基于时空维度的多源网络安全态势感知方法研究
发布时间:2019-06-21 04:57
【摘要】:随着互联网的普及,网络安全已经成为了影响社会稳定的重要因素。网络安全态势感知技术就是以网络安全发展状况为切入点,对安全状态以及发展趋势进行高效全面的感知。近年来网络态势感知技术研究已经日趋成熟,但仍存在以下不足:缺乏安全态势要素预测值对态势影响的研究、缺乏态势要素的反馈防护并忽略了各要素及主机态势值之间的相互关系对预测的影响。此外,网络安全态势融合过程中主机的重要性未考虑主机在攻防场景的作用以及主机之间的连带关系。为解决以上问题,本文首先研究了网络安全态势感知中数据源的处理预测方法,选取多个数据源作为感知要素,分别进行处理预测并加固防护;然后提出基于时空维度的多源网络态势感知方法,评估并预测网络安全态势。主要研究内容有:1、为提高入侵检测准确率,针对攻击方典型数据源—入侵威胁集,提出层次属性约减的入侵检测(HRGA-IDS)方法。首先对数据进行预处理并且分层划分子空间;其次采用文化算法的双层进化模型控制粗糙集-遗传算法的进化,形成具有针对性的约减集;最后设计层次Bayes分类器验证算法性能。实验表明,该算法可将Bayes分类的正确率提高至98.21%,并能较好识别出流量特征不明显的R2L、U2R类别的入侵。2、为挖掘漏洞内在联系并对其进行预测,针对防守方典型数据源—脆弱性集,提出了基于文本挖掘-粒子群优化算法(PSO-K-means)的漏洞信息聚类、漏洞分析预测(VAPA)算法。首先利用PSO-K-means算法对漏洞进行聚类并获取主题词;其次用VAPA算法对漏洞进行预测。实验表明PSO-K-means算法用于漏洞分类的准确率达90.16%。VAPA算法能预测一个时间步长的漏洞类别及数量。3、根据以上两点的研究,提出基于时空维度的网络态势感知方法。首先从时间维度对数据源的处理结果进行融合得到主机态势,并通过空间关系对其进行动态修正和预测;其次结合网络拓扑结构和攻击图,计算空间维度攻防场景中的主机重要性权重,得到时空维度网络层的态势预测值。实验表明,本算法与现有方法相比将态势预测的准确率提高了 10.6%,证明了本算法能够有效计算并预测网络安全态势。
[Abstract]:With the popularity of the Internet, network security has become an important factor affecting social stability. Network security situational awareness technology takes the development of network security as the starting point, and makes an efficient and comprehensive perception of the security state and development trend. In recent years, the research of network situational awareness technology has become more and more mature, but there are still the following shortcomings: lack of research on the influence of security situation element prediction on situation, lack of feedback protection of situation element and neglect of the influence of the relationship between each element and the host state value on the prediction. In addition, the importance of the host in the process of network security situation fusion does not take into account the role of the host in the attack and defense scene and the associated relationship between the hosts. In order to solve the above problems, this paper first studies the processing and prediction method of data sources in network security situational awareness, selects multiple data sources as perceptual elements, processes, forecasts and strengthens protection separately, and then proposes a multi-source network situational awareness method based on space-time dimension to evaluate and predict the network security situation. The main research contents are as follows: 1. In order to improve the accuracy of intrusion detection, a hierarchical attribute reduction intrusion detection (HRGA-IDS) method is proposed for the typical data source of attack party, intrusion threat set. Firstly, the data is preprocessed and layered into molecular space; secondly, the double-layer evolutionary model of cultural algorithm is used to control the evolution of rough set-genetic algorithm to form a targeted reduction set. Finally, a hierarchical Bayes classifier is designed to verify the performance of the algorithm. The experimental results show that the algorithm can improve the correct rate of Bayes classification to 98.21%, and can well identify the intrusion of R2L and U2R categories where the traffic characteristics are not obvious. 2. In order to mine the internal relationship of vulnerabilities and predict the vulnerability sets, a vulnerability information clustering algorithm based on text mining particle swarm optimization (PSO-K-means) is proposed, and the vulnerability analysis and prediction (VAPA) algorithm is proposed for the typical data source of defenders. Firstly, PSO-K-means algorithm is used to cluster the vulnerability and obtain the subject word. Secondly, the VAPA algorithm is used to predict the vulnerability. Experiments show that the accuracy of PSO-K-means algorithm in vulnerability classification is up to that of 90.16%.VAPA algorithm, which can predict the category and number of vulnerabilities in a time step. 3. According to the above two points, a network situational awareness method based on space-time dimension is proposed. Firstly, the host situation is obtained from the processing results of the data source from the time dimension, and the dynamic correction and prediction are carried out through the spatial relationship. Secondly, combined with the network topology and attack graph, the host importance weight in the spatial dimension attack and defense scene is calculated, and the situation prediction value of the space-time dimension network layer is obtained. The experimental results show that the algorithm improves the accuracy of situation prediction by 10.6% compared with the existing methods, which proves that the algorithm can effectively calculate and predict the network security situation.
【学位授予单位】:西北大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
本文编号:2503805
[Abstract]:With the popularity of the Internet, network security has become an important factor affecting social stability. Network security situational awareness technology takes the development of network security as the starting point, and makes an efficient and comprehensive perception of the security state and development trend. In recent years, the research of network situational awareness technology has become more and more mature, but there are still the following shortcomings: lack of research on the influence of security situation element prediction on situation, lack of feedback protection of situation element and neglect of the influence of the relationship between each element and the host state value on the prediction. In addition, the importance of the host in the process of network security situation fusion does not take into account the role of the host in the attack and defense scene and the associated relationship between the hosts. In order to solve the above problems, this paper first studies the processing and prediction method of data sources in network security situational awareness, selects multiple data sources as perceptual elements, processes, forecasts and strengthens protection separately, and then proposes a multi-source network situational awareness method based on space-time dimension to evaluate and predict the network security situation. The main research contents are as follows: 1. In order to improve the accuracy of intrusion detection, a hierarchical attribute reduction intrusion detection (HRGA-IDS) method is proposed for the typical data source of attack party, intrusion threat set. Firstly, the data is preprocessed and layered into molecular space; secondly, the double-layer evolutionary model of cultural algorithm is used to control the evolution of rough set-genetic algorithm to form a targeted reduction set. Finally, a hierarchical Bayes classifier is designed to verify the performance of the algorithm. The experimental results show that the algorithm can improve the correct rate of Bayes classification to 98.21%, and can well identify the intrusion of R2L and U2R categories where the traffic characteristics are not obvious. 2. In order to mine the internal relationship of vulnerabilities and predict the vulnerability sets, a vulnerability information clustering algorithm based on text mining particle swarm optimization (PSO-K-means) is proposed, and the vulnerability analysis and prediction (VAPA) algorithm is proposed for the typical data source of defenders. Firstly, PSO-K-means algorithm is used to cluster the vulnerability and obtain the subject word. Secondly, the VAPA algorithm is used to predict the vulnerability. Experiments show that the accuracy of PSO-K-means algorithm in vulnerability classification is up to that of 90.16%.VAPA algorithm, which can predict the category and number of vulnerabilities in a time step. 3. According to the above two points, a network situational awareness method based on space-time dimension is proposed. Firstly, the host situation is obtained from the processing results of the data source from the time dimension, and the dynamic correction and prediction are carried out through the spatial relationship. Secondly, combined with the network topology and attack graph, the host importance weight in the spatial dimension attack and defense scene is calculated, and the situation prediction value of the space-time dimension network layer is obtained. The experimental results show that the algorithm improves the accuracy of situation prediction by 10.6% compared with the existing methods, which proves that the algorithm can effectively calculate and predict the network security situation.
【学位授予单位】:西北大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 龚俭;臧小东;苏琪;胡晓艳;徐杰;;网络安全态势感知综述[J];软件学报;2017年04期
2 蒋铭初;潘志松;尤峻;;基于PLSA主题模型的多标记文本分类[J];数据采集与处理;2016年03期
3 高妮;高岭;贺毅岳;雷艳婷;高全力;;基于贝叶斯攻击图的动态安全风险评估模型[J];四川大学学报(工程科学版);2016年01期
4 高岭;申元;高妮;雷艳婷;孙骞;;基于文本挖掘的漏洞信息聚类分析[J];东南大学学报(自然科学版);2015年05期
5 文志诚;陈志刚;邓晓衡;刘安丰;;基于多源多层次信息融合的网络安全态势感知方法[J];上海交通大学学报;2015年08期
6 李丹丹;田春伟;李佰洋;孙广路;康健;;基于子空间聚类的网络流量分类方法[J];哈尔滨理工大学学报;2015年02期
7 唐成华;刘鹏程;汤申生;谢逸;;基于特征选择的模糊聚类异常入侵行为检测[J];计算机研究与发展;2015年03期
8 刘玉岭;冯登国;连一峰;陈恺;吴迪;;基于时空维度分析的网络安全态势预测方法[J];计算机研究与发展;2014年08期
9 陈小军;方滨兴;谭庆丰;张浩亮;;基于概率攻击图的内部攻击意图推断算法研究[J];计算机学报;2014年01期
10 张玲;白中英;罗守山;谢康;崔冠宁;孙茂华;;基于粗糙集和人工免疫的集成入侵检测模型[J];通信学报;2013年09期
相关博士学位论文 前2条
1 张建锋;网络安全态势评估若干关键技术研究[D];国防科学技术大学;2013年
2 赖积保;基于异构传感器的网络安全态势感知若干关键技术研究[D];哈尔滨工程大学;2009年
相关硕士学位论文 前2条
1 王一村;网络安全态势分析与预测方法研究[D];北京交通大学;2015年
2 孙德衡;基于指标融合的网络安全态势评估模型研究[D];西北大学;2012年
,本文编号:2503805
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2503805.html
