[1]CHANG Liwei,TIAN Xiaoxiong,ZHANG Yuqing,et al.Network security situation assessment architecture based on multi-source heterogeneous data fusion[J].CAAI Transactions on Intelligent Systems,2021,16(1):38-47.[doi:10.11992/tis.202006053]
Copy

Network security situation assessment architecture based on multi-source heterogeneous data fusion

CAAI Transactions on Intelligent Systems[ISSN 1673-4785/CN 23-1538/TP] Volume: 16 Number of periods: 2021 1 Page number: 38-47 Column: 学术论文—机器学习 Public date: 2021-01-05
Title:
Network security situation assessment architecture based on multi-source heterogeneous data fusion
Author(s):
CHANG Liwei12 TIAN Xiaoxiong1 ZHANG Yuqing1 QIAN Yuhua2 HU Zhiguo2
1. College of Information, Shanxi University of Finance and Economics, Taiyuan 030006, China;
2. Institute of Big Data Science and Industry, Shanxi University, Taiyuan 030006, China
Keywords:
network securitynetwork security situation assessmentdata fusionhierarchical analysis methodnetwork attacksthreat quantificationdetection and evaluation
CLC:
TP393
DOI:
10.11992/tis.202006053
Abstract:
Because it is difficult to detect malicious network activity precisely and analyze the network situation effectively based only on the single point network data, in this paper, we propose a network security situation assessment architecture consisting of five modules: a traffic detection module, attribute extraction module, decision engine module, multi-source fusion module, and situation assessment module based on the strategy of multi-source heterogeneous data fusion and the idea of hierarchical network security assessment. In this assessment architecture, a BP neural network is used as the decision engine to analyze the multi-source heterogeneous data, the exponential weighting D-S evidence theory is used to merge the output of multiple decision engines, and the threat status of the network is exhibited by referring to the hierarchical network security threat assessment method. The experimental results demonstrate that first, the data from different detectors have different advantages for identifying different types of attacks; second, the multi-source fusion technology can further improve the accuracy of identifying attacks, which is up to 88.7%; and third, the hierarchical network analysis method can exactly exhibit the threat status of network effectivity.
References:
[1] ENDSLEY MR. Toward a theory of situation awareness in dynamic system[J]. Human factors:the journal of the human factors and ergonomics society, 1995, 37(1):32-6.
[2] BASS T. Intrusion detection systems and multisensor data fusion[J]. Communications of the ACM, 2000, 43(4):99-105.
[3] 陈继军. 多传感器管理及信息融合[D]. 西安:西北工业大学, 2002, 49-55.
CHEN Jijun. Multi-Sensor administration and information fusion[D]. Xi’an:Northwestern Polytechnical University, 2002:49-55.
[4] 诸葛建伟, 王大为, 陈昱, 等. 基于D-S证据理论的网络异常检测方法[J]. 软件学报, 2006, 17(3):463-471
ZHUGE Jianwei, WANG Dawei, CHEN Yu, et al. A network anomaly detector based on the D-S evidence theory[J]. Journal of software, 2006, 17(3):463-471
[5] 陈秀真, 郑庆华, 管晓宏, 等. 层次化网络安全威胁态势量化评估方法[J]. 软件学报, 2006, 17(4):885-897
CHEN Xiuzhen, ZHENG Qinghua, GUAN Xiaohong, et al. A network anomaly detector based on the D-S evidence theory[J]. Journal of software, 2006, 17(4):885-897
[6] 马琳茹, 杨林, 王建新. 多源异构安全信息融合关联技术研究系[J]. 系统仿真学报, 2008, 20(4):981-989
MA Linru, YANG Lin, WANG Jianxin. Research on security information fusion from multiple heterogeneous sensors[J]. Journal of system simulation, 2008, 20(4):981-989
[7] 韦勇, 连一峰, 冯登国. 基于信息融合的网络安全态势评估模型[J]. 计算机研究与发展, 2009, 46(3):353-362
WEI Yong, LIAN Yifeng, FENG Dengguo. A network security situational awareness model based on information fusion[J]. Journal of computer research and development, 2009, 46(3):353-362
[8] 刘效武, 王慧强, 吕宏武, 等. 网络安全态势认知融合感控模型[J]. 软件学报, 2016, 27(8):2099-2114
LIU Xiaowu, WANG Huiqiang, LU Hongwu, et al. Fusion-based cognitive awareness-control model for network security situation[J]. Journal of software, 2016, 27(8):2099-2114
[9] WANG Huan, CHEN Zhanfang, FENG Xin, et al. Research on network security situation assessment and quantification method based on analytic hierarchy process[J]. Wireless personal communications, 2018, 102(2):1401-1420.
[10] 龚俭, 臧小冬, 苏琪, 等. 网络安全态势感知综述[J]. 软件学报, 2017, 28(4):1010-1026
GONG Jian, ZANG Xiaodong, SU Qi, et al. Survey of network security situation awareness[J]. Journal of software, 2017, 28(4):1010-1026
[11] ZHAO Dongmei, LIU Jinxing. Study on network security situation awareness based on particle swarm optimization algorithm[J]. Computers and industrial engineering, 2018, 125:764-775.
[12] 陈维鹏, 敖志刚, 郭杰, 等. 基于改进的BP神经网络的网络空间态势感知系统安全评估[J]. 计算机科学, 2018, 45(11A):345-347, 341
CHEN Weipeng, AO Zhigang, GUO Jie, et al. Research on cyberspace situation awareness security assessment based on improved BP neural network[J]. Computer science, 2018, 45(11A):345-347, 341
[13] 贾焰, 韩伟红, 杨行. 网络安全态势感知研究现状与发展趋势[J]. 广州大学学报(自然科学版), 2019, 18(3):1-10
JIA Yan, HAN Weihong, YANG Xing. Summary of network security situation assessment[J]. Journal of Guangzhou University (natural science edition), 2019, 18(3):1-10
[14] XI Rongrong, YUN Xiaochun, HAO Zhiyu. Framework for risk assessment in cyber situational awareness[J]. Iet information security, 2019, 13(2):149-156.
[15] ZHENG Weifa. Research on situation awareness of network security assessment based on dempster-shafer[C]//2019 International Conference on Computer Science Communication and Network Security. France:Edition Diffusion Press Sciences, 2020:131-136.
[16] MOUSTAFA N, SLAY J. UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]//Proceedings of 2015 Military Communications and Information Systems Conference. Canberra, Australia:IEEE, 2015:1-6.
[17] MOUSTAFA N, SLAY J. The evaluation of network anomaly detection systems:statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information security journal:a global perspective, 2016, 25(1/2/3):18-31.
[18] MOUSTAFA N, SLAY J, CREECH G. Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks[J]. IEEE transactions on big data, 2019, 5(4):481-494.
[19] MOUSTAFA N, CREECH G, SLAY J. Big data analytics for intrusion detection system:statistical decision-making using finite dirichlet mixture models[M]. CARRASCOSA I P, KALUTARAGE H K, HUANG Yan. Data Analytics and Decision Support for Cybersecurity. Cham:Springer, 2017:127-156.
[20] 甘文道, 周城, 宋波. 基于RAN-RBF神经网络的网络安全态势预测模型[J]. 计算机科学, 2016,43 (11A):388-392
GAN Wendao, ZHOU Cheng, SONG Bo. Network security situation prediction model based on RAN-RBF neural network[J]. Computer science, 2016,43 (11A):388-392
[21] HECHT-NIELSEN R. Theory of the backpropagation neural network[C]//Proceedings of the International 1989 Joint Conference on Neural Networks. Washington, USA:IEEE, 1989:593-605.
Similar References:

Memo

-

Last Update: 2021-02-25

Copyright © CAAI Transactions on Intelligent Systems