基于粒计算理论的网络安全行为分析关键技术研究

发布时间：2018-01-30 04:58

本文关键词： 粒计算 Vague集粒空间网络安全行为网络流量异常检测微博用户分析　出处：《电子科技大学》2017年博士论文　论文类型：学位论文

【摘要】：随着移动互联网的高速发展,网络已经深入到了人们生活的方方面面。网络出现任何故障(包括设备故障和遭受攻击等)都会对生活工作造成巨大的影响。与此同时,还面临着互联网信息的传播速度与传统媒体传播相比有着巨大的优势,短时间内即可形成舆论导向,甚至影响到舆论的稳定。《国家网络空间安全战略》从网络通信基础设施和信息安全与传播两个角度,定义了网络空间安全战略。一方面,要保障网络通信基础设施的安全;另一方面,要保障网络信息的安全,以及网络信息的真实可靠,不会误导公众,造成网络群体事件。因此,为了从上述两个角度来维护网络空间的安全,需要对网络中IP层和应用层(特别是Web内容)的用户行为进行分析挖掘,及时发现危害网络空间安全的行为,保障网络及相关应用的正常运行。粒计算理论具备强大的不完备信息处理能力,受到了学界的广泛认可。它在人工智能、深度学习、信息安全等领域有很高的应用价值。本文基于粒计算理论,结合当下对网络空间安全的应用背景,对网络流量异常检测和微博用户行为分析开展了研究,主要取得如下成果:(1)提出了基于动态Vague集的网络流量异常检测算法在动态Vague集的基础上,提出了频度因子模型和相关因子模型,解决了网络流量异常检测中面临的不完备流数据难以有效分析的问题。频度因子模型基于频度因子认知计算而得到,与基础认知相结合后,形成动态认知Vague集,有利于处理随时间变化而变化的场景;相关因子模型使用相关度的概念提高异常识别的准确率,通过实验证明该算法在数据缺失达到80%以上时,依然能够保持较高的识别准确率。(2)构建了基于动态认知的微博用户行为分析方法动态认知过程是粒层凝聚变化的过程。通过对特征属性的动态认知,构建粒层凝聚算法。动态认知具有灵活性的特点,随需求变化进行粒层凝聚,形成满足具体需求的认知粒子凝聚。基于动态认知可以获得对应的粒层分析,进而形成相关的粒层用于智能分类等应用。在此基础上,将该方法应用到微博用户行为关系网络构建和微博用户快速分类之中,在选定的三种重要行为特征情况下,分类准确率并没有明显的降低,取得了很好的分类效果。(3)设计了基于Spark技术的网络安全行为分析平台该平台为了满足处理数据来源的多样性、数据采集点的分散性、数据处理的及时有效性,采用了基于Spark技术的准在线分析方法,实时获取网络流量、Netflow数据、防火墙日志和Web数据等多源原始数据,采用离线数据预处理和数据分析的方式得到分析结果。在告警决策方面,基于D-S方法和Vague集理论,提出了多源数据评估的方法,能够有效地提高告警准确率。同时,该平台还采用基于总线的方式,便于扩展。
[Abstract]:With the rapid development of mobile Internet. The network has penetrated into every aspect of people's life. Any failure of the network (including equipment failure and attack) will have a great impact on life and work. At the same time. Also faces the Internet information dissemination speed compared with the traditional media dissemination has the huge superiority, the short time may form the public opinion direction. Even affect the stability of public opinion. The National Cyberspace Security Strategy defines the cyberspace security strategy from the perspectives of network communication infrastructure and information security and dissemination. To ensure the security of network communication infrastructure; On the other hand, to ensure the security of network information and the authenticity and reliability of network information, it will not mislead the public and cause network group events. Therefore, in order to maintain the security of cyberspace from the above two angles. It is necessary to analyze and mine the user behavior of IP layer and application layer (especially Web content) in order to discover the behavior that endangers the security of network space in time. The theory of granular computing has strong incomplete information processing ability and has been widely recognized by the academic community. It is in artificial intelligence, in-depth learning. Information security and other fields have a high application value. Based on granular computing theory, combined with the current application of cyberspace security background, network traffic anomaly detection and Weibo user behavior analysis are studied. The main achievements are as follows: 1) A network traffic anomaly detection algorithm based on dynamic Vague set is proposed. Based on the dynamic Vague set, the frequency factor model and the related factor model are proposed. It solves the problem that the incomplete flow data in network traffic anomaly detection is difficult to be analyzed effectively. The frequency factor model is based on the frequency factor cognitive calculation and combined with the basic cognition. The formation of dynamic cognitive Vague sets is beneficial to the processing of scenes that change with time. Correlation factor model uses the concept of correlation to improve the accuracy of anomaly recognition. Experiments show that the algorithm is more than 80% when the data is missing. Still able to maintain a high recognition accuracy. (2) the dynamic cognitive process of Weibo user behavior analysis method based on dynamic cognition is a process of agglomeration and change of grain layer. Dynamic cognition has the characteristics of flexibility, agglomeration with the change of demand, forming cognitive particle aggregation to meet specific needs. Based on dynamic cognition, corresponding granular analysis can be obtained. On the basis of this, the method is applied to the construction of Weibo user behavior relationship network and Weibo user fast classification. Under the selected three important behavioral characteristics, the classification accuracy did not decrease significantly. A network security behavior analysis platform based on Spark technology is designed. In order to meet the diversity of data sources, data collection points are distributed. The timely validity of data processing, the use of Spark technology based on the quasi-online analysis method, real-time access to network traffic flow data, firewall logs and Web data and other multi-source raw data. The analysis results are obtained by off-line data preprocessing and data analysis. Based on D-S method and Vague set theory, a multi-source data evaluation method is proposed. At the same time, the platform is based on bus and is easy to be extended.
【学位授予单位】：电子科技大学
【学位级别】：博士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】