基于GA-RBF神经网络的网络安全态势感知系统的研究与实现

发布时间：2018-01-29 14:59

本文关键词： 网络安全态势感知遗传算法神经网络态势评估　出处：《宁夏大学》2017年硕士论文　论文类型：学位论文

【摘要】：计算机技术和通信技术高速发展,网络攻防技术不断革新,网络威胁加剧,信息系统安全受到严重挑战。新常态下的互联网环境下的网络防御手段和攻击手段的发展出现了严重的不平衡,智能化安全防御体系的研究成为热点。数据融合技术的发展使得网络安全评估向综合性发展,但这些技术局限于反映过去和当前的网络态势状况,难以适应如今复杂多变的网络环境,网络安全的发展倾向于被动防御转为主动防御,智能化、可视化、全局化等网络安全的特点显得尤为突出,机器学习、大数据挖掘等方法和技术的研究和运用加速了网络防御技术的发展,特别是可视化前端技术的发展为网络安全态势感知体系的动态展示提供了良好的技术支撑。本文通过研究区域网络信息系统中安全事件,结合网络中硬件采集的日志信息,运用智能化的态势分析的方法使网络管理者通过直观的可视化展示判断当前网络安全状况,感知未来网络安全状况并及时做出调整,保护网络资产不受损失,提高信息系统网络攻击防范能力。基于GA-RBF神经网络的网络安全态势感知系统的研究和实现主要工作包括:1、网络安全态势评估方法和关键技术的研究。分析和对比不同的态势评估方法,参考已有的网络安全态势指标处理成果,对区域网络中的各种网络安全因素包括(硬件资产、设备状况、安全警报、事件日志等)进行清洗、采集和维度划分,采用模糊层次分析法划分当前范围内的网络安全态势值,从而建立全面完善的网络安全态势指标体系。经过分析区域网络中的拓扑结构和组织结构并参考国内外学者已有的信息系统风险评估成果,利用数据融合技术构建评估指标体系应该遵循从点到面、自内而外的评估策略。通过态势理解技术的分析,对防火墙、服务器等硬件设施的日志记录和扫描结果等经过权重处理和一致化检验的信息进行关联分析,建立威胁传播网络数据集。2、基于GA-RBF神经网络的预测模型的构建。本文比较了几种常见的态势预测方法,确定了基于径向基函数神经网络的态势预测方法,结合已有的实验环境和数据构建出适合用于区域网络信息系统安全的网络安全态势预测模型。模型利用遗传算法从模拟种族进化的过程中找出适合的控制因子集合和参数因子集合的组合方式,对集合进行自然选择,交叉、变异,能很好地克服反馈缓慢问题,通过定义非线性时间和数据集合的关系,来构建预测模型应用到系统中。3、安全态势感知系统的设计与实现。根据已有的网络安全态势评估模型与预测模型相结合,从传统的系统设计入手,对网络安全态势感知系统进行需求分析和功能定位,搭建基于区域网络信息系统安全的网络安全态势感知系统的总体架构。通过对感知系统进行总体设计,确定态势采集层、态势理解分析层、态势预测层、态势感知层、态势展示层等子系统的功能和交互流程,基于各子系统的特点来分析支撑平台和架构设计中的实现方法,通过分析各模块之间的数据流向,为各个子系统提出方案解决并实现具体的系统。
[Abstract]:The rapid development of computer technology and communication technology, network attack and defense technology innovation, network information system security threats, serious challenges. The development of network defense and attack means the norm under the Internet environment have resulted in a serious imbalance, the research of intelligent security defense system has become a hot spot. The development of data fusion technology makes network security evaluation to the comprehensive development, but the technology is limited to reflect the past and current network status, now it is difficult to adapt to the complex network environment, the development of network security tend to passive defense to active defense, intelligence, visualization, characteristics of global network security is particularly prominent, machine learning. The research and application of data mining method and technology has accelerated the development of network defense technology, especially the development of front-end technology for network visualization It provides a good technical support to the dynamic display of network security situation awareness system. Through the research of information system security incidents in the regional network, combined with the log information acquisition hardware in the network analysis method, the intelligent use situation of the network manager through intuitive visual display to judge the current situation of network security, perceived future network security the situation and make timely adjustments to protect network assets, improve the ability to prevent network attacks. The information system research and implementation of network security situation awareness system GA-RBF neural network the main work includes: 1, based on the research of the network security situation evaluation method and key technology. The evaluation method of analysis and comparison of different situation, with reference to the existing the network security situation index processing results, including a variety of network security factors in regional network (hardware assets, equipment condition, safety Alarm and event log etc.) for cleaning, collection and dimensions, using fuzzy AHP method to divide the current range of network security situation, so as to establish a system of comprehensive network security situation index. Through the risk analysis of information system topology and organization structure in regional network structure and the reference of domestic and foreign scholars have been the evaluation results the use of technology, constructing evaluation index system should follow from the point of data fusion, from the inside out assessment strategies. Through analysis of situation understanding technology, firewall, server hardware facilities such as log records and scanning results after processing and consistency of test weight information for association analysis, the establishment of threat propagation network data set.2 prediction model is constructed based on GA-RBF neural network. This paper compares several common forecasting methods of the situation, determined based on radial basis function neural The prediction method of network situation, combined with the experimental data and the environment has been constructed for the network security situation prediction model of regional network information system security model. By using the genetic algorithm from simulation evolved find control factor sets and parameters suitable for the combination for the subset of the set of natural selection, crossover, mutation that can be a good way to overcome the slow feedback problem, through the relationship between the definition of nonlinear time and data collection, to construct the prediction model is applied to the system of.3, the design and implementation of security situation awareness system. According to the model and prediction model of network security situation assessment has been combined, starting from the traditional system design, requirements analysis and the function of network security situation awareness system, build the overall framework of network security situation of regional network information system security awareness system based on The overall design of the structure. Through the sensing system to determine the situation situation understanding collection layer, analysis layer, situation prediction layer, situation awareness layer, situation display function and interactive process layer subsystems, the characteristics of each subsystem is analyzed based on the realization method of the supporting platform and architecture design, through the analysis of the data flow between the various modules for each subsystem, and proposes solutions to the specific implementation.

【学位授予单位】：宁夏大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08;TP183

【参考文献】