Network attacks include one-to-one attacks, one-to-many attacks, and many-to-one attacks. Existing network security methods suffer from high false positives, difficulty in detecting highly complex attacks, and the inability to adapt for detecting new types of attacks. Moreover, existing methods often perform attack identification in a passive manner by using only available alerts instead of actively seeking and prioritizing the most useful alerts to mitigate. Another aspect that is lacking with current methods is the inability to provide effective mitigation of network threats, predicting future attacks, and resolving multiple simultaneous attacks. For current methods, the recommendation of mitigation is usually provided in an ad hoc and heuristic manner, often independent of the situation awareness (SA) process, the user, or the importance of the network for operational considerations.