基于Kalman算法和灰关联熵的网络安全态势预测方法研究

发布时间：2018-11-25 16:15

【摘要】：随着网络规模的日趋庞大,结构的日益复杂和多变,传统的解决单个网络安全问题的方法已经无法满足需求。对网络的整体运行情况进行感知和预测,已经逐渐成为当前网络安全领域的研究热点之一。网络安全态势预测作为网络安全态势感知的重要内容,使网络安全管理从被动变为主动。目前网络安全态势预测仅仅利用当前和过去的网络安全态势值对未来一段时间进行预测,这种方法预测数据单一,未结合各种环境影响因素。针对以上问题,本文主要工作和创新点如下:(1)深入研究了影响网络安全态势的各种环境因素。由于影响网络安全态势的环境因素较多,为了权衡预测的精度和效率,本文利用灰关联熵分析方法选出与网络安全态势关联程度较大的影响因素,并给出了完整的基于灰关联熵和Kalman的网络安全态势感知模型。(2)提出了GRE-Kalman预测算法。结合选出的网络安全态势的关键因素,提出了基于灰关联熵的Kalman预测算法(GRE-Kalman)。GRE-Kalman预测模型适用于任意个影响因素,可根据需要确定影响因素的个数。通过结合影响因素进行预测,提高了预测的精度和算法的适应性。(3)提出了AP-Kalman预测算法。结合灰关联熵分析方法选出的关键因素攻击强度,分别利用前一个时间段的攻击强度、前二个时间段的攻击强度、前三个时间段的攻击强度、前一个时间段的攻击强度和前一个时间段的网络安全态势建立不同的预测模型,实验结果表明利用前二个时间段的攻击强度建立的模型预测效果较好,将该模型命名为AP-Kalman算法。AP-Kalman算法预测精度比GRE-Kalman算法高,说明AP-Kalman算法是可行的。
[Abstract]:With the increasing scale of the network and the increasingly complex and changeable structure, the traditional method to solve the single network security problem has been unable to meet the demand. The perception and prediction of the whole operation of the network has become one of the research hotspots in the field of network security. As an important part of network security situation awareness, network security situation prediction changes network security management from passive to active. The current network security situation prediction only uses the current and past network security situation values to predict the future for a period of time. This method has a single prediction data and does not combine with various environmental factors. In view of the above problems, the main work and innovation of this paper are as follows: (1) the environmental factors that affect the network security situation are deeply studied. Because there are many environmental factors affecting network security situation, in order to weigh the accuracy and efficiency of prediction, the grey correlation entropy analysis method is used to select the influential factors which have a large degree of correlation with network security situation. A complete network security situational awareness model based on grey association entropy and Kalman is presented. (2) GRE-Kalman prediction algorithm is proposed. Combined with the selected key factors of network security situation, a Kalman prediction algorithm (GRE-Kalman) based on grey association entropy is proposed. The GRE-Kalman prediction model is suitable for any influence factor, and the number of influencing factors can be determined according to the need. The prediction accuracy and the adaptability of the algorithm are improved by combining the influence factors. (3) the AP-Kalman prediction algorithm is proposed. Combined with the key factors selected by the grey association entropy analysis method, the attack intensity of the previous time period, the first two time periods, the first three time periods, the attack intensity of the first three time periods, the attack intensity of the previous time period, the attack intensity of the first three time periods, respectively. Different prediction models are established between the attack intensity of the previous time period and the network security situation of the previous time period. The experimental results show that the prediction effect of the model based on the attack intensity of the previous two time periods is good. The model is named AP-Kalman algorithm. The prediction accuracy of AP-Kalman algorithm is higher than that of GRE-Kalman algorithm, which shows that AP-Kalman algorithm is feasible.
【学位授予单位】：南京航空航天大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】