计算机科学 ›› 2019, Vol. 46 ›› Issue (10): 161-166.doi: 10.11896/jsjkx.180901820

• 信息安全 • 上一篇    下一篇

基于NAWL-ILSTM的网络安全态势预测方法

朱江, 陈森   

  1. (重庆邮电大学通信与信息工程学院移动通信技术重庆市重点实验室 重庆400065)
  • 收稿日期:2018-09-28 修回日期:2019-02-13 出版日期:2019-10-15 发布日期:2019-10-21
  • 作者简介:朱江(1977-),男,博士,副教授,主要研究方向为通信理论与技术、信息安全技术等;陈森(1994-),男,硕士生,主要研究方向为网络安全态势感知,E-mail:1198534370@qq.com。
  • 基金资助:
    本文受国家自然科学基金资助项目(61271260,61301122),重庆市科委自然科学基金项目(cstc2015jcyjA40050)资助。

Network Security Situation Prediction Method Based on NAWL-ILSTM

ZHU Jiang, CHEN Sen   

  1. (Chongqing Key Lab of Mobile Communications Technology,School of Communication and Information Engineering,Chongqing University of Posts and Telecommunications,Chongqing 400065,China)
  • Received:2018-09-28 Revised:2019-02-13 Online:2019-10-15 Published:2019-10-21

摘要: 安全态势是网络安全预警的前提。各种复杂网络环境中的网络攻击行为给网络带来了意想不到的挑战,导致网络负载增加和网络故障等突发网络安全事件随时都会发生。因此,针对网络安全态势时间序列的不确定性、非线性等特点,为了提高网络安全态势预测的精度,提出了基于改进Nadam和改进长短期记忆网络(NAWL-ILSTM)的网络安全态势预测方法。首先,利用一种在线更新机制改进长短期记忆网络(LSTM)以建立态势时间序列预测模型,它可以实时地对接收到的在线观测数据进行参数更新,使代价函数最小化,从而解决了传统LSTM网络模型不能合理地利用网络系统在线传送数据的问题,在优化参数更新的同时也大大提高了LSTM模型的预测精度;然后,针对神经网络训练过程中收敛速度较慢和训练成本较高的问题,采用Look-ahead方法对Nesterov加速梯度的自适应估计动量算法(Nadam)的更新公式进行改进,以加快模型的收敛速度,从而加快了ILSTM预测模型的训练速度,减少了训练的时间和成本。基于Python在tensorflow环境下进行仿真实验,结果验证了所提的基于在线更新机制的LSTM预测模型的合理性,通过收敛性分析和算法对比得出了NAWL算法具有更快的收敛速度的结论。最后,与其他预测模型的对比结果表明了NAWL-ILSTM预测模型在态势时间序列分析中具有更强的适用性和更高的准确性。

关键词: 网络安全态势预测, 长短期记忆网络, 在线更新参数, 前瞻性技术, 适应性动量算法

Abstract: Security situation is the premise of network security warning.The network attacks in complex network environment bring unexpected challenges,causing the sudden network security incidents such as increasing network load and network failure happen at any time.Therefore,taking into account the uncertainty and non-linearity of network security situation time series,in order to further improve the forecast accuracy of network security situation,this paper proposed a network security situation prediction method based on NAWL-ILSTM (Nadam with Look-ahead and Improved Long Short-Term Memory).Firstly,an online updating mechanism is adopted to improve the LSTM to establish time series forecasting model,which can conduct parameter updating in real time for the received online observed data and minimize the cost function,thus solving the problem that traditional LSTM algorithm can’t use network system to transmit data online reasonably,further,optimizing the parameter updating and improving the forecast accuracy of LSTM model.Then,aiming at the problems of slow convergence speed and high training cost in the training process of neural networks,the Look-ahead technology is used to improve the updating formula of Nesterov acceleration gradient adaptive estimated momentum algorithm (Nadam) to accelerate the convergence speed of the model,and then the trai-ning speed of ILSTM prediction model can be accelerated to reduce training time and cost.The simulation experiments based on Pythonin tensorflow environment demonstrate the rationality of the LSTM prediction model based on online updating mechanism.Convergence analysis and comparison experiments show the NAWL algorithm has faster convergence speed.Finally,the comparison experiments show that the proposed model based on NAWL-ILSTM has stronger applicability and higher applicability in situation time series analysis compared with other prediction model.

Key words: Network security situation prediction, Long short-term memory, Online observation data, Look-ahead technology, Adaptive momentum estimated algorithm

中图分类号: 

  • TP393
[1]JAJODIA S,LIU P,SWARUP V,et al.Cyber Situational Awareness:Issues and Research[M].Boston,MA:Spring-Verlag,US,2010.
[2]BOX G E P,JENKINS G M,REINSEL G C.Time series analysis forecasting and control,4th Edition[M].Beijing:Posts & Telecom Press,2005:19-180.
[3]LIANG W,CHEN Z,YAN X,et al.Multiscale Entropy-Based Weighted Hidden Markov Network Security Situation Prediction Model[C]//IEEE International Congress on Internet of Things.IEEE,2017:97-104.
[4]LI F W,ZHENG B,ZHU J,et al. A method of network security situation prediction based on AC-RBF neural network.Journal of Chongqing University of Posts & Telecommunications,2014,26(5):576-581.(in Chinese)
李方伟,郑波,朱江,等.一种基于AC-RBF神经网络的网络安全态势预测方法.重庆邮电大学学报(自然科学版),2014,26(05):576-581.
[5]JIANG Y,LI C H,YU L S,et al.On Network Security Situation Prediction Based on RBF Neural Network[C]//2017 36th Chinese Control Conference,Beijing:Technical Committee on Control Theory of Chinese Association of Automation,2017:4060-4063.
[6]ZHANG S M,LI B X,WANG B Y.The Application of an Improved Integration Algorithm of Support Vector Machine to the Prediction of Network Security Situation[J].Applied Mechanics &Materials,2014,513-517(513-517):2285-2288.
[7]DUAN M.Short-Time Prediction of Traffic Flow Based on PSO Optimized SVM[C]//International Conference on Intelligent Transportation,Big Data & Smart City.IEEE Computer Society,2018:41-45.
[8]WANG X,WU J,LIU C,et al.Fault time series prediction based on LSTM cyclic neural network [J].Journal of Beijing University of Aeronautics and Astronautics,2018,44(4):772-784.(in Chinese)
王鑫,吴际,刘超,等.基于LSTM循环神经网络的故障时间序列预测[J].北京航空航天大学学报,2018,44(4):772-784.
[9]CHEN Z,LIU Y,LIU S.Mechanical State Prediction Based on LSTM Neural Netwok[C]//China Control Conference,Beijing:Technical Committee on Control Theory of Chinese Association of Automation.2017:3876-3881.
[10]ZHU J,MING Y,SONG Y H,et al.Mechanism of situation element acquisition based on deep auto-encoder network in wireless sensor networks[J].International Journal of Distributed Sensor Networks,2017,13(3):155014771769962.
[11]LING F W,ZHANG X Y,ZHU J,et al.Network security situation assessment model based on information fusion [J].Journal of Computer Applications,2015,35(7):1882-1887.(in Chinese)
李方伟,张新跃,朱江,等.基于信息融合的网络安全态势评估模型[J].计算机应用,2015,35(7):1882-1887.
[12]SUN R Q.Research on the price trend prediction model of the stock index based on LSTM neural network[D].Beijing:Capital University of Economics and Business,2016.(in Chinese)
孙瑞奇.基于LSTM神经网络的美股股指价格趋势预测模型的研究[D].北京:首都经济贸易大学,2016.
[13]GREFF K,SRIVASTAVA R K,KOUTNIK J,et al.LSTM:A Search Space Odyssey[J].IEEE Transactions on Neural Networks & Learning Systems,2015,28(10):2222-2232.
[14]DOZAT T.Incorporating Nesterov Momentum into Adam[R].Stanford University,2015.
[15]SUTSKEVER I,MARTENS J,DAHL G,et al.On the importance of initialization and momentum in deep learning[C]//International Conference on International Conference on Machine Learning.JMLR.org,2013:1139-1147.
[16]BALLES L,HENNING P.Dissecting Adam:the sign,magni-tude and variance of stochastic gradients[C]//International Conference on Machine Learning.New York:ACM,2018:693-709.
[17]DUCHI J,HAZAN E,SINGER Y.Adaptive Subgradient Me-thods for Online Learning and Stochastic Optimization[J].Journal of Machine Learning Research,2011,12(7):257-269.
[18]YEUNG S,RUSSAKOVSKY O,NING J,et al.Every Moment Counts:Dense Detailed Labeling of Actions in Complex Videos[J].International Journal of Computer Vision,2017(8):1-15.
[19]ZHANG C,ZHANG C,ZHANG C.An improved Adam Algorithm using look-ahead[C]//International Conference on Deep Learning Technologies.New York:ACM,2017:19-22.
[1] 赵佳琦, 王瀚正, 周勇, 张迪, 周子渊. 基于多尺度与注意力特征增强的遥感图像描述生成方法[J]. 计算机科学, 2021, 48(1): 190-196.
[2] 张玉帅, 赵欢, 李博. 基于BERT和BiLSTM的语义槽填充[J]. 计算机科学, 2021, 48(1): 247-252.
[3] 崔彤彤, 王桂玲, 高晶. 基于1DCNN-LSTM的船舶轨迹分类方法[J]. 计算机科学, 2020, 47(9): 175-184.
[4] 胡鹏程, 刁力力, 叶桦, 仰燕兰. 基于人工特征与深度特征的DGA域名检测算法[J]. 计算机科学, 2020, 47(9): 311-317.
[5] 吕亿林, 田宏韬, 高建伟, 万怀宇. 结合百科知识与句子语义特征的关系抽取方法[J]. 计算机科学, 2020, 47(6A): 40-44.
[6] 陈晋音, 蒋焘, 郑海斌. 基于信噪比分级的信号调制类型识别[J]. 计算机科学, 2020, 47(6A): 310-317.
[7] 黄虹玮,刘玉娇,沈卓恺,张少伟,陈志敏,高阳. 基于深度学习网络模型的端到端航迹关联[J]. 计算机科学, 2020, 47(3): 200-205.
[8] 段建勇, 游世薪, 张梅, 王昊. 基于多特征融合的关键词抽取[J]. 计算机科学, 2020, 47(11A): 73-77.
[9] 文豪, 陈昊. 基于LSTM循环神经网络的税收预测[J]. 计算机科学, 2020, 47(11A): 437-443.
[10] 王婷, 夏阳雨新, 陈铁明. 基于多类别特征体系的股票短期趋势预测[J]. 计算机科学, 2020, 47(11A): 491-495.
[11] 徐胜, 祝永新. 视觉问答中问题处理算法研究[J]. 计算机科学, 2020, 47(11): 226-230.
[12] 周新宇, 李培峰. 基于信息交互增强的事件时序关系分类方法[J]. 计算机科学, 2020, 47(11): 244-249.
[13] 张永安, 颜斌斌. 一种股票市场的深度学习复合预测模型[J]. 计算机科学, 2020, 47(11): 255-267.
[14] 刘海波,武天博,沈晶,史长亭. 基于GAN-LSTM的APT攻击检测[J]. 计算机科学, 2020, 47(1): 281-286.
[15] 裴兰珍, 赵英俊, 王哲, 罗赟骞. 采用深度学习的DGA域名检测模型比较[J]. 计算机科学, 2019, 46(5): 111-115.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] 雷丽晖,王静. 可能性测度下的LTL模型检测并行化研究[J]. 计算机科学, 2018, 45(4): 71 -75 .
[2] 孙启,金燕,何琨,徐凌轩. 用于求解混合车辆路径问题的混合进化算法[J]. 计算机科学, 2018, 45(4): 76 -82 .
[3] 张佳男,肖鸣宇. 带权混合支配问题的近似算法研究[J]. 计算机科学, 2018, 45(4): 83 -88 .
[4] 伍建辉,黄中祥,李武,吴健辉,彭鑫,张生. 城市道路建设时序决策的鲁棒优化[J]. 计算机科学, 2018, 45(4): 89 -93 .
[5] 史雯隽,武继刚,罗裕春. 针对移动云计算任务迁移的快速高效调度算法[J]. 计算机科学, 2018, 45(4): 94 -99 .
[6] 周燕萍,业巧林. 基于L1-范数距离的最小二乘对支持向量机[J]. 计算机科学, 2018, 45(4): 100 -105 .
[7] 刘博艺,唐湘滟,程杰仁. 基于多生长时期模板匹配的玉米螟识别方法[J]. 计算机科学, 2018, 45(4): 106 -111 .
[8] 耿海军,施新刚,王之梁,尹霞,尹少平. 基于有向无环图的互联网域内节能路由算法[J]. 计算机科学, 2018, 45(4): 112 -116 .
[9] 崔琼,李建华,王宏,南明莉. 基于节点修复的网络化指挥信息系统弹性分析模型[J]. 计算机科学, 2018, 45(4): 117 -121 .
[10] 王振朝,侯欢欢,连蕊. 抑制CMT中乱序程度的路径优化方案[J]. 计算机科学, 2018, 45(4): 122 -125 .