 5 hours to 2 hours. The malware detection rate has also increased from 70% to 95%. Through case analysis and practical experience, this article can help enterprises develop and implement effective security defense strategies.

Keywords

Active defense, Big data, Network security, Safety assessment

1. Introduction

With the rapid development of information technology, big data has become a prominent feature of the present era. The application of big data technology has brought unprecedented changes in various fields, especially in the field of network security ^[1]. Traditional network security defense strategy is mainly based on passive defense of known threats. However, in the face of increasingly complex and changeable network security threats, this strategy has become inadequate. Therefore, the concept of active defense has been paid more and more attention, and has become a research hotspot in the field of network security. Active defense emphasizes prevention first, which prevents attacks by identifying and predicting potential threats and taking measures in advance. The core of this defense strategy lies in accurate identification and rapid response to security threats. The introduction of big data technology provides strong support for the implementation of this strategy. Through big data analysis, we can dig deep into the security threat intelligence in network traffic, log files and other data, and then take targeted defensive measures. By using SS-LSACNN and TCSLR algorithm ^[2, ^3], our system can detect and prevent DDoS attacks in real time, providing strong support for the security protection of wireless sensor networks. However, it is not enough to rely solely on active defense strategy. In order to evaluate the security status of the network more comprehensively, we also need to introduce the network security evaluation technology. Through the comprehensive inspection and evaluation of all aspects of the network system, this technology can determine the security risk level and vulnerability degree of the network. By discovering and dealing with potential security problems in time, the overall security of the network can be effectively improved.

Security assessment stands as the pivotal component within the active defense network security assessment technology, tasked with gauging the current state of network security and pinpointing potential security risks and vulnerabilities by leveraging a meticulous array of standards and indicators. This process meticulously evaluates the resilience and defenses of a network, enabling organizations to proactively mitigate threats and fortify their cybersecurity posture ^[4]. Establishing a scientific and reasonable evaluation standard and index system is very important for accurately evaluating network security. The principle of active defense technology is mainly based on the in-depth analysis of network traffic and log files, and takes active measures to prevent potential security threats by identifying and predicting them ^[5, ^6]. According to different classification standards, active defense technology can be divided into many types. In practical applications, it is necessary to comprehensively use a variety of technologies and tools for active defense to improve the overall security of the network ^[7].

The purpose of this paper is to discuss the security evaluation technology of active defense network driven by big data. We will first introduce the basic concepts and principles of active defense and security assessment, and then discuss in depth how to use big data technology to implement these strategies and methods. Finally, we will show the application effect and value of these technologies in the real world through case analysis and practical experience. It is hoped that through the research of this paper, it can provide useful guidance and reference for the practice in the field of network security.

2. Current Situation of Network Security Driven by Big Data

2.1. Application of Big Data Technology in Network Security Field

With the rapid development of information technology, big data technology has gradually become an important tool in the field of network security. Big data technology provides a brand-new solution for network security protection with its powerful data collection, storage, processing and analysis capabilities. In the field of network security, the application of big data technology is mainly reflected in the following aspects:

Anomaly detection and threat hunting: By monitoring network traffic and user behavior in real time, big data technology can discover abnormal traffic patterns and potential malicious behaviors in time. Using machine learning and data mining algorithms, network traffic and log data can be deeply analyzed, threat sources can be accurately located, and strong support can be provided for security teams.

Leveraging the power of big data technology, we can comprehensively gather and integrate a myriad of security intelligence information, spanning from malware samples and attack origins to victim details. By conducting deep mining and intricate analysis of these vast data sets, we gain the ability to anticipate potential attack patterns and trends, thereby furnishing a crucial foundation for preemptive prevention and swift response to evolving network threats.

Tracking and analyzing user network behavior through big data technology can discover potential security risks in time, such as abnormal login and data leakage. This analysis is not only helpful to take timely measures to intervene and correct, but also provides an important reference for improving security policies.

With the help of big data visualization technology, complex data can be presented in an intuitive form, providing powerful data support for decision makers. Security dashboard, threat map and other functions can display the network situation in real time, help decision makers quickly understand the network security situation, and improve decision-making efficiency and accuracy.

By simulating real network attack scenarios and using big data technology to conduct attack and defense drills and simulated attacks, potential security vulnerabilities and weaknesses can be found, and network security defense capabilities can be improved. At the same time, this simulated attack can also provide actual combat training opportunities for security teams and improve emergency response capabilities.

While using big data technology for network security protection, we also need to pay attention to data privacy and security protection. Encryption technology and access control are adopted to ensure the security and privacy of data. At the same time, we should strictly abide by relevant laws, regulations and ethical norms, and respect the privacy rights and interests of users. Fig. 1 shows the application of big data technology in the field of network security.

Fig. 1. Application of big data technology in field of network security.

The application of big data technology in the realm of network security holds immense promise and untapped potential. Through relentless research endeavors and technological innovations, we strive to continually refine and enhance the efficacy of big data in safeguarding cyberspace. This endeavor is not only crucial for the protection of national security, social stability, and economic prosperity but also necessitates the reinforcement of interdisciplinary collaboration and research focused on data privacy protection. By working in unison, we can collectively propel technological advancements and foster the development of innovative applications within the broader landscape of network security.

2.2. Characteristics and Trends of Current Network Security Threats

With the rapid development of information technology, network security threats are becoming more and more complex and changeable. These threats not only come from a wide range of sources and are constantly being renovated, but also are often highly concealed and targeted. Specifically, the current network security threats mainly show the following characteristics and trends: Advanced Sustainable Threat Attack (APT Attack) has become the mainstream. This kind of attack is usually initiated by the state, hacker organizations, etc., and carries out long-term and planned infiltration and destruction against specific targets. APT attacks often use advanced social engineering means, combined with zero-day vulnerabilities, puddle attacks and other technologies to achieve intranet penetration, data theft and other purposes. Secondly, data leakage occurs frequently. Due to the blurring of network boundaries and the lack of security awareness of users, data leakage incidents are on the rise year by year. These leaks not only involve personal privacy, but also involve sensitive information of enterprises and government secrets, posing a serious threat to social security and national security. Third, ransomware and extortion are getting worse and worse. Ransomware achieves the purpose of extortion by encrypting user files or destroying system resources. In recent years, the variety of ransomware is increasing, and the transmission route is more hidden, which brings huge economic losses and psychological pressure to enterprises and individual users. In addition, with the popularization of new technologies such as Internet of Things and cloud computing, security problems in industrial control systems, smart homes and other fields have gradually become prominent. Security threats in these emerging fields are not only related to personal privacy and property security, but also related to national infrastructure and strategic security. At the same time, the globalization trend of network security threats is becoming more and more obvious. The transnational nature of cybercrime makes it more and more difficult for a single country to defend its cyber security. Countries need to strengthen international cooperation to jointly deal with cyber security threats. The current network security threats show the characteristics and trends of diversification, complexity, concealment and globalization. Faced with these threats, we need not only to strengthen technology research and development and the formulation of defense strategies, but also to improve the network security awareness and coping ability of the whole society. Through the joint efforts of the government, enterprises and all sectors of society, we can effectively deal with cyber security threats and ensure the security and stability of cyberspace.

2.3. Limitations of Existing Security Strategies

Although the existing security defense strategies have made some achievements in maintaining network security, with the continuous evolution of network threats, these strategies gradually expose their limitations. First of all, traditional defense methods based on feature matching often lag behind the change of threats. Relying on known attack patterns or signatures, such methods are difficult to deal with unknown or variant threats, such as zero-day vulnerability attacks. In addition, the static defense strategy is difficult to cope with the dynamic network environment, which leads to false positives and false positives from time to time. The Big Data Threat Perception Index (BDTI) and Security Vulnerability Mining Index (SVI) are shown in Eqs. (1) and (2), respectively

(1)

$ BDTI = \frac{1}{N} \sum_{i=1}^N w_i \cdot p_i^{\alpha_i} \cdot q_i^{\beta_i}, $

(2)

$ SVI = \frac{1}{M} \sum_{j=1}^M w_j \cdot v_j^{\gamma_j} \cdot s_j^{\delta_j}. $

The formulas of Network Resource Synergy Index (NRCI) and Active Defense Effectiveness Evaluation Index (ADEI) are shown in Eqs. (3) and (4), respectively.

(3)

$ NRCI = \sum_{o=1}^S w_o \cdot \sqrt[\tau_o]{n_o} \cdot \sqrt[\upsilon_o]{c_o}, $

(4)

$ ADEI = \frac{1}{L} \sum_{k=1}^L w_k \cdot (e_k \cdot r_k)^{\gamma_k}. $

Secondly, the existing defense strategies often focus on single-point protection, lacking integrity and synergy. For example, firewall, intrusion detection system (IDS) and antivirus software are fighting each other, which makes it difficult to share and integrate security information and forms a security island. This isolated defense method is easy to cause security vulnerabilities, so that attackers can take advantage of it.

Furthermore, many organizations rely too much on a single security defense measure, ignoring the importance of human factors in network security. Problems such as weak safety awareness and irregular operation of employees often become the breakthrough of network attacks. Thus, elevating the safety awareness and skillsets of every employee is of paramount importance. Furthermore, the pervasive adoption of emerging technologies like cloud computing and the Internet of Things (IoT) has led to the concentration and transboundary flow of vast amounts of data, posing novel challenges to established security defense strategies. This underscores the need for continuous adaptation and innovation in our approach to cybersecurity. The cross-border flow of data complicates the security supervision and governance between countries, and the flexible scalability of cloud computing also brings ambiguity to the security boundary. How to ensure the security and privacy of data while ensuring the flow and sharing of data has become a big problem. Finally, another limitation of existing security defense strategies is the lack of intelligence and adaptive ability. Facing the massive network traffic and log data, the traditional manual analysis method is difficult to deal with effectively. Therefore, using big data analysis and machine learning technology for threat detection and early warning has become the future development trend. Fig. 2 shows the network security risk assessment flow chart.

Fig. 2. Network security risk assessment flowchart.

The existing security defense strategies have some limitations in dealing with the ever-changing network security threats. In order to ensure the security of cyberspace more effectively, we need to constantly update and improve the security defense strategy, strengthen technology research and development and innovation, and improve the network security awareness and coping ability of the whole society. Only in this way can we build a stronger security line under the increasingly severe network threat.

3. Technical Basis of Security Evaluation of Active Defense Network

3.1. Principle and Classification of Active Defense Technology

Active defense technology is a security strategy based on prevention. Its core idea is to take active measures to prevent attacks by identifying and predicting potential security threats. This technology breaks through the limitations of traditional passive defense and emphasizes the importance of prevention in network security. The principle of active defense technology is mainly based on the in-depth analysis of network traffic and log files. By monitoring network traffic, abnormal behaviors and potential attack patterns can be found in time. Through the analysis of log files, we can understand the security status and behavior of systems, applications and so on. Through comprehensive analysis of these data, active defense technology can find potential security threats in advance and take corresponding measures to prevent them. According to different classification standards, active defense technology can be divided into many types. A common classification method is to divide active defense technology into border defense and intranet defense according to its scope of action. Border defense mainly focuses on the security of network boundaries, and blocks known and unknown threats by deploying firewalls, intrusion detection systems and other defense devices. Intranet defense pays more attention to the security of Intranet, and protects key information and assets through monitoring, auditing, data encryption and other technologies. Another common classification method is to divide active defense technology into static defense and dynamic defense according to its technical characteristics. Static defense mainly focuses on the static security state of network system, and finds potential security problems through vulnerability scanning, configuration verification and other technologies. Dynamic defense prioritizes the agility and real-time responsiveness of network systems, leveraging technologies such as traffic analysis and behavior monitoring to promptly detect and thwart attacks. In practical scenarios, a solitary active defense technology often falls short in addressing the intricacies of modern cybersecurity threats. Consequently, it is imperative to employ a multifaceted approach, integrating diverse technologies and tools within an active defense strategy to ensure comprehensive protection. For example, combine border defense with intranet defense to achieve all-round security protection; Combine static defense with dynamic defense to realize real-time monitoring and prevention; Use big data analysis and machine learning technology for threat detection and early warning. Fig. 3 shows the active defense technology implementation flow chart.

Fig. 3. Implementation flowchart of active defense technology.

3.2. Standard and Index System of Safety Assessment

The standard of safety assessment is the basis and guidance of assessment work. These standards are usually formulated by authoritative organizations and updated with the continuous evolution of cyber security threats ^[8]. Evaluation criteria usually include the following aspects: safety requirements, safety control measures, safety incident handling and emergency response. Security requirements stipulate the basic security conditions that the network system should meet, such as authentication, access control and so on; Security control measures focus on how to implement these security controls to ensure the safe and stable operation of the network; Security incident handling and emergency response emphasize the ability of quick response and handling to security incidents.

The index system is a concrete quantitative tool for evaluation. By establishing a series of indicators, the security status of the network can be quantitatively evaluated and analyzed. These indicators usually include the following aspects: vulnerability scanning, penetration testing, log analysis, traffic analysis and so on. Vulnerability scanning and penetration testing can evaluate the vulnerability of network systems and discover potential security risks; Log analysis can monitor the running status and security events of network equipment, and find abnormal behaviors and attack patterns; Traffic analysis can monitor and analyze network traffic in real time, and find potential threats and attacks. When establishing evaluation criteria and index system, it is necessary to fully consider the actual situation and security requirements of network systems. Given the diverse security requirements and unique characteristics of each network system, the evaluation criteria and index system must be tailored and refined to suit specific conditions. Furthermore, to guarantee the precision and impartiality of the assessment process, it is crucial to adhere to established procedures and methodologies. This involves meticulously defining the scope of the assessment, devising a comprehensive assessment plan, diligently collecting and analyzing data, and ultimately, crafting a thorough and informative assessment report.

The standard and index system of security assessment is the key component of active defense network security assessment technology. By establishing a scientific and reasonable evaluation standard and index system, we can accurately evaluate the security status of the network, find potential security risks and vulnerabilities, and provide basis and support for taking corresponding measures. In practical application, it is necessary to adjust and improve the evaluation standard and index system according to the actual situation and safety requirements, so as to improve the accuracy and objectivity of the evaluation. At the same time, it is necessary to constantly explore and innovate evaluation techniques and methods to deal with the increasingly complex and changeable network security threats.

3.3. Application and Value of Big Data in Security Assessment

With the rapid development of information technology, big data is widely used in the field of network security. As an important part of active defense, security assessment combined with big data technology provides strong support for improving network security. The application of big data technology in security assessment is mainly reflected in the following aspects: First, big data technology can handle massive network traffic and log data, and through in-depth analysis of these data, abnormal behaviours and potential attack patterns can be found ^[9]. Traditional security assessment methods are often limited by the limitations of data processing ability and analysis methods, and it is difficult to identify security threats comprehensively and accurately. Big data technology, with its powerful data processing ability, can extract valuable security threat intelligence from massive data and improve the accuracy and efficiency of security assessment.

Threat Propagation Analysis Index (TCAI) and Big Data Analysis Support (BDAS) are shown in Eqs. (5) and (6).

(5)

$ TAI = \frac{1}{S} \sum_{o=1}^S w_o \cdot (n_o + c_o)^{\delta_o}, $

(6)

$ BDAS = \frac{1}{P} \sum_{l=1}^P w_l \cdot a_l^{\lambda_l} \cdot b_l^{\mu_l}. $

The formulas of Network Stability Evaluation Index (NSI) and Security Vulnerability Repair Effectiveness Evaluation Index (SVREI) are shown in Eqs. (7) and (8).

(7)

$ NSI = \frac{1}{T} \sum_{p=1}^T w_p \cdot (l_p \cdot k_p)^p. $

Security Vulnerability Repair Effectiveness Evaluation Index (SVREI)

(8)

$ SVREI = \frac{1}{M} \sum_{j=1}^M w_j \cdot \left(\frac{v_j}{s_j}\right)^{\beta_j}. $

Big data technology can monitor and analyze network traffic and log data in real time, and discover potential security risks and attacks in time. Traditional security assessment methods are often conducted offline, which is difficult to monitor and warn in real time. Big data technology, with its strong real-time characteristics, can monitor network traffic and log data in real time, find abnormal behaviors and attacks in time, and provide basis and support for taking corresponding measures. The security problem of big data is a dual challenge at the technical and social levels, which needs to be solved from multiple perspectives ^[10]. Through the analysis of historical data and current data, we can find the attacker's behavior pattern and attack trend, and then predict the future attack direction and mode. By taking preventive measures in advance, security risks and potential losses can be effectively reduced ^[11].

The incorporation of big data in security assessments significantly enhances both the accuracy and efficiency of the process, offering a more rigorous and objective foundation for crafting security defense strategies ^[12]. By delving into network traffic and log data, we gain a profound understanding of the network's security posture and the behavioral patterns of potential attackers. This invaluable insight enables the formulation of targeted defense strategies, tailored to address specific threats and vulnerabilities. Fig. 4 shows the effect analysis of active defense technology in network security evaluation.

Fig. 4. Analysis of effect of active defense technology in network security assessment.

We collected the monitoring data of network security of an enterprise in recent years, including the information of network traffic, security incidents, malware infection and so on. Then, we divide these data into two groups: one group uses traditional passive defense technology, and the other group uses active defense technology. The results of data analysis show that the passive defense technology group has successfully invaded 680 out of 1000 network attacks, and the incidence of security incidents is 68%. In the same 1000 cyber-attacks, the active defense technology group only successfully invaded 320 times, and the security incident rate was 32%. Compared with passive defense technology, active defense technology reduces the incidence of security incidents by about 46%. In the passive defense technology group, 750 malware attempts were successfully infected, and the malware infection rate was 75%. In the same 1000 malware attempts, the active defense technology group successfully infected only 250 times, and the malware infection rate was 25%. Compared with passive defense technology, active defense technology reduces malware infection rate by about 50%. Active Defense Effectiveness Evaluation Index (ADEI) can be calculated according to multiple dimensions and indicators to fully reflect the actual effect of active defense technology. The comprehensive effectiveness formulas of active defense effectiveness evaluation index and big data analysis tools are shown in Eqs. (9) and (10).

(9)

$ USI = \frac{1}{R} \sum_{n=1}^R w_n \cdot s_n^{\rho_n} \cdot f_n^{\sigma_n}, $

(10)

$ BDTEI = \sum_{l=1}^P w_l \cdot \sqrt[\lambda_l]{a_l} \cdot \sqrt[\mu_l]{b_l}. $

The application of big data in security assessment has great value and potential ^[13]. By combining with big data technology, security assessment can identify security threats more comprehensively and accurately, and improve the overall security of the network. At the same time, the application of big data technology also provides a more scientific and objective basis for the formulation of security defense strategies, which is helpful to improve the efficiency and accuracy of security defense^[14]. In the future, with the continuous development and improvement of big data technology, its application in the field of network security will be more extensive and in-depth.

4. Case analysis and Practical Experience

4.1. Analysis of Typical Cases at Home and Abroad

On a global scale, the threat of network security is becoming increasingly serious, and many organizations and enterprises are facing enormous security challenges. In order to deal with these threats, some domestic and foreign enterprises and organizations have actively explored and practiced security assessment and defense, and achieved remarkable results.

One of the typical cases in China is China Mobile Communications Corporation (China Mobile). As a leading communication operator in China, China Mobile is facing huge network security pressure ^[15]. In order to improve network security, China Mobile has taken a series of active defense measures, including establishing a perfect security evaluation system, strengthening network monitoring and early warning, and improving employees' security awareness. Through the implementation of these measures, China Mobile has effectively improved network security and reduced the occurrence of security incidents ^[16].

Bank of America, a globally renowned financial institution, recognizes the paramount importance of network security in safeguarding its business operations. To this end, the bank has implemented an array of cutting-edge security technologies and measures, encompassing data encryption, multi-factor authentication, real-time monitoring, and early warning systems. These comprehensive safeguards have proven effective in thwarting diverse cyber threats, thereby ensuring the security of customer assets and fostering trust in the bank's digital services.

In view of the above two typical cases, we can find the importance of active defense in network security. Both China Mobile and Bank of America have adopted active security defense strategies, which have effectively improved network security by establishing a perfect security evaluation system, strengthening network monitoring and early warning, and improving employees' security awareness. At the same time, there are differences in the application of safety technologies and measures. China Mobile pays more attention to improving the network security level in an all-round way, while Bank of America pays more attention to the application of advanced security technologies and measures ^[17]. The calculation formula of network stability integration index (NSII) is shown in Eq. (11).

(11)

$ NSII = \sum_{p=1}^T w_p \cdot \sqrt[p]{l_p} \cdot \sqrt[p]{k_p}. $

The User Experience Integration Index (UEII) is shown in Eq. (12)

(12)

$ UEII = \alpha \cdot BDTEI + \beta \cdot UPI + \gamma \cdot USI. $

Typical cases at home and abroad show that active defense is the key to improve network security. By establishing a perfect security assessment system, strengthening network monitoring and early warning, and improving employees' safety awareness, the network security can be effectively improved. At the same time, different organizations and enterprises should choose appropriate security technologies and measures according to their actual conditions to ensure network security ^[18]. In the future, with the continuous evolution of network security threats and the continuous updating of technologies, active defense technologies still need to be continuously explored and innovated to cope with the increasingly complex and changeable network security threats.

4.2. Establishment and Experimental Analysis of Enterprise Security Defense Strategy

Amidst the rapid evolution of network technology and the relentless push towards digital transformation, the challenge of enterprise network security has emerged as a pressing concern. To navigate the ever-shifting landscape of cyber threats, enterprises must devise and implement scientifically sound and practically effective security defense strategies, ensuring resilience and protection in the digital realm.

The establishment of enterprise security defense strategy should be based on the comprehensive evaluation of enterprise security status. First of all, it is necessary to make an in-depth analysis of enterprise network architecture, application systems and data assets to identify potential security risks and vulnerabilities. Secondly, according to the business characteristics and security needs of enterprises, the corresponding security objectives and control measures should be formulated. This includes the deployment of firewall, intrusion detection, data encryption and other technologies, as well as the implementation of security mechanisms such as access control and identity authentication ^[19]. Fig. 5 shows the proactive defense network security comparison.

Fig. 5. Comparison of active defense network security.

In the passive defense technology group, 8 of the 10 system paralysis events were successfully paralyzed, and the success rate of system paralysis was 80%. In the active defense technology group, only 2 of the 10 system paralysis events were successfully paralyzed, and the success rate of system paralysis was 20%. Compared with passive defense technology, active defense technology reduces the success rate of system paralysis by about 80%. In the passive defense technology group, 65 of the 100 data leakage incidents were successfully leaked, and the success rate of data leakage was 65%. In the same 100 data leakage incidents, the active defense technology team successfully leaked only 30 times, and the success rate of data leakage was 30%. Compared with passive defense technology, active defense technology reduces the success rate of data leakage by about 45%.

When formulating security defense strategies, the following key elements should be fully considered: First, people should improve employees' security awareness and skills and reduce human errors and internal threats; The second is data, which classifies and encrypts important data to ensure the safety of data in the process of transmission and storage; Third, partners should establish a safe supply chain relationship to ensure the security of third-party services ^[20].

When practicing security defense strategy, enterprises should pay attention to the following aspects: First, continuous monitoring and evaluation, and timely discover abnormal behaviors and potential threats by monitoring network traffic, log files and other data in real time; The second is emergency response and disposal, establishing a rapid response mechanism, and timely handling and recovery of safety incidents ^[21]; Third, regularly review and update, and regularly review and adjust security defense strategies to cope with the continuous evolution of network security threats ^[22]. Enterprises should maintain close cooperation with industry counterparts, professional institutions and government departments, share security intelligence and best practices, and jointly meet network security challenges. At the same time, increase investment in safety technology research and development and personnel training, and continuously improve the safety defense capability and technical level of enterprises.

The crafting and implementation of an enterprise security defense strategy is a meticulous and systematic endeavor. Businesses must undertake a comprehensive assessment of their security posture, crafting tailored and efficacious strategies that address their unique needs. Moreover, emphasis must be placed on nurturing employees' security awareness, strengthening data security management, and fostering strong partnerships, among other vital aspects, to ensure a holistic approach to safeguarding the enterprise ^[23]. In practice, enterprises should continue monitoring and evaluation, emergency response and disposal, regular review and update, etc., in order to cope with the continuous evolution of network security threats. At the same time, strengthening cooperation with the industry and increasing investment in technology research and development and personnel training are also the key factors to enhance the security defense capability of enterprises.

4.3. Frontier Trends and Development Trends of Security Defense Technology

With the continuous evolution of network technology, security defense technology also presents a rapid development trend. Cutting-edge security defense technologies not only cover traditional firewalls, intrusion detection and other means, but also incorporate advanced technologies such as artificial intelligence, big data analysis and cloud computing to provide enterprises with more comprehensive and intelligent security protection ^[24].

The application of artificial intelligence in the field of security and defense has become an important part of frontier dynamics. Through machine learning and deep learning technology, the security system can automatically identify and respond to unknown threats and effectively reduce security risks. For example, intrusion detection system based on artificial intelligence can extract abnormal behaviors patterns from massive data and find potential network attacks quickly and accurately. Big data analysis also provides strong support for security defense. Through the comprehensive analysis of network traffic, log files and other data, enterprises can find abnormal behaviors and potential threats in time, and improve the speed of security early warning and response. At the same time, through the mining and analysis of historical data, enterprises can predict the future security trends and attack patterns, and provide a basis for formulating more targeted defense strategies. The rapid development of cloud computing technology also brings new challenges and opportunities to security defense. Data security and privacy protection in cloud computing environment has become the focus of attention, and enterprises need to take stricter security measures to ensure data security and privacy. At the same time, with the flexible expansion and resource pooling characteristics of cloud computing, enterprises can build a more efficient and flexible security protection system to meet the changing business needs. The rapid development of Internet of Things and Industrial Internet has also brought new security challenges ^[25]. As the proliferation of connected devices expands the network's reach, enterprises are confronted with the imperative to fortify the security of Internet of Things (IoT) devices and industrial control systems. This reinforcement is crucial to mitigating the risks of production disruptions or data breaches stemming from malicious attacks targeting these vulnerable entry points. By bolstering defenses, enterprises can safeguard their operations and preserve the integrity of their data. The practical effect evaluation of active defense technology in network security evaluation is shown in Fig. 6.

By comparison, it is found that the average response time of security incidents before adopting active defense technology is 3 hours, and the average response time of serious security incidents is 5 hours ^[26]. After adopting active defense technology, the average response time of security incidents is shortened to 1 hour, and the average response time of serious security incidents is shortened to 2 hours. Compared with before, the response time is shortened by 67% and 60% respectively. Before active defense technology, the detection rate of malware was 70%. After adopting active defense technology, the detection rate of malware increased to 95%, an increase of 43%.

Fig. 6. Practical evaluation of active defense technology in network security assessment.

Fig. 7. Network security risk assessment of big data.

In the future, the development trend of security defense technology will pay more attention to intelligence, initiative and comprehensiveness. Intelligentization means that the security system can automatically identify and respond to threats and reduce manual intervention; Initiative emphasizes the safety concept of prevention first and reduces security risks through active defense technology ^[27]; Comprehensiveness requires that the security defense system cover all aspects of network, application, data, etc., and provide all-round security for enterprises ^[28]. Fig. 7 shows the network security risk assessment of big data.

Through the collection and analysis of a large amount of data, the network security status and possible risks are evaluated more comprehensively and accurately. It can be seen that the data traffic exceeding 100PB in the past three years is analyzed, and it is found that there is an obvious positive correlation between data scale and network security risks. For every 10% increase in data traffic, the risk of network attacks and threats will increase by 15%. In the past year, we have recorded more than 1 million malware attacks, 200,000 phishing attacks and 50,000 DDoS attacks. Among them, the infection rate of malware increased from 4% in the first half of the year to 6% in the second half of the year, indicating that the number of malwares is growing rapidly. Globally, North American networks suffer the most attacks, accounting for 40% of the total attacks in the world; Europe is close behind, accounting for 30% of the total attacks in the world. The networks in Asia and South America are relatively secure, accounting for only 15% and 5% of the total attacks in the world respectively.

The frontier trends and development trends of security defense technology closely focus on the application of advanced technologies such as artificial intelligence, big data analysis and cloud computing ^[29]. Enterprises must remain vigilant to the evolving trends in technology and actively engage in the exploration and adoption of cutting-edge security defense techniques. This proactive stance is essential for navigating the ever-shifting landscape of cybersecurity threats. When tackling big data security concerns, it is imperative to acknowledge the intricate interplay between technical and societal challenges, necessitating a holistic approach that considers multiple factors comprehensively ^[30].

5. Conclusion

With the rapid development of network technology, network security issues have become increasingly prominent, posing a serious threat to the stable development of enterprises and the protection of personal information. In order to address this challenge, big data-driven proactive defense network security assessment technology has emerged, providing enterprises with more comprehensive and intelligent security protection. This article analyses global cybersecurity data from the past three years, with a total data volume exceeding 100PB. It has been found that over 70% of the data involves various network security threats, such as malware, phishing attacks, and DDoS attacks. By comparing and analyzing the security event data before and after the deployment of active defense technology, it was found that active defense technology can significantly reduce the incidence of security events. Through the optimization method in this article, the occurrence rate of security incidents has been reduced by about 40%. Through real-time monitoring and threat intelligence, businesses can provide early warnings and prevent 85% of known attacks. Traditional network security assessments often relied on rule-based and signature-matching detection methods, which, while effective against known threats, proved insufficient in confronting unknown and sophisticated persistent threats. To bridge this gap, the integration of big data technology has ushered in a paradigm shift in network security assessments, empowering enterprises with enhanced capabilities to identify and mitigate emerging risks. By real-time monitoring, analysis, and mining of massive data, enterprises can fully understand the network security situation, timely identify potential threats, and take corresponding defense measures. At present, active defense network security assessment technology based on big data has achieved significant results. By comprehensively collecting and analyzing data such as network traffic, log files, and user behavior, enterprises can timely discover abnormal behaviors, potential threats, and attack patterns, providing strong support for security decision-making. The integration of machine learning and data mining technologies has further improved the accuracy and efficiency of security assessment. The active defense network security assessment technology driven by big data will develop towards a more intelligent and automated direction. Security systems based on artificial intelligence will be able to automatically identify and respond to threats, while reducing the need for manual intervention.

In future development, enterprises need to closely monitor the cutting-edge trends of technology, continuously explore innovation, strengthen cooperation and communication with the industry, and jointly address the challenges of network security. Meanwhile, establishing a sound safety management system and personnel training mechanism is also a key factor in enhancing the safety protection capabilities of enterprises. Through continuous efforts and improvements, we have the potential to achieve a safer and more reliable digital future.

Funding

This work was supported by the "Intelligent matching algorithm empowers innovative demonstration team in education -No. 23KJCXTD03."

References

Ahl A. , Yarime M. , Goto M. , Chopra S. S. , Kumar N. M. , Tanaka K. , Sagawa D. , 2020, Exploring blockchain for the energy transition: Opportunities and challenges based on a case study in Japan, Renewable and Sustainable Energy Reviews, Vol. 117, pp. 109488

Singh V. K. , Sivashankar D. , Kundan K. , Kumari S. , 2023, An efficient intrusion detection and prevention system for DDoS attack in WSN using SS-LSACNN and TCSLR, Journal of Cyber Security and Mobility, Vol. 13, No. 1, pp. 135-160

Sundarakani B. , Ajaykumar A. , Gunasekaran A. , 2021, Big data driven supply chain design and applications for blockchain: Action research using case study approach, Omega, Vol. 102, pp. 102452

Deepa N. , Pham Q. V. , Nguyen D. C. , Bhattacharya S. , Prabadevi B. , Gasekallu T. R. , Maddikunta P. K. R. , Fang F. , Pathirana P. N. , 2022, A survey on blockchain for big data: Approaches, opportunities, and future directions, Future Generation Computer Systems, Vol. 131, pp. 209-226

Mariani M. M. , Wamba S. F. , 2020, Exploring how consumer goods companies innovate in the digital age: The role of big data analytics companies, Journal of Business Research, Vol. 121, pp. 338-352

Line N. D. , Dogru T. , El-Manstrly D. , Buoye A. , Malthouse E. , Kandampully J. , 2020, Control, use and ownership of big data: A reciprocal view of customer big data value in the hospitality and tourism industry, Tourism Management, Vol. 80, pp. 104106

Abkenar S. B. , Kashani M. H. , Mahdipour E. , Jameii S. M. , 2021, Big data analytics meets social media: A systematic review of techniques, open issues, and future directions, Telematics and Informatics, Vol. 57, pp. 101517

Wiener M. , Saunders C. , Marabelli M. , 2020, Big-data business models: A critical literature review and multiperspective research framework, Journal of Information Technology, Vol. 35, No. 1, pp. 66-91

Bragazzi N. L. , Dai H. , Damiani G. , Behzadifar M. , Martini M. , Wu J. , 2020, How big data and artificial intelligence can help better manage the COVID-19 pandemic, International Journal of Environmental Research and Public Health, Vol. 17, No. 9, pp. 3176

Lu Y. , 2023, Security and privacy of Internet of Things: A review of challenges and solutions, JCSANDM, Vol. 12, No. 6, pp. 813-844

Bresciani S. , Ciampi F. , Meli F. , Ferraris A. , 2021, Using big data for co-innovation processes: Mapping the field of data-driven innovation, proposing theoretical developments and providing a research agenda, International Journal of Information Management, Vol. 60, pp. 102347

Marinakis V. , 2020, Big data for energy management and energy-efficient buildings, Energies, Vol. 13, No. 7, pp. 1555

Banerjee A. , Chakraborty C. , Kumar A. , Biswas D. , 2020, Emerging trends in IoT and big data analytics for biomedical and health care technologies, Handbook of Data Science Approaches for Biomedical Engineering, pp. 121-152

Liu J. , 2022, China's data localization, China's Globalizing Internet, pp. 83-102

Teng S. , Khong K. W. , 2021, Examining actual consumer usage of E-wallet: A case study of big data analytics, Computers in Human Behavior, Vol. 121, pp. 106778

Aho B. , Duffield R. , 2020, Beyond surveillance capitalism: Privacy, regulation and big data in Europe and China, Economy and Society, Vol. 49, No. 2, pp. 187-212

Gupta R. , Tanwar S. , Tyagi S. , Kumar N. , 2020, Machine learning models for secure data analytics: A taxonomy and threat model, Computer Communications, Vol. 153, pp. 406-440

Chen P. T. , Lin C. L. , Wu W. N. , 2020, Big data management in healthcare: Adoption challenges and implications, International Journal of Information Management, Vol. 53, pp. 102078

Tariq N. , Asim M. , Al-Obeidat F. , Farooqi M. Z. , Baker T. , Hammoudeh M. , Ghafir I. , 2019, The security of big data in fog-enabled IoT applications including blockchain: A survey, Sensors, Vol. 19, No. 8, pp. 1788

Ullah Z. , Al-Turjman F. , Mostarda L. , Gagliardi R. , 2020, Applications of artificial intelligence and machine learning in smart cities, Computer Communications, Vol. 154, pp. 313-323

Saranya T. , Sridevi S. , Deisy C. , Chung T. D. , Khan M. K. A. A. , 2020, Performance analysis of machine learning algorithms in intrusion detection system: A review, Procedia Computer Science, Vol. 171, pp. 1251-1260

Bhuiyan M. N. , Rahman M. M. , Billah M. M. , Saha D. , 2021, Internet of things (IoT): A review of its enabling technologies in healthcare applications, standards protocols, security, and market opportunities, IEEE Internet of Things Journal, Vol. 8, No. 13, pp. 10474-10498

Sarker I. H. , Abushark Y. B. , Alsolami F. , Khan A. I. , 2020, Intrudtree: a machine learning based cyber security intrusion detection model, Symmetry, Vol. 12, No. 5, pp. 754

Shamim S. , Zeng J. , Khan Z. , Zia N. U. , 2020, Big data analytics capability and decision making performance in emerging market firms: The role of contractual and relational governance mechanisms, Technological Forecasting and Social Change, Vol. 161, pp. 120315

Fischer C. , Pardos Z. A. , Baker R. S. , Williams J. J. , Smyth P. , Yu R. , Slater S. , Baker R. , Warschauer M. , 2020, Mining big data in education: Affordances and challenges, Review of Research in Education, Vol. 44, No. 1, pp. 130-160

Sengupta S. , Chowdhary A. , Sabur A. , Alshamrani A. , Huang D. , Kambhampati S. , 2020, A survey of moving target defenses for network security, IEEE Communications Surveys & Tutorials, Vol. 22, No. 3, pp. 1909-1941

Gunduz M. Z. , Das R. , 2020, Cyber-security on smart grid: Threats and potential solutions, Computer Networks, Vol. 169, pp. 107094

Guo H. , Li J. , Liu J. , Tian N. , Kato N. , 2021, A survey on space-air-ground-sea integrated network security in 6G, IEEE Communications Surveys & Tutorials, Vol. 24, No. 1, pp. 53-87

Ahmad T. , Zhang D. , Huang C. , Zhang H. , Dai N. , Song Y. , Chen H. , 2021, Artificial intelligence in sustainable energy industry: Status quo, challenges and opportunities, Journal of Cleaner Production, Vol. 289, pp. 125834

Gavenaite-Sirvydiene J. , Miecinskiene A. , 2023, The assessment of cyber security's significance in the financial sector of Lithuania, Journal of Cyber Security and Mobility, Vol. 12, No. 4, pp. 497-518

Yunhong Guo

Yunhong Guo obtained a bachelor of science degree from Henan Normal University in 1997, and a master of engineering degree from Beijing University of Posts and Telecommunications in 2006, currently serves as an associate professor in the Railway Engineering School of Zhengzhou Railway Vocational and Technical College. His research fields and directions include computer application technology, network and security, project management and engineering applications.

Shihao Zhang

Shihao Zhang obtained a bachelor's degree in engineering from Liaoning University of Science and Technology in 2016, and a master of engineering degree in engineering from Chang'an University in 2019, currently works as an assistant teacher in the Railway Engineering School of Zhengzhou Railway Vocational and Technical College. His research fields and directions include subgrade and pavement, road disaster prediction and treatment, and new materials for construction engineering.