计算机科学 ›› 2012, Vol. 39 ›› Issue (7): 11-17.

• 综述 • 上一篇    下一篇

基于知识发现的网络安全态势感知系统

王春雷,方 兰,王东霞,戴一奇   

  1. (清华大学计算机科学与技术系 北京100084);(北京系统工程研究所信息系统安全技术重点实验室 北京100101)
  • 出版日期:2018-11-16 发布日期:2018-11-16

Network Security Situation Awareness System Based on Knowledge Discovery

  • Online:2018-11-16 Published:2018-11-16

摘要: 由于网络安全告警数据的复杂性和多样性,使得难以精确地分析和评估网络安全态势。通过总结网络安全态势感知的最新研究进展和现存问题,提出了一种基于知识发现的网络安全态势建模与生成框架,在该框架的基础上设计并实现了网络安全态势感知系统Nct SSA。该系统主要由安全态势建模和安全态势生成两部分组成。安全态势建模就是基于IBS证据理论构建适应于度量网络安全态势的形式模型,用于支持态势传感器的安全事件融合和关联分析。安全态势生成就是通过知识发现方法,挖掘网络安全态势数据集中的频繁模式和序列模式,并且将其转化成安全态势的关联规则,从而支持网络安全态势图的自动生成。通过相应的实验过程和结果分析,表明该系统能够支持网络安全态势的准确建模和高效生成。

关键词: 网络安全,安全态势建模,安全态势生成,数据挖掘,知识发现

Abstract: Network security administrators need to obtain and analyze network security situation for management,maintenance, and planning purposes. The complexities and diversities of security alert data on modern networks, however,make the precise analysis and evaluation of network security situation extremely difficult We summarized the research progress and existing problems of network security situation awareness, and proposed a network security situation modeling and generation framework based on knowledge discovery. Then,we designed and implemented the network security situation awareness system(Net SSA) based on this framework. Net SSA consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the IBS evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The network security situation is generated by extracting the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery methods and transforming these patterns to the correlation rules of network security situalion, and finally automatically constructing the network security situation graph. The experimental results show that the system supports the accurate modeling and effective generation of network security situation.

Key words: Network security, Security situation modeling, Security situation generation, Data mining, Knowledge discovery

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!