计算机科学 ›› 2023, Vol. 50 ›› Issue (5): 382-389.doi: 10.11896/jsjkx.220400134

• 信息安全 • 上一篇    

基于卷积神经网络多源融合的网络安全态势感知模型

常利伟1,2, 刘秀娟1, 钱宇华2, 耿海军3, 赖裕平4   

  1. 1 山西财经大学信息学院 太原 030006
    2 山西大学大数据科学与产业研究院 太原 030006
    3 山西大学自动化与软件学院 太原 030006
    4 北京邮电大学网络空间安全学院 北京 100876
  • 收稿日期:2022-04-13 修回日期:2022-07-31 出版日期:2023-05-15 发布日期:2023-05-06
  • 通讯作者: 常利伟(changliwei002@163.com)
  • 基金资助:
    山西省自然科学基金(20210302124290);山西省教育科学“十四五”规划项目(GH-21600);山西省重点研发国际科技合作项目(201903D421003);国家自然科学基金(62002210)

Multi-source Fusion Network Security Situation Awareness Model Based on Convolutional Neural Network

CHANG Liwei1,2, LIU Xiujuan1, QIAN Yuhua2, GENG Haijun3, LAI Yuping4   

  1. 1 School of Information,Shanxi University of Finance and Economics,Taiyuan 030006,China
    2 Institute of Big Data Science and Industry,Shanxi University,Taiyuan 030006,China
    3 School of Automation and Software,Shanxi University,Taiyuan 030006,China
    4 School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China
  • Received:2022-04-13 Revised:2022-07-31 Online:2023-05-15 Published:2023-05-06
  • About author:CHANG Liwei,born in 1986,Ph.D,associate professor,is a member of China Computer Federation.His main research interests include quantum secure communication and network security situation awareness.
  • Supported by:
    Natural Science Foundation of Shanxi Province,China(20210302124290),Planning Subject for the 14th Five Year Plan of Education Sciences of Shanxi Province,China(GH-21600),Key R&D Program(International Science and Technology Cooperation Project) of Shanxi Province,China(201903D421003) and National Natural Science Foundation of China(62002210).

摘要: 为了准确获取整个网络的安全态势,设计了一种包含流量探测、属性提炼、决策引擎、多源融合和态势评估五大核心环节的网络安全态势感知模型。流量探测指,以网络流量探测器和入侵检测探测器为工具对流量进行监测,分别抓取流量基础特征和恶意活动特征;属性提炼指,以准确地提炼核心属性为目的,重点关注能够刻画恶意活动特征的报警信息、报警类别和连接属性;决策引擎指,以属性提炼生成的各探测器的核心属性数据为输入,以卷积神经网络为引擎识别各种攻击;多源融合指,采用指数加权的D-S融合方法有效地融合各决策引擎的输出结果,提升攻击识别率;态势评估指,借助权系数理论有效地量化威胁等级,利用层次化分析方法准确地获取整个网络的安全态势。实验结果表明,不同探测器探测到的数据对各类攻击识别的差异较大,多源融合算法可将攻击识别的准确率提升到92.76%,在准确率指标上优于多数研究成果,准确率的提升有助于层次化网络分析方法更加准确地计算整个网络的安全态势。

关键词: 网络安全态势感知, 攻击识别, 卷积神经网络, 多源融合算法, 层次化分析方法

Abstract: For accurately calculating security situation of the whole network,a network security situation awareness model with five core elements is elaborated,which are traffic detection,attribute extraction,decision engine,multi-source fusion and situation assessment.In the traffic detection module,the network traffic detector and the intrusion detection detector are taken as a tool to grab the basic characteristics of traffic and malicious activity characteristics respectively; in the attribute extraction module,with the aim of precisely extracting key attributes,alarm messages,alarm types and connection characteristics,which contribute to describe malicious activities,are the center of attention; in the decision engine module,the key attribute data from attribute extraction is utilized as input,and CNN as an engine is employed to identify various kinds of attacks; in the multi-source fusion module,exponential weighted D-S fusion algorithm is used to effectively integrate the output of each decision engine to improve the identification rate of attack types; in the situation assessment module,in virtue of weight coefficient theory the threat levels are quantified,the hierarchical analysis method is applied to exactly get security situation of the whole network.Experimental results show that,there is a great difference in identifying varieties of attacks for different detectors,the proposed multi-source fusion algorithm can improve the accuracy of attack identification which can reach up to 92.76%,in such accuracy index our results are better than most research achievements,and the improvement of accuracy makes a great impact on accurately calculating and intuitively reflecting security situation of the whole network by means of hierarchical analysis method.

Key words: Network security situation awareness, Attack identification, Convolutional neural network, Multi-source fusion algorithm, Hierarchical analysis method

中图分类号: 

  • TP393
[1]ENSLEY M R.Toward a theory ofsituation awareness in dy-namic systems[J].Human Factors,1995,37(1):32-64.
[2]BASS T.Intrusion detection systems and multisensor data fusion[J].Communications of the ACM,2000,43(4):99-105.
[3]CHEN X Z,ZHENG Q H,GUAN X H,et al.Hierarchical Network Security Threat Situation Quantitative Assessment Me-thod[J].Journal of Software,2006(4):885-897.
[4]GONG Z H,ZHUO Y.Research on network situational aware-ness[J].Journal of Software,2010,21(7):1605-1619.
[5]GAN W D,ZHOU C,SONG B.Network Security Situation Prediction Model Based on RAN-RBF Neural Network[J].Computer Science,2016,43(S2):388-392.
[6]GONG J,ZANG X D,SU Q,et al.Survey of Network Security Situation Awareness[J].Journal of Software,2017,28(4):1010-1026.
[7]ZHAO D,LIU J.Study on network security situation awareness based on particle swarm optimization algorithm[J].Computers &Industrial Engineering,2018,125:764-775.
[8]CHEN W P,AO Z G,GUO J,et al.Security Assessment of Network Space Situation Awareness System Based on improved BP Neural Network[J].Computer Science,2018,45(S2):335-337,341.
[9]LIU X,YU J,LV W,et al.Network securitysituation:Fromawareness to awareness-control[J].Journal of Network and Computer Applications,2019,139:15-30.
[10]LI X,DUAN Y C.Network Security Situation AssessmentMethod Based on Improved Hidden Markov Model[J].Compu-ter Science,2020,47(7):287-291.
[11]QIAN J,LI S Y.Research on network security situation awareness Prediction based on RBF Neural Network[J].Security of Cyberspace,2020,11(5):62-67,73.
[12]CHANG L W,TIAN X X,ZHANG Y Q,et al.Network Security Situation Assessment System Based on Multi-source Heterogeneous Data Fusion[J].Journal of Intelligent Systems,2021,16(1):38-47.
[13]HE C R,ZHU J.Security situation prediction method of GRU neural network based on attention mechanism[J].Systems Engineering and Electronics,2021,43(1):258-266.
[14]ZHANG H,KANG C,XIAO Y.Research on Network Security Situation Awareness Based on the LSTM-DT Model[J].Sensors,2021,21(14):4788.
[15]LI Z,ZHAO D,LI X,et al.Network security situation prediction based on feature separation and dual attention mechanism[J].EURASIP Journal on Wireless Communications and Networking,2021,2021(1):1-19.
[16]CHEN J J.Multi-sensor Management and Information Fusion[D].Xi'an:Northwestern Polytechnical University,2002.
[17]WANG C R,XU R F,LEE S J,et al.Network intrusion detection using equality constrained-optimization-based extreme learning machines[J].Knowledge-Based Systems,2018,147:68-80.
[18]PAPAMARTZIVANOS D,MÁRMOL F G,KAMBOURAKISG.Dendron:Genetic trees driven rule induction for network intrusion detection systems[J].Future Generation Computer Systems,2018,79:558-574.
[19]LV L,WANG W,ZHANG Z,et al.A novel intrusion detection system based on an optimal hybrid kernel extreme learning machine[J].Knowledge-Based Systems,2020,195:105648.
[20]ZHANG H,LI J L,LIU X M,et al.Multi-dimensional featurefusion and stacking ensemble mechanism for network intrusion detection[J].Future Generation Computer Systems,2021,122:130-143.
[21]NAWIR M,AMIR A,YAAKOB N.Multi-classification of UNSW-NB15 Dataset for Network Anomaly Detection System[J].Journal of Theoretical and Applied Information Technology,2018,96(15):5094-5104.
[22]MILLAR K,CHENG A,CHEW H G,et al.Using convolutional neural networks for classifying malicious network traffic[C]//Deep Learning Applications for Cyber Security.Advanced Sciences and Technologies for Security Applications.Cham:Springer,2019:103-126.
[23]MUNA A L H,MOUSTAFA N,SITNIKOVA E.Identification of malicious activities in industrial internet of things based on deep learning models[J].Journal of Information Security and Applications,2018,41:1-11.
[24]ZHANG J,LING Y,FU X,et al.Model of the intrusion detection system based on the integration of spatial-temporal features[J].Computers & Security,2020,89:101681.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!