区域网络的态势预测及可视化技术研究与实现
发布时间:2018-08-17 12:35
【摘要】:近些年,互联网蓬勃发展,已经渗透到老百姓生活的各个方面,也应用到国家的重要基础设施,加速了国家的信息化进程。互联网已经成为人民生活的一部分,不可分割。与此同时,网络攻击技术也得到了快速发展,并且计算机网络和操作系统的漏洞也借着互联网平台更多的暴露出来,使得利用网络进行违法活动的事件经常发生,造成不小的经济损失。因此,及时了解当前网络的安全状态,并预测网络状态的发展趋势显得极其重要。此外,单一性质的防护方式已经不能满足需求,需要综合考虑多种防护措施之间的关联性,实现协同防护。为了实现协同防护、趋势预测,帮助快速、准确的定位异常,本文设计并实现了一个区域网络的态势预测及可视化系统,通过采集区域网络中不同设备相关的多源数据,预处理后进行理解、关联分析及预测,最终实现可视化,使得网络攻击防御由被动变主动,为网络管理人员分析以及调整防御策略提供强大的支撑。本文围绕区域网络的态势预测及可视化技术研究与实现开展了七个重点工作:第一,设计并实现了一套完整的从数据采集、数据分析到数据可视化的态势感知预测系统。第二,研究并实现多源异构数据的采集,为系统的核心功能关联分析和趋势预测提供强大的数据支撑。第三,研究并实现关联分析算法,挖掘在区域网络中发生的网络安全事件之间的关联规则,并给出关联安全事件之间的置信度。第四,分析比较了两种神经网络算法的优缺点,提出了对RIBF神经网络的改进方法,使用改进的RBF实现对趋势的预测,并对比了算法改进前后的预测效果。第五,提出了一种基于大量数据的网络异常流量的检测方式,通过对大量流量历史曲线数据存储,提取相同行为模式的训练数据,建立模型曲线。计算观测流量曲线与模型曲线之间的距离来定位异常发生的时间范围。第六,实现了安全数据可视化,给网络管理人员提供管理安全数据的交互接口。最后对关联分析模块和预测模块进行了功能性测试,以及监控端可视化的可用性验证。本文是态势感知预测系统的一个初期呈现,为后来区域网络的安全管理与防御做了很好的基础铺垫。
[Abstract]:In recent years, the rapid development of the Internet has penetrated into all aspects of people's life, also applied to the important infrastructure of the country, accelerated the process of national information. Internet has become a part of people's life, inseparable. At the same time, the technology of network attack has also developed rapidly, and the loopholes in computer networks and operating systems have been exposed more by the Internet platform, so that the use of the network for illegal activities often occurs. Cause no small economic loss. Therefore, it is very important to know the security state of the current network and predict the development trend of the network state. In addition, the single nature of the protection can not meet the needs of the need for comprehensive consideration of a variety of protective measures between the relevance of the realization of collaborative protection. In order to achieve cooperative protection, trend prediction and help to locate anomalies quickly and accurately, this paper designs and implements a situation prediction and visualization system of regional network, which collects multi-source data related to different devices in regional network. After preprocessing, understanding, association analysis and prediction are carried out, and finally visualization is realized, which makes network attack defense from passive to active, and provides strong support for network managers to analyze and adjust defense strategy. This paper focuses on the research and implementation of situation prediction and visualization technology of regional network. Firstly, it designs and implements a complete situational awareness forecasting system from data acquisition, data analysis to data visualization. Secondly, research and implementation of multi-source heterogeneous data acquisition, for the system's core function of correlation analysis and trend prediction provides a strong data support. Thirdly, we study and implement the association analysis algorithm, mining the association rules between the network security events that occur in the local network, and give the confidence between the associated security events. Fourthly, the advantages and disadvantages of the two neural network algorithms are analyzed and compared, and the improved method of RIBF neural network is put forward, the trend prediction is realized by using the improved RBF, and the prediction results before and after the improved algorithm are compared. Fifth, a network anomaly detection method based on a large amount of data is proposed. By storing a large amount of traffic history curve data, the training data of the same behavior pattern are extracted, and the model curve is established. The distance between the observed flow curve and the model curve is calculated to locate the time range of the anomaly. Sixth, the security data visualization is realized, and the interactive interface for network managers to manage secure data is provided. Finally, the functional tests of the association analysis module and the prediction module are carried out, as well as the visual usability verification of the monitor side. This paper is an initial presentation of situational awareness prediction system, which lays a good foundation for the later regional network security management and defense.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.0
本文编号:2187646
[Abstract]:In recent years, the rapid development of the Internet has penetrated into all aspects of people's life, also applied to the important infrastructure of the country, accelerated the process of national information. Internet has become a part of people's life, inseparable. At the same time, the technology of network attack has also developed rapidly, and the loopholes in computer networks and operating systems have been exposed more by the Internet platform, so that the use of the network for illegal activities often occurs. Cause no small economic loss. Therefore, it is very important to know the security state of the current network and predict the development trend of the network state. In addition, the single nature of the protection can not meet the needs of the need for comprehensive consideration of a variety of protective measures between the relevance of the realization of collaborative protection. In order to achieve cooperative protection, trend prediction and help to locate anomalies quickly and accurately, this paper designs and implements a situation prediction and visualization system of regional network, which collects multi-source data related to different devices in regional network. After preprocessing, understanding, association analysis and prediction are carried out, and finally visualization is realized, which makes network attack defense from passive to active, and provides strong support for network managers to analyze and adjust defense strategy. This paper focuses on the research and implementation of situation prediction and visualization technology of regional network. Firstly, it designs and implements a complete situational awareness forecasting system from data acquisition, data analysis to data visualization. Secondly, research and implementation of multi-source heterogeneous data acquisition, for the system's core function of correlation analysis and trend prediction provides a strong data support. Thirdly, we study and implement the association analysis algorithm, mining the association rules between the network security events that occur in the local network, and give the confidence between the associated security events. Fourthly, the advantages and disadvantages of the two neural network algorithms are analyzed and compared, and the improved method of RIBF neural network is put forward, the trend prediction is realized by using the improved RBF, and the prediction results before and after the improved algorithm are compared. Fifth, a network anomaly detection method based on a large amount of data is proposed. By storing a large amount of traffic history curve data, the training data of the same behavior pattern are extracted, and the model curve is established. The distance between the observed flow curve and the model curve is calculated to locate the time range of the anomaly. Sixth, the security data visualization is realized, and the interactive interface for network managers to manage secure data is provided. Finally, the functional tests of the association analysis module and the prediction module are carried out, as well as the visual usability verification of the monitor side. This paper is an initial presentation of situational awareness prediction system, which lays a good foundation for the later regional network security management and defense.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.0
【参考文献】
相关期刊论文 前10条
1 丁丽;;网络安全监测数据分析——2016年10月[J];互联网天地;2016年12期
2 李平;;2015年电脑病毒感染突破48亿次 病毒成敛财工具[J];计算机与网络;2016年Z1期
3 席荣荣;云晓春;金舒原;张永铮;;网络安全态势感知研究综述[J];计算机应用;2012年01期
4 李硕;戴欣;周渝霞;;网络安全态势感知研究进展[J];计算机应用研究;2010年09期
5 韦勇;连一峰;;基于日志审计与性能修正算法的网络安全态势评估模型[J];计算机学报;2009年04期
6 赖积保;王慧强;金爽;;基于Netflow的网络安全态势感知系统研究[J];计算机应用研究;2007年08期
7 王慧强;赖积保;朱亮;梁颖;;网络态势感知系统研究综述[J];计算机科学;2006年10期
8 刘柏森;刘美佳;秦进平;;RBF网络在逼近能力方面的探讨[J];交通科技与经济;2006年01期
9 胡华平,张怡,陈海涛,宣蕾,孙鹏;面向大规模网络的入侵检测与预警系统研究[J];国防科技大学学报;2003年01期
10 闫怀志,胡昌振,谭惠民;基于模糊矩阵博弈的网络安全威胁评估[J];计算机工程与应用;2002年13期
相关硕士学位论文 前1条
1 吕智勇;基于数据挖掘的入侵检测系统的研究[D];哈尔滨工程大学;2006年
,本文编号:2187646
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2187646.html
