计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (5): 382-389.doi: 10.11896/jsjkx.220400134

• 信息安全 • 上一篇    

基于卷积神经网络多源融合的网络安全态势感知模型

常利伟1,2, 刘秀娟1, 钱宇华2, 耿海军3, 赖裕平4   

  1. 1 山西财经大学信息学院 太原 030006
    2 山西大学大数据科学与产业研究院 太原 030006
    3 山西大学自动化与软件学院 太原 030006
    4 北京邮电大学网络空间安全学院 北京 100876
  • 收稿日期:2022-04-13 修回日期:2022-07-31 出版日期:2023-05-15 发布日期:2023-05-06
  • 通讯作者: 常利伟(changliwei002@163.com)
  • 基金资助:
    山西省自然科学基金(20210302124290);山西省教育科学“十四五”规划项目(GH-21600);山西省重点研发国际科技合作项目(201903D421003);国家自然科学基金(62002210)

Multi-source Fusion Network Security Situation Awareness Model Based on Convolutional Neural Network

CHANG Liwei1,2, LIU Xiujuan1, QIAN Yuhua2, GENG Haijun3, LAI Yuping4   

  1. 1 School of Information,Shanxi University of Finance and Economics,Taiyuan 030006,China
    2 Institute of Big Data Science and Industry,Shanxi University,Taiyuan 030006,China
    3 School of Automation and Software,Shanxi University,Taiyuan 030006,China
    4 School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China
  • Received:2022-04-13 Revised:2022-07-31 Online:2023-05-15 Published:2023-05-06
  • About author:CHANG Liwei,born in 1986,Ph.D,associate professor,is a member of China Computer Federation.His main research interests include quantum secure communication and network security situation awareness.
  • Supported by:
    Natural Science Foundation of Shanxi Province,China(20210302124290),Planning Subject for the 14th Five Year Plan of Education Sciences of Shanxi Province,China(GH-21600),Key R&D Program(International Science and Technology Cooperation Project) of Shanxi Province,China(201903D421003) and National Natural Science Foundation of China(62002210).

PDF (PC)

128

摘要: 为了准确获取整个网络的安全态势,设计了一种包含流量探测、属性提炼、决策引擎、多源融合和态势评估五大核心环节的网络安全态势感知模型。流量探测指,以网络流量探测器和入侵检测探测器为工具对流量进行监测,分别抓取流量基础特征和恶意活动特征;属性提炼指,以准确地提炼核心属性为目的,重点关注能够刻画恶意活动特征的报警信息、报警类别和连接属性;决策引擎指,以属性提炼生成的各探测器的核心属性数据为输入,以卷积神经网络为引擎识别各种攻击;多源融合指,采用指数加权的D-S融合方法有效地融合各决策引擎的输出结果,提升攻击识别率;态势评估指,借助权系数理论有效地量化威胁等级,利用层次化分析方法准确地获取整个网络的安全态势。实验结果表明,不同探测器探测到的数据对各类攻击识别的差异较大,多源融合算法可将攻击识别的准确率提升到92.76%,在准确率指标上优于多数研究成果,准确率的提升有助于层次化网络分析方法更加准确地计算整个网络的安全态势。

关键词: 网络安全态势感知, 攻击识别, 卷积神经网络, 多源融合算法, 层次化分析方法

Abstract: For accurately calculating security situation of the whole network,a network security situation awareness model with five core elements is elaborated,which are traffic detection,attribute extraction,decision engine,multi-source fusion and situation assessment.In the traffic detection module,the network traffic detector and the intrusion detection detector are taken as a tool to grab the basic characteristics of traffic and malicious activity characteristics respectively; in the attribute extraction module,with the aim of precisely extracting key attributes,alarm messages,alarm types and connection characteristics,which contribute to describe malicious activities,are the center of attention; in the decision engine module,the key attribute data from attribute extraction is utilized as input,and CNN as an engine is employed to identify various kinds of attacks; in the multi-source fusion module,exponential weighted D-S fusion algorithm is used to effectively integrate the output of each decision engine to improve the identification rate of attack types; in the situation assessment module,in virtue of weight coefficient theory the threat levels are quantified,the hierarchical analysis method is applied to exactly get security situation of the whole network.Experimental results show that,there is a great difference in identifying varieties of attacks for different detectors,the proposed multi-source fusion algorithm can improve the accuracy of attack identification which can reach up to 92.76%,in such accuracy index our results are better than most research achievements,and the improvement of accuracy makes a great impact on accurately calculating and intuitively reflecting security situation of the whole network by means of hierarchical analysis method.

Key words: Network security situation awareness, Attack identification, Convolutional neural network, Multi-source fusion algorithm, Hierarchical analysis method

中图分类号: 

  • TP393
[1]ENSLEY M R.Toward a theory ofsituation awareness in dy-namic systems[J].Human Factors,1995,37(1):32-64.
[2]BASS T.Intrusion detection systems and multisensor data fusion[J].Communications of the ACM,2000,43(4):99-105.
[3]CHEN X Z,ZHENG Q H,GUAN X H,et al.Hierarchical Network Security Threat Situation Quantitative Assessment Me-thod[J].Journal of Software,2006(4):885-897.
[4]GONG Z H,ZHUO Y.Research on network situational aware-ness[J].Journal of Software,2010,21(7):1605-1619.
[5]GAN W D,ZHOU C,SONG B.Network Security Situation Prediction Model Based on RAN-RBF Neural Network[J].Computer Science,2016,43(S2):388-392.
[6]GONG J,ZANG X D,SU Q,et al.Survey of Network Security Situation Awareness[J].Journal of Software,2017,28(4):1010-1026.
[7]ZHAO D,LIU J.Study on network security situation awareness based on particle swarm optimization algorithm[J].Computers &Industrial Engineering,2018,125:764-775.
[8]CHEN W P,AO Z G,GUO J,et al.Security Assessment of Network Space Situation Awareness System Based on improved BP Neural Network[J].Computer Science,2018,45(S2):335-337,341.
[9]LIU X,YU J,LV W,et al.Network securitysituation:Fromawareness to awareness-control[J].Journal of Network and Computer Applications,2019,139:15-30.
[10]LI X,DUAN Y C.Network Security Situation AssessmentMethod Based on Improved Hidden Markov Model[J].Compu-ter Science,2020,47(7):287-291.
[11]QIAN J,LI S Y.Research on network security situation awareness Prediction based on RBF Neural Network[J].Security of Cyberspace,2020,11(5):62-67,73.
[12]CHANG L W,TIAN X X,ZHANG Y Q,et al.Network Security Situation Assessment System Based on Multi-source Heterogeneous Data Fusion[J].Journal of Intelligent Systems,2021,16(1):38-47.
[13]HE C R,ZHU J.Security situation prediction method of GRU neural network based on attention mechanism[J].Systems Engineering and Electronics,2021,43(1):258-266.
[14]ZHANG H,KANG C,XIAO Y.Research on Network Security Situation Awareness Based on the LSTM-DT Model[J].Sensors,2021,21(14):4788.
[15]LI Z,ZHAO D,LI X,et al.Network security situation prediction based on feature separation and dual attention mechanism[J].EURASIP Journal on Wireless Communications and Networking,2021,2021(1):1-19.
[16]CHEN J J.Multi-sensor Management and Information Fusion[D].Xi'an:Northwestern Polytechnical University,2002.
[17]WANG C R,XU R F,LEE S J,et al.Network intrusion detection using equality constrained-optimization-based extreme learning machines[J].Knowledge-Based Systems,2018,147:68-80.
[18]PAPAMARTZIVANOS D,MÁRMOL F G,KAMBOURAKISG.Dendron:Genetic trees driven rule induction for network intrusion detection systems[J].Future Generation Computer Systems,2018,79:558-574.
[19]LV L,WANG W,ZHANG Z,et al.A novel intrusion detection system based on an optimal hybrid kernel extreme learning machine[J].Knowledge-Based Systems,2020,195:105648.
[20]ZHANG H,LI J L,LIU X M,et al.Multi-dimensional featurefusion and stacking ensemble mechanism for network intrusion detection[J].Future Generation Computer Systems,2021,122:130-143.
[21]NAWIR M,AMIR A,YAAKOB N.Multi-classification of UNSW-NB15 Dataset for Network Anomaly Detection System[J].Journal of Theoretical and Applied Information Technology,2018,96(15):5094-5104.
[22]MILLAR K,CHENG A,CHEW H G,et al.Using convolutional neural networks for classifying malicious network traffic[C]//Deep Learning Applications for Cyber Security.Advanced Sciences and Technologies for Security Applications.Cham:Springer,2019:103-126.
[23]MUNA A L H,MOUSTAFA N,SITNIKOVA E.Identification of malicious activities in industrial internet of things based on deep learning models[J].Journal of Information Security and Applications,2018,41:1-11.
[24]ZHANG J,LING Y,FU X,et al.Model of the intrusion detection system based on the integration of spatial-temporal features[J].Computers & Security,2020,89:101681.
[1] 张雪, 赵晖.
基于多事件语义增强的情感分析
Sentiment Analysis Based on Multi-event Semantic Enhancement
计算机科学, 2023, 50(5): 238-247. https://doi.org/10.11896/jsjkx.220400256
[2] 汪林, 蒙祖强, 杨丽娜.
基于多级多尺度特征提取的CNN-BiLSTM模型的中文情感分析
Chinese Sentiment Analysis Based on CNN-BiLSTM Model of Multi-level and Multi-scale Feature Extraction
计算机科学, 2023, 50(5): 248-254. https://doi.org/10.11896/jsjkx.220400069
[3] 叶瀚, 李欣, 孙海春.
结合门控机制的卷积网络实体缺失检测方法
Convolutional Network Entity Missing Detection Method Combined with Gated Mechanism
计算机科学, 2023, 50(5): 262-269. https://doi.org/10.11896/jsjkx.220400126
[4] 邵云飞, 宋友, 王宝会.
基于社交网络图节点度的神经网络个性化传播算法研究
Study on Degree of Node Based Personalized Propagation of Neural Predictions forSocial Networks
计算机科学, 2023, 50(4): 16-21. https://doi.org/10.11896/jsjkx.220300274
[5] 王振彪, 覃亚丽, 王荣芳, 郑欢.
基于残差特征聚合的图像压缩感知注意力神经网络
Image Compressed Sensing Attention Neural Network Based on Residual Feature Aggregation
计算机科学, 2023, 50(4): 117-124. https://doi.org/10.11896/jsjkx.211200215
[6] 曹晨阳, 杨晓东, 段鹏松.
WiDoor:一种近距离非接触式身份识别方法
WiDoor:Close-range Contactless Human Identification Approach
计算机科学, 2023, 50(4): 388-396. https://doi.org/10.11896/jsjkx.220300278
[7] 李帅, 徐彬, 韩祎珂, 廖同鑫.
SS-GCN:情感增强和句法增强的方面级情感分析模型
SS-GCN:Aspect-based Sentiment Analysis Model with Affective Enhancement and Syntactic Enhancement
计算机科学, 2023, 50(3): 3-11. https://doi.org/10.11896/jsjkx.220700238
[8] 王晓飞, 樊学强, 李章维.
基于迁移学习和多视图特征融合提高RNA碱基相互作用预测
Improving RNA Base Interactions Prediction Based on Transfer Learning and Multi-view Feature Fusion
计算机科学, 2023, 50(3): 164-172. https://doi.org/10.11896/jsjkx.211200186
[9] 梅鹏程, 杨吉斌, 张强, 黄翔.
一种基于三维卷积的声学事件联合估计方法
Sound Event Joint Estimation Method Based on Three-dimension Convolution
计算机科学, 2023, 50(3): 191-198. https://doi.org/10.11896/jsjkx.220500259
[10] 曹金娟, 钱忠, 李培峰.
基于联合模型的端到端事件可信度识别
End-to-End Event Factuality Identification with Joint Model
计算机科学, 2023, 50(2): 292-299. https://doi.org/10.11896/jsjkx.211200108
[11] 周乐员, 张剑华, 袁甜甜, 陈胜勇.
多层注意力机制融合的序列到序列中国连续手语识别和翻译
Sequence-to-Sequence Chinese Continuous Sign Language Recognition and Translation with Multi- layer Attention Mechanism Fusion
计算机科学, 2022, 49(9): 155-161. https://doi.org/10.11896/jsjkx.210800026
[12] 陈泳全, 姜瑛.
基于卷积神经网络的APP用户行为分析方法
Analysis Method of APP User Behavior Based on Convolutional Neural Network
计算机科学, 2022, 49(8): 78-85. https://doi.org/10.11896/jsjkx.210700121
[13] 朱承璋, 黄嘉儿, 肖亚龙, 王晗, 邹北骥.
基于注意力机制的医学影像深度哈希检索算法
Deep Hash Retrieval Algorithm for Medical Images Based on Attention Mechanism
计算机科学, 2022, 49(8): 113-119. https://doi.org/10.11896/jsjkx.210700153
[14] 檀莹莹, 王俊丽, 张超波.
基于图卷积神经网络的文本分类方法研究综述
Review of Text Classification Methods Based on Graph Convolutional Network
计算机科学, 2022, 49(8): 205-216. https://doi.org/10.11896/jsjkx.210800064
[15] 李宗民, 张玉鹏, 刘玉杰, 李华.
基于可变形图卷积的点云表征学习
Deformable Graph Convolutional Networks Based Point Cloud Representation Learning
计算机科学, 2022, 49(8): 273-278. https://doi.org/10.11896/jsjkx.210900023
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发