[1]常利伟,田晓雄,张宇青,等.基于多源异构数据融合的网络安全态势评估体系[J].智能系统学报,2021,16(1):38-47.[doi:10.11992/tis.202006053]
CHANG Liwei,TIAN Xiaoxiong,ZHANG Yuqing,et al.Network security situation assessment architecture based on multi-source heterogeneous data fusion[J].CAAI Transactions on Intelligent Systems,2021,16(1):38-47.[doi:10.11992/tis.202006053]
点击复制
CHANG Liwei,TIAN Xiaoxiong,ZHANG Yuqing,et al.Network security situation assessment architecture based on multi-source heterogeneous data fusion[J].CAAI Transactions on Intelligent Systems,2021,16(1):38-47.[doi:10.11992/tis.202006053]
基于多源异构数据融合的网络安全态势评估体系
《智能系统学报》[ISSN 1673-4785/CN 23-1538/TP] 卷:
16
期数:
2021年第1期
页码:
38-47
栏目:
学术论文—机器学习
出版日期:
2021-01-05
- Title:
- Network security situation assessment architecture based on multi-source heterogeneous data fusion
- Keywords:
- network security; network security situation assessment; data fusion; hierarchical analysis method; network attacks; threat quantification; detection and evaluation
- 分类号:
- TP393
- 摘要:
- 针对基于单点网络数据很难准确地检测网络恶意活动且无法有效地分析网络状况的问题,本文通过引入多源异构数据融合策略,借鉴层次化网络分析思想,构建出包含流量探测模块、属性提炼模块、决策引擎模块、多源融合模块、态势评估模块等五大模块的网络安全态势评估体系。评估体系以BP神经网络为决策引擎分析各数据源的数据,使用指数加权D-S证据理论融合各决策引擎的输出结果,并基于层次化网络威胁评估方法评估网络威胁状况。实验结果表明:不同探测器探测到的数据对于识别不同类型攻击的优势不同;多源融合技术进一步将识别攻击类型的准确率提升到88.7%;层次化网络威胁评估方法能够有效地评估网络威胁状况。
- Abstract:
- Because it is difficult to detect malicious network activity precisely and analyze the network situation effectively based only on the single point network data, in this paper, we propose a network security situation assessment architecture consisting of five modules: a traffic detection module, attribute extraction module, decision engine module, multi-source fusion module, and situation assessment module based on the strategy of multi-source heterogeneous data fusion and the idea of hierarchical network security assessment. In this assessment architecture, a BP neural network is used as the decision engine to analyze the multi-source heterogeneous data, the exponential weighting D-S evidence theory is used to merge the output of multiple decision engines, and the threat status of the network is exhibited by referring to the hierarchical network security threat assessment method. The experimental results demonstrate that first, the data from different detectors have different advantages for identifying different types of attacks; second, the multi-source fusion technology can further improve the accuracy of identifying attacks, which is up to 88.7%; and third, the hierarchical network analysis method can exactly exhibit the threat status of network effectivity.
- 参考文献/References:
-
[1] ENDSLEY MR. Toward a theory of situation awareness in dynamic system[J]. Human factors:the journal of the human factors and ergonomics society, 1995, 37(1):32-6.
[2] BASS T. Intrusion detection systems and multisensor data fusion[J]. Communications of the ACM, 2000, 43(4):99-105.
[3] 陈继军. 多传感器管理及信息融合[D]. 西安:西北工业大学, 2002, 49-55.
CHEN Jijun. Multi-Sensor administration and information fusion[D]. Xi’an:Northwestern Polytechnical University, 2002:49-55.
[4] 诸葛建伟, 王大为, 陈昱, 等. 基于D-S证据理论的网络异常检测方法[J]. 软件学报, 2006, 17(3):463-471
ZHUGE Jianwei, WANG Dawei, CHEN Yu, et al. A network anomaly detector based on the D-S evidence theory[J]. Journal of software, 2006, 17(3):463-471
[5] 陈秀真, 郑庆华, 管晓宏, 等. 层次化网络安全威胁态势量化评估方法[J]. 软件学报, 2006, 17(4):885-897
CHEN Xiuzhen, ZHENG Qinghua, GUAN Xiaohong, et al. A network anomaly detector based on the D-S evidence theory[J]. Journal of software, 2006, 17(4):885-897
[6] 马琳茹, 杨林, 王建新. 多源异构安全信息融合关联技术研究系[J]. 系统仿真学报, 2008, 20(4):981-989
MA Linru, YANG Lin, WANG Jianxin. Research on security information fusion from multiple heterogeneous sensors[J]. Journal of system simulation, 2008, 20(4):981-989
[7] 韦勇, 连一峰, 冯登国. 基于信息融合的网络安全态势评估模型[J]. 计算机研究与发展, 2009, 46(3):353-362
WEI Yong, LIAN Yifeng, FENG Dengguo. A network security situational awareness model based on information fusion[J]. Journal of computer research and development, 2009, 46(3):353-362
[8] 刘效武, 王慧强, 吕宏武, 等. 网络安全态势认知融合感控模型[J]. 软件学报, 2016, 27(8):2099-2114
LIU Xiaowu, WANG Huiqiang, LU Hongwu, et al. Fusion-based cognitive awareness-control model for network security situation[J]. Journal of software, 2016, 27(8):2099-2114
[9] WANG Huan, CHEN Zhanfang, FENG Xin, et al. Research on network security situation assessment and quantification method based on analytic hierarchy process[J]. Wireless personal communications, 2018, 102(2):1401-1420.
[10] 龚俭, 臧小冬, 苏琪, 等. 网络安全态势感知综述[J]. 软件学报, 2017, 28(4):1010-1026
GONG Jian, ZANG Xiaodong, SU Qi, et al. Survey of network security situation awareness[J]. Journal of software, 2017, 28(4):1010-1026
[11] ZHAO Dongmei, LIU Jinxing. Study on network security situation awareness based on particle swarm optimization algorithm[J]. Computers and industrial engineering, 2018, 125:764-775.
[12] 陈维鹏, 敖志刚, 郭杰, 等. 基于改进的BP神经网络的网络空间态势感知系统安全评估[J]. 计算机科学, 2018, 45(11A):345-347, 341
CHEN Weipeng, AO Zhigang, GUO Jie, et al. Research on cyberspace situation awareness security assessment based on improved BP neural network[J]. Computer science, 2018, 45(11A):345-347, 341
[13] 贾焰, 韩伟红, 杨行. 网络安全态势感知研究现状与发展趋势[J]. 广州大学学报(自然科学版), 2019, 18(3):1-10
JIA Yan, HAN Weihong, YANG Xing. Summary of network security situation assessment[J]. Journal of Guangzhou University (natural science edition), 2019, 18(3):1-10
[14] XI Rongrong, YUN Xiaochun, HAO Zhiyu. Framework for risk assessment in cyber situational awareness[J]. Iet information security, 2019, 13(2):149-156.
[15] ZHENG Weifa. Research on situation awareness of network security assessment based on dempster-shafer[C]//2019 International Conference on Computer Science Communication and Network Security. France:Edition Diffusion Press Sciences, 2020:131-136.
[16] MOUSTAFA N, SLAY J. UNSW-NB15:a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]//Proceedings of 2015 Military Communications and Information Systems Conference. Canberra, Australia:IEEE, 2015:1-6.
[17] MOUSTAFA N, SLAY J. The evaluation of network anomaly detection systems:statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set[J]. Information security journal:a global perspective, 2016, 25(1/2/3):18-31.
[18] MOUSTAFA N, SLAY J, CREECH G. Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks[J]. IEEE transactions on big data, 2019, 5(4):481-494.
[19] MOUSTAFA N, CREECH G, SLAY J. Big data analytics for intrusion detection system:statistical decision-making using finite dirichlet mixture models[M]. CARRASCOSA I P, KALUTARAGE H K, HUANG Yan. Data Analytics and Decision Support for Cybersecurity. Cham:Springer, 2017:127-156.
[20] 甘文道, 周城, 宋波. 基于RAN-RBF神经网络的网络安全态势预测模型[J]. 计算机科学, 2016,43 (11A):388-392
GAN Wendao, ZHOU Cheng, SONG Bo. Network security situation prediction model based on RAN-RBF neural network[J]. Computer science, 2016,43 (11A):388-392
[21] HECHT-NIELSEN R. Theory of the backpropagation neural network[C]//Proceedings of the International 1989 Joint Conference on Neural Networks. Washington, USA:IEEE, 1989:593-605.
- 相似文献/References:
-
[1]秦娅,申国伟,余红星.基于Hadoop的大规模网络安全实体识别方法[J].智能系统学报,2019,14(5):1017.[doi:10.11992/tis.201809024]
QIN Ya,SHEN Guowei,YU Hongxing.Large-scale network security entity recognition method based on Hadoop[J].CAAI Transactions on Intelligent Systems,2019,14():1017.[doi:10.11992/tis.201809024]
[2]丁俐夫,颜钢锋.多智能体系统安全性问题及防御机制综述[J].智能系统学报,2020,15(3):425.[doi:10.11992/tis.201812015]
DING Lifu,YAN Gangfeng.A survey of the security issues and defense mechanisms of multi-agent systems[J].CAAI Transactions on Intelligent Systems,2020,15():425.[doi:10.11992/tis.201812015]
备注/Memo
收稿日期:2020-06-30。
基金项目:山西省自然科学基金项目(201801D221159);山西省高等学校科技创新项目(2019L0470);山西省重点研发项目(201903D421003)
作者简介:常利伟,副教授,中国计算机学会会员、中国密码学会会员、山西省区块链研究会理事,主要研究方向为密码算法、网络安全态势感知、量子保密通信和区块链。参与国家级项目4项,主持山西省科研及教研项目3项,获山西省教学成果一等奖1项。发表学 术论文近20篇;田晓雄,硕士研究生,主要研究方向为网络安全和信息融合;张宇青,硕士研究生,主要研究方向为网络安全与模式识别
通讯作者:常利伟. E-mail:changliwei002@163.com
更新日期/Last Update:
2021-02-25