电信网信息内容安全事件态势感知技术研究

发布时间：2018-01-11 21:02

本文关键词：电信网信息内容安全事件态势感知技术研究　出处：《解放军信息工程大学》2014年博士论文　论文类型：学位论文

【摘要】：随着电信网规模的日益庞大和通信技术的迅猛发展,电信网在用户数目和普及率、终端类型、业务种类以及与互联网络的融合程度等方面都呈现出了前所未有的蓬勃趋势。然而,也为电信网信息内容安全领域带来了新的挑战。诸如骚扰音/视频电话和垃圾短/彩信等信息内容安全事件随之增多,影响和干扰了用户的正常工作和生活,为社会和谐发展带来不稳定因素。因此,对此类事件的监管已成为电信网信息内容安全领域的研究热点。信息内容安全事件态势感知,描述了对引起此类事件态势变化的要素的获取、理解和预测,能够为决策提供有效、有力的数据支持,具有重要的现实意义和理论价值。本文将电信网络中典型的信息内容安全事件,即骚扰音/视频电话和垃圾短/彩信作为研究对象;以实现对电信网中以骚扰音/视频电话和垃圾短/彩信为代表的信息内容安全事件的态势感知为研究目标;沿用Endsly提出的经典态势感知框架,将电信网信息内容安全事件态势感知的信息处理过程,分为态势觉察、态势理解和态势预测,其中对态势的理解分为事件分类和态势评估两部分,作为本文的研究主线。主要研究内容和创新点如下:1、提出了一种基于关联规则的态势觉察方法。利用信息内容安全事件自身的特点与常规通信特征的不同,将通信特征中的行为特征、关系特征、位置特征及内容特征的相关数据进行关联挖掘,实现对信息内容安全事件的发现;针对大数据情况下可能存在的虚警问题,提出了基于邦弗朗尼校正的检验准则,对得到的频繁项集是否符合事件发生条件进行筛选。实验结果表明,该方法切实有效,在低虚警率和漏检率的情况下,具有较好的检测率;2、提出了分布式幂级Apriori算法和层次式协同演化遗传算法,分别针对离线和在线数据进行关联规则的挖掘。其中,分布式幂级Apriori算法在Apriori算法原理的基础上,采用幂集法生成所有经过1次支持度筛选后的频繁1项集的子项作为候选项,减少了扫描数据库和剪枝次数,提高了运算速度,并且保留了原算法中可能被滤除的频繁项集,使得结果更为完备。实验结果表明,该算法运行时间短,并行运算能力强,性能优于现有Apriori算法;层次式协同演化遗传算法中,采用层次式结构,对由项集形成的子种群采用遗传算法进行演化,作为局部解,对形成的优势种群采用合作协同思想进行演化,实现信息的交互和传递,从而将局部解整合得到全局解。实验结果表明,该算法在保证一定准确率的前提下,运行速度快、聚焦能力强、泛化性好,在大规模数据处理中具有较高的优越性;3、提出一种多维信息联合的LDA模型的事件分类方法。以网络通信中的时间特征为轴,对由此划分出的各个时间片段中的用户信息和通信内容特征采用LDA模型进行建模分类,对分类结果的相似性进行度量后,再与增量更新数据部分的分类结果归纳合并,从而实现对数据集中所含事件的在线分类。实验结果表明,该模型具有较好的泛化能力和事件分类能力,可以有效实现对信息内容安全事件的在线分类。与其他分类算法相比,提出算法可在较短时间内完成对事件细粒度的分类,准确度较高;4、提出了一种层次化的态势评估模型。该模型采用层次式结构,分别对事件级、区域级和系统级的态势评估值进行计算。其中,事件级态势利用事件特征中的行为特征和内容特征进行计算;区域级态势则依据关系特征和位置特征;系统级态势整合所涉及的各区域级态势,对各级态势评估值参数的计算方法进行了定义。实验结果表明,该模型及计算方法具有可行性和可靠性,在对信息内容安全事件的态势评估过程中,能够有效反映事件的变化及其影响程度;5、提出了一种基于精英选择模型的免疫遗传算法优化RBF神经网络的态势预测方法。模型采用精英选择策略,确保优良基因得以保留进入下一代。同时,通过退火因子的扰动,在一定程度上增加了变异的多样性,提高整个算法的收敛速度和局部搜索能力。实验结果表明,该算法可以准确地对信息内容安全事件的态势做出预测,与实际数据的拟合度较高,有效体现了事件强度的变化趋势。算法具有的强收敛性,减少了训练的成本,降低了算法的学习时间,综合性能与现有算法相比具有优越性。
[Abstract]:With the rapid development of increasingly large scale telecommunication network and communication technology, telecommunication network in the number of users and the penetration rate, terminal type, service type and network integration and other aspects of the degree of showing a booming trend hitherto unknown. However, it also brings new challenges to the telecom network information security field such as harassment. Audio / video call and spam SMS / MMS and other information security incidents increased, affect and interfere with the user's normal work and life, bring instability to the harmonious development of the society. Therefore, the supervision of such events has become a hot research topic in telecom network information security. Information security incident situation awareness. Describe the elements of such events caused by obtaining situation change, understand and predict, to provide effective and powerful data support, has important practical significance and The theory of value. In this paper, the content of information security events typical of the telecommunication network, namely audio / video and telephone harassment spam short / MMS as the research object; in order to achieve the telecommunication network to audio / video telephone harassment and spam short information content security incidents / MMS as the representative of the situation perception as the research object; the classical situational awareness framework proposed by Endsly, the information network information security situation awareness event process, divided into situation awareness, situation understanding and situation forecast, the situation understanding of event classification and situation assessment is divided into two parts, as the main line of this paper. The main research contents and innovations are as follows: 1 put forward a method of association rules based on situation awareness. The information content security event itself and conventional communication characteristics of the different characteristics of the communication behavior characteristic, relationship characteristics, position Association mining related data set features and content features, implementation of security incidents on the information content of discovery; for the false alarm problem may exist in large data situation, proposed the Bong Furlong Ni correction test based on the criterion of frequent itemsets obtained is consistent with the occurrence conditions were selected. The experimental results show that this method is effective and in the effective, low false alarm rate and missing rate, has better detection rate; 2, the co evolution genetic algorithm for distributed power level Apriori algorithm and hierarchical, mining association rules for off-line and on-line data respectively. Among them, the distributed power level Apriori algorithm based on the principle of Apriori algorithm. The power generation of all after 1 support after the screening of frequent itemsets 1 sub items as a candidate set, reducing the number of scanning the database and pruning, improves the operation speed, and Paul May be left in the original algorithm of frequent itemsets filtering, which makes it more complete. The experimental results show that the algorithm running time is short, parallel computing ability, the performance is better than the existing Apriori algorithm; hierarchical co evolution genetic algorithm, using hierarchical structure, formed by the set of sub populations by genetic algorithm evolution, as a partial solution, for the formation of the dominant population collaborative thought evolution, to realize the information interaction and transfer, so as to get the global solution of the integration of local solutions. The experimental results show that the algorithm not only guarantees the accuracy, fast running speed, focusing ability, good generalization, superiority high in mass data processing; 3, we propose a LDA model combined with the multidimensional information event classification method. With time characteristics of network communication in the axis of each time segment which divided into the The user information and communication content features of the LDA model is used to measure the similarity classification modeling, the results of the classification, classification and incremental updating data part of the results are summarized with, thus realizing the online classification data set contains the event. The experimental results show that the model has good generalization ability and event classification ability that can effectively achieve the online classification of security events on information content. Compared with other classification algorithms, this algorithm can be in a relatively short period of time to complete the classification of fine-grained, high degree of accuracy; 4, we propose a hierarchical model of situation assessment. The model uses the hierarchical structure of the event. Regional level and system level situation assessment value were calculated. The event level situation using behavioral features and content features of the event features were calculated; regional situation according to the special relationship Sign and position features; system level integration situation involving the regional level situation, at all levels of situation assessment method of calculating parameters are defined. The experimental results show that the model and the calculation method is feasible and reliable, in the event of information content security situation assessment process, can effectively reflect the changes and influence the event; 5, proposed an elitist selection model RBF neural network optimized by immune genetic algorithm. The model trend prediction method based on elitist selection strategy, to ensure good genes survive into the next generation. At the same time, by disturbing the annealing factor, the diversity increased to a certain extent, improve the convergence speed the whole algorithm and local search ability. The experimental results show that this algorithm can accurately the content of information security incidents situation forecast, and the actual data fitting Higher efficiency effectively reflects the trend of the change of event intensity. The algorithm has strong convergence, reducing the cost of training, reducing the learning time of the algorithm, and the comprehensive performance is superior to the existing algorithm.

【学位授予单位】：解放军信息工程大学
【学位级别】：博士
【学位授予年份】：2014
【分类号】：TN915.08

【参考文献】