计算机科学 ›› 2023, Vol. 50 ›› Issue (5): 382-389.doi: 10.11896/jsjkx.220400134
• 信息安全 • 上一篇
常利伟1,2, 刘秀娟1, 钱宇华2, 耿海军3, 赖裕平4
CHANG Liwei1,2, LIU Xiujuan1, QIAN Yuhua2, GENG Haijun3, LAI Yuping4
摘要: 为了准确获取整个网络的安全态势,设计了一种包含流量探测、属性提炼、决策引擎、多源融合和态势评估五大核心环节的网络安全态势感知模型。流量探测指,以网络流量探测器和入侵检测探测器为工具对流量进行监测,分别抓取流量基础特征和恶意活动特征;属性提炼指,以准确地提炼核心属性为目的,重点关注能够刻画恶意活动特征的报警信息、报警类别和连接属性;决策引擎指,以属性提炼生成的各探测器的核心属性数据为输入,以卷积神经网络为引擎识别各种攻击;多源融合指,采用指数加权的D-S融合方法有效地融合各决策引擎的输出结果,提升攻击识别率;态势评估指,借助权系数理论有效地量化威胁等级,利用层次化分析方法准确地获取整个网络的安全态势。实验结果表明,不同探测器探测到的数据对各类攻击识别的差异较大,多源融合算法可将攻击识别的准确率提升到92.76%,在准确率指标上优于多数研究成果,准确率的提升有助于层次化网络分析方法更加准确地计算整个网络的安全态势。
中图分类号:
[1]ENSLEY M R.Toward a theory ofsituation awareness in dy-namic systems[J].Human Factors,1995,37(1):32-64. [2]BASS T.Intrusion detection systems and multisensor data fusion[J].Communications of the ACM,2000,43(4):99-105. [3]CHEN X Z,ZHENG Q H,GUAN X H,et al.Hierarchical Network Security Threat Situation Quantitative Assessment Me-thod[J].Journal of Software,2006(4):885-897. [4]GONG Z H,ZHUO Y.Research on network situational aware-ness[J].Journal of Software,2010,21(7):1605-1619. [5]GAN W D,ZHOU C,SONG B.Network Security Situation Prediction Model Based on RAN-RBF Neural Network[J].Computer Science,2016,43(S2):388-392. [6]GONG J,ZANG X D,SU Q,et al.Survey of Network Security Situation Awareness[J].Journal of Software,2017,28(4):1010-1026. [7]ZHAO D,LIU J.Study on network security situation awareness based on particle swarm optimization algorithm[J].Computers &Industrial Engineering,2018,125:764-775. [8]CHEN W P,AO Z G,GUO J,et al.Security Assessment of Network Space Situation Awareness System Based on improved BP Neural Network[J].Computer Science,2018,45(S2):335-337,341. [9]LIU X,YU J,LV W,et al.Network securitysituation:Fromawareness to awareness-control[J].Journal of Network and Computer Applications,2019,139:15-30. [10]LI X,DUAN Y C.Network Security Situation AssessmentMethod Based on Improved Hidden Markov Model[J].Compu-ter Science,2020,47(7):287-291. [11]QIAN J,LI S Y.Research on network security situation awareness Prediction based on RBF Neural Network[J].Security of Cyberspace,2020,11(5):62-67,73. [12]CHANG L W,TIAN X X,ZHANG Y Q,et al.Network Security Situation Assessment System Based on Multi-source Heterogeneous Data Fusion[J].Journal of Intelligent Systems,2021,16(1):38-47. [13]HE C R,ZHU J.Security situation prediction method of GRU neural network based on attention mechanism[J].Systems Engineering and Electronics,2021,43(1):258-266. [14]ZHANG H,KANG C,XIAO Y.Research on Network Security Situation Awareness Based on the LSTM-DT Model[J].Sensors,2021,21(14):4788. [15]LI Z,ZHAO D,LI X,et al.Network security situation prediction based on feature separation and dual attention mechanism[J].EURASIP Journal on Wireless Communications and Networking,2021,2021(1):1-19. [16]CHEN J J.Multi-sensor Management and Information Fusion[D].Xi'an:Northwestern Polytechnical University,2002. [17]WANG C R,XU R F,LEE S J,et al.Network intrusion detection using equality constrained-optimization-based extreme learning machines[J].Knowledge-Based Systems,2018,147:68-80. [18]PAPAMARTZIVANOS D,MÁRMOL F G,KAMBOURAKISG.Dendron:Genetic trees driven rule induction for network intrusion detection systems[J].Future Generation Computer Systems,2018,79:558-574. [19]LV L,WANG W,ZHANG Z,et al.A novel intrusion detection system based on an optimal hybrid kernel extreme learning machine[J].Knowledge-Based Systems,2020,195:105648. [20]ZHANG H,LI J L,LIU X M,et al.Multi-dimensional featurefusion and stacking ensemble mechanism for network intrusion detection[J].Future Generation Computer Systems,2021,122:130-143. [21]NAWIR M,AMIR A,YAAKOB N.Multi-classification of UNSW-NB15 Dataset for Network Anomaly Detection System[J].Journal of Theoretical and Applied Information Technology,2018,96(15):5094-5104. [22]MILLAR K,CHENG A,CHEW H G,et al.Using convolutional neural networks for classifying malicious network traffic[C]//Deep Learning Applications for Cyber Security.Advanced Sciences and Technologies for Security Applications.Cham:Springer,2019:103-126. [23]MUNA A L H,MOUSTAFA N,SITNIKOVA E.Identification of malicious activities in industrial internet of things based on deep learning models[J].Journal of Information Security and Applications,2018,41:1-11. [24]ZHANG J,LING Y,FU X,et al.Model of the intrusion detection system based on the integration of spatial-temporal features[J].Computers & Security,2020,89:101681. |
|