Situation awareness analysis for cyberspace security (SAACS) is a basic premise of cyber security. SAACS refers to the acquisition, understanding, and display of security elements that cause a change of network situation in the network environment, and the postponement prediction of the development trends of the cyber security situation, so as to decide what countermeasures to take.

In recent years, SAACS has become the subject of increasing research in the field of cyber security, as it can synthesize all aspects of security factors, dynamically reflect the cyber security situation as a whole, and predict and early warn the development trends of a security situation, and so is able to provide a reliable reference to enhance cyber security. However, with the increasing complexity and scale of network information systems, SAACS technology faces many new challenges. The heterogeneity and multi-source nature of a situation’s data make difficult the collection, processing, and fusion of the data. It also becomes increasingly difficult to mine the intelligence knowledge and identify the security threat in the face of encrypted traffic, malware variants, and advanced persistent threat (APT) attacks. In addition, the assessment and prediction of large-scale security situations is in need of more efficient theories and methods. The best way to offer an optimal reaction in terms of countermeasures against cyber attacks in an automated and intellectualized way is also a long-standing open issue.

This Special Issue will focus on state-of-the-art theories, methods, and technologies in SAACS, particularly with advances in research paradigms based on artificial intelligence, machine learning, and deep learning. We welcome both original research and review articles.

Potential topics include but are not limited to the following:

• Modeling situation awareness analysis for cyberspace security
• Construction and reasoning of cyber security knowledge graphs
• Malicious behavior detection
• Malicious traffic analysis
• Malicious code analysis
• APT attack analysis
• Tracing sources of cyber attacks
• Intelligent automated intrusion responses
• Data mining for cyberspace security
• Development tendencies of cyberspace security situations
• Network security assessment indexes
• Situation data acquisition, understanding, analysis, and prediction