计算机科学 ›› 2019, Vol. 46 ›› Issue (5): 116-121.doi: 10.11896/j.issn.1002-137X.2019.05.018
付泽强, 王晓锋, 孔军
FU Ze-qiang, WANG Xiao-feng, KONG Jun
摘要: 在网络安全防御体系中,入侵检测系统会实时产生海量冗余、错误的网络安全告警信息,因此有必要对告警信息的关联规则和序列模式进行频繁项模式挖掘,分辨正常的行为模式,筛选出真正的攻击信息。相对于Apriori和FP-growth等算法,COFI-tree算法虽然具有较大的性能优势,但仍无法满足大规模网络安全信息快速分析的需求。为此,基于COFI-tree算法,提出了一种改进的网络安全告警信息关联分析算法。该算法通过基于倒序链表的头表节点寻址方式和基于新的SD结构的频繁项处理方法,提升了COFI-tree算法的性能。基于Kddcup99数据集的实验结果表明,与传统的Cofi算法相比,该方法在基本保证准确率的同时,能大量降低计算开销,使处理时间平均缩短21%以上,解决了在海量网络告警信息下进行关联分析时速率不高的问题。
中图分类号:
[1]LIU X R,LI B S,CHANGA N Q,et al.The Current Network Security Situation and Emergency Network Response.Engineering Sciences,2016,18(6):83-87.(in Chinese)刘欣然,李柏松,常安琪,等.当前网络安全形势与应急响应[J].中国工程科学,2016,18(6):83-87. [2]HOFMANN A,SICK B.Online intrusion alert aggregation with generative data stream modeling[J].IEEE Transactions on Dependable and Secure Computing,2011,8(2):282-294. [3]GANAPATHI REDDY K L,SDNIVAS K.GDS an efficient approach for online intrusion alert aggregation[J].International Journal of Computer Application,2012,2(1):13-139. [4]单莘.一种网络告警的增量式情景规则挖掘方法[C]∥中国通信学会学术年会.2008. [5]TIAN Z H,ZHANG Y Z,ZHANG W Z.An Adaptive Alert Correlation Method Based on Pattern Mining and Clustering Analysis[J].Journal of Computer Research and Development,2009,46(8):1304-1315.(in Chinese)田志宏,张永铮,张伟哲.基于模式挖掘和聚类分析的自适应告警关联[J].计算机研究与发展,2009,46(8):1304-1315. [6]ZHENG Z Y,LIU Y.High performance information filteringsystem for large-scale alarm data[J].Computer Engineering and Design,2014,35(2):436-439.(in Chinese)郑哲渊,刘渊.面向大规模告警数据的高性能信息筛选系统 [J].计算机工程与设计,2014,35(2):436-439. [7]YIN Z H,ZHANG D P,TAN M,et al.Improved Algorithm for Efficiently Mining Maximum Frequent Itemsets Based on Frequent Pattern Tree[J].Journal of University of Jinan(Science and Technology),2017,31(2):111-117.(in Chinese)尹治华,张大鹏,谭明,等.一种改进的基于FP-Tree的高效挖掘最大频繁项目集算法[J].济南大学学报(自然科学版),2017,31(2):111-117. [8]LIU L J.Research and application of improved Apriorialgorithm[J].Computer Engineering and Design,2017,38(12):3324-3328.(in Chinese)刘丽娟.改进的Apriori算法的研究及应用[J].计算机工程与设计,2017,38(12):3324-3328. [9]MIAO S Q,ZHENG X S.Research and Implementation of Association Analysis[J].Intelligent Computer and Applications,2018,8(2):138-139.(in Chinese)苗世强,郑晓势.关联分类算法的研究与实现[J].智能计算机与应用,2018,8(2):138-139. [10]PASQUIER N,BASTIDE Y,TAOUIL R,et al.Discovering frequent closed itemsets for association rules[J].Lecture Notes in Computer Science,1999,1540:398-416. [11]NIU X Z,SHE K.Mining Maximal Frequent Item Sets with Improved Algorithm of FPMAX[J].Computer Science,2013,40(12):223-227.(in Chinese)牛新征,余堃.基于FPMAX的最大频繁项目集挖掘改进算法[J].计算机科学,2013,40(12):223-227. [12]WA′EL H,ABURUB F,ALHAWARI S.A new fast associative classification algorithm for detecting phishing websites[J].Applied Soft Computing,2016,48:729-734. [13]WANG J M,YUAN W.Improved FP-Growth algorithm based on node table[J].Computer Engineering and Design,2018,39(1):140-145.(in Chinese)王建明,袁伟.基于节点表的FP-Growth算法改进[J].计算机工程与设计,2018,39(1):140-145. [14]SHRIVASTAVA V K,KUMAR P,PARDASANI K R.Fp-tree and cofi based approach for mining of multiple level association tules in large databases[J].International Journal of Computer Science & Information Security,2010,7(2):248-225. [15]WANG L,FAN X J,LIU X L,et al.Mining data associationbased on a revised FP-growth algorithm[C]∥International Conference on Machine Learning and Cybernetics.IEEE,2012:91-95. [16]NGUYEN T,HA Q T.Novel Operations for FP-Tree DataStructure and Their Applications[M].Cham:Springer,2014. [17]TANG W,MA J,ZENG G P.Analysis of Sample Database for Intelligence Intrusion Detection Evaluation[J].Journal of South-Central University for Nationalities(Natural Science Edition),2010,29(2):84-87.(in Chinese)唐菀,马杰,曾广平.评测智能化入侵检测方法的样本库分析[J].中南民族大学学报(自然科学版),2010,29(2):84-87. [18]ZHANG X Y,ZENG H S,JIA L.Research of intrusion detection system dataset-KDD CUP99[J].Computer Engineering and Design,2010,31(22):4809-4812.(in Chinese)张新有,曾华燊,贾磊.入侵检测数据集 KDD CUP99 研究[J].计算机工程与设计,2010,31(22):4809-4812. LI F W,ZHENG B,ZHU J,et al.A method of network security situation prediction based on AC-RBF neural network.Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition),2014,26(5):576-581.(in Chinses)李方伟,郑波,朱江,等.一种基于AC-RBF神经网络的网络安全态势预测方法.重庆邮电大学学报(自然科学版),2014,26(5):576-581. |
[1] | 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠. 基于战术关联的网络安全风险评估框架 Network Security Risk Assessment Framework Based on Tactical Correlation 计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171 |
[2] | 王磊, 李晓宇. 基于随机洋葱路由的LBS移动隐私保护方案 LBS Mobile Privacy Protection Scheme Based on Random Onion Routing 计算机科学, 2022, 49(9): 347-354. https://doi.org/10.11896/jsjkx.210800077 |
[3] | 黎嵘繁, 钟婷, 吴劲, 周帆, 匡平. 基于时空注意力克里金的边坡形变数据插值方法 Spatio-Temporal Attention-based Kriging for Land Deformation Data Interpolation 计算机科学, 2022, 49(8): 33-39. https://doi.org/10.11896/jsjkx.210600161 |
[4] | 赵冬梅, 吴亚星, 张红斌. 基于IPSO-BiLSTM的网络安全态势预测 Network Security Situation Prediction Based on IPSO-BiLSTM 计算机科学, 2022, 49(7): 357-362. https://doi.org/10.11896/jsjkx.210900103 |
[5] | 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏. 基于网络媒体的非线性动力学信息传播模型 Nonlinear Dynamics Information Dissemination Model Based on Network Media 计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043 |
[6] | 陶礼靖, 邱菡, 朱俊虎, 李航天. 面向网络安全训练评估的受训者行为描述模型 Model for the Description of Trainee Behavior for Cyber Security Exercises Assessment 计算机科学, 2022, 49(6A): 480-484. https://doi.org/10.11896/jsjkx.210800048 |
[7] | 邓凯, 杨频, 李益洲, 杨星, 曾凡瑞, 张振毓. 一种可快速迁移的领域知识图谱构建方法 Fast and Transmissible Domain Knowledge Graph Construction Method 计算机科学, 2022, 49(6A): 100-108. https://doi.org/10.11896/jsjkx.210900018 |
[8] | 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳. 基于进化神经网络的电力信息网安全态势量化方法 Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network 计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151 |
[9] | 么晓明, 丁世昌, 赵涛, 黄宏, 罗家德, 傅晓明. 大数据驱动的社会经济地位分析研究综述 Big Data-driven Based Socioeconomic Status Analysis:A Survey 计算机科学, 2022, 49(4): 80-87. https://doi.org/10.11896/jsjkx.211100014 |
[10] | 孔钰婷, 谭富祥, 赵鑫, 张正航, 白璐, 钱育蓉. 基于差分隐私的K-means算法优化研究综述 Review of K-means Algorithm Optimization Based on Differential Privacy 计算机科学, 2022, 49(2): 162-173. https://doi.org/10.11896/jsjkx.201200008 |
[11] | 马董, 李新源, 陈红梅, 肖清. 星型高影响的空间co-location模式挖掘 Mining Spatial co-location Patterns with Star High Influence 计算机科学, 2022, 49(1): 166-174. https://doi.org/10.11896/jsjkx.201000186 |
[12] | 张亚迪, 孙悦, 刘锋, 朱二周. 结合密度参数与中心替换的改进K-means算法及新聚类有效性指标研究 Study on Density Parameter and Center-Replacement Combined K-means and New Clustering Validity Index 计算机科学, 2022, 49(1): 121-132. https://doi.org/10.11896/jsjkx.201100148 |
[13] | 李思颖, 徐杨, 王欣, 赵若成. 基于关联分析的铁路旅客同行预测方法 Railway Passenger Co-travel Prediction Based on Association Analysis 计算机科学, 2021, 48(9): 95-102. https://doi.org/10.11896/jsjkx.200700097 |
[14] | 张师鹏, 李永忠. 基于降噪自编码器和三支决策的入侵检测方法 Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions 计算机科学, 2021, 48(9): 345-351. https://doi.org/10.11896/jsjkx.200500059 |
[15] | 孙林, 平国楼, 叶晓俊. 基于本地化差分隐私的键值数据关联分析 Correlation Analysis for Key-Value Data with Local Differential Privacy 计算机科学, 2021, 48(8): 278-283. https://doi.org/10.11896/jsjkx.201200122 |
|