吉林大学学报(工学版) ›› 2013, Vol. 43 ›› Issue (06): 1650-1657.doi: 10.7964/jdxbgxb201306035

• 论文 • 上一篇    下一篇

基于融合的网络安全态势量化感知

刘效武1, 王慧强2, 吕宏武2, 安述照3   

  1. 1. 曲阜师范大学 计算机科学学院, 山东 日照 276826;
    2. 哈尔滨工程大学 计算机科学与技术学院, 哈尔滨 150001;
    3. 青岛酒店管理学院 信息工程技术系, 山东 青岛 266100
  • 收稿日期:2013-04-01 出版日期:2013-11-01 发布日期:2013-11-01
  • 作者简介:刘效武(1976-),男,讲师,博士.研究方向:态势感知,数据融合,认知计算.E-mail:liuxiaowu@hrbeu.edu.cn
  • 基金资助:

    国家自然科学基金重大研究计划项目(90718003);山东省高等学校科技计划项目(J11LG09);曲阜师范大学青年基金项目(XJ201025).

Quantitative awareness of network security situation based on fusion

LIU Xiao-wu1, WANG Hui-qiang2, LYU Hong-wu2, AN Shu-zhao3   

  1. 1. College of Computer Science, Qufu Normal University, Rizhao 276826, China;
    2. College of Computer Science and Technology, Harbin Engineering University, Harbin 150001, China;
    3. School of Information Engineering Technology, College of Qingdao Hismile, Qingdao 266100, China
  • Received:2013-04-01 Online:2013-11-01 Published:2013-11-01

摘要:

为了解决网络安全态势感知的多源融合和量化感知问题,利用粒子群寻优的方式对D-S证据融合的不同信度数据源赋予不同融合权值,实现多源融合。在融合的基础上,对正态分布进行离散化处理,推导出具有环境适应能力的威胁因子获取方法,实现态势要素提取,并结合要素量化,最终提出公式化的网络安全态势量化感知方法,生成服务级、主机级和网络系统级的态势演化曲线。仿真实验表明:本文提出的融合方法能提高检测率,减低误警率,形式公式化的量化感知方法能够感知威胁状况的动态变化情况,达到了有效监控网络的目的。

关键词: 计算机应用, 网络安全态势感知, 多源融合, 量化感知

Abstract:

In order to solve the problems of multi-source fusion and quantitative awareness in the network security situation awareness, the particle swarm optimization is applied to search the exponent weight for different reliability data source for the D-S evidence fusion, and the multi-source fusion was obtained. Based on the fusion, the threaten gene acquisition method with adaptability was studied through the discretization to normal distribution, and the situation factor extraction was accomplished. According to the fusion and factor extraction, a formal network security situation awareness method was proposed. This method could generate service, host and network system level situation evolution curves. Simulation experiments show that the proposed fusion method can increase the detection rate and decrease the false detection rate. The formal quantitative method is able to be aware of the dynamic change of the threat and meets the goal of monitoring the network in an effective manner.

Key words: computer application, network security situation awareness, multi-source fusion, quantitative awareness

中图分类号: 

  • TP393.4

[1] Bass T. Intrusion detection systems and multisensor data fusion: creating cyberspace situational awarenes[J]. Communications of the ACM, 2000, 43(4): 99-105.

[2] 张勇, 谭小彬, 崔孝林,等. 基于Markov博弈模型的网络安全态势感知方法[J]. 软件学报,2011, 22(3):495-508. Zhang Yong, Tan Xiao-bin, Cui Xiao-lin, et al. Network security situation awareness approach based on markov game model[J]. Journal of Software, 2011, 22(3): 495-508.

[3] 王春雷,方兰,王东霞,等. 基于知识发现的网络安全态势感知系统[J]. 计算机科学,2012, 39(7):11-17,24. Wang Chun-lei, Fang Lan, Wang Dong-xia, et al. Network security situation awareness system based on knowledge discovery[J]. Computer Science,2012,39(7):11-17,24.

[4] Zhang Y, Huang S G, Guo S Z, et al. Multi sensor data fusion for cyber security situation awareness[J]. Procedia Environmental Sciences, 2011, 10(Part B): 1029-1034.

[5] 龚正虎, 卓莹. 网络态势感知研究[J]. 软件学报,2010, 21(7): 1605-1619. Gong Zheng-hu, Zhuo Ying. Research on cyberspace situational awareness[J]. Journal of Software, 2010, 21(7): 1605-1619.

[6] 陈秀真,郑庆华,管晓宏,等. 层次化网络安全威胁态势量化评估方法[J]. 软件学报, 2006, 17(4): 885-897. Chen Xiu-zhen, Zheng Qing-hua, Guan Xiao-hong, et al. Quantitative hierarchical threat evaluation model for network security[J]. Journal of Software, 2006, 17(4): 885-897.

[7] 韦勇, 连一峰, 冯登国. 基于信息融合的网络安全态势评估模型[J]. 计算机研究与发展, 2009, 46(3): 353-362. Wei Yong, Lian Yi-feng, Feng Deng-guo. A network security situational awareness model based on information fusion[J]. Journal of Computer Research and Development, 2009, 46(3): 353-362.

[8] Hu W, Li J, Jiang X, et al. A hierarchical algorithm for cyberspace situational awareness based on analytic hierarchy process[J]. High Technology Letters, 2007, 13(3): 291-296.

[9] 陈继军. 多传感器管理及信息融合[D]. 西安:西北工业大学自动化学院, 2002. Chen Ji-jun. Multi-sensor administration and information fusion[D]. Xi'an:School of Automation,Northwester Polytechnical University, 2002.

[10] 马琳茹, 杨林, 王建新. 多源异构安全信息融合关联技术研究[J]. 系统仿真学报, 2008, 20(4): 981-989. Ma Lin-ru, Yang Lin, Wang Jian xin. Research on security information fusion from multiple heterogeneous sensors[J]. Journal of System Simulation, 2008, 20(4): 981-989.

[11] 马鑫, 梁艳春, 田野, 等. 基于免疫机理与合同网协议的多Agent入侵检测系统[J]. 吉林大学学报:工学版,2011, 41(1): 176-181. Ma Xin, Liang Yang-chun, Tian Ye, et al. An immune and contract net protocol-based multi-agent intrusion detection system[J]. Journal of Jilin University (Engineering and Technology Edition), 2011, 41(1): 176-181.

[12] 邓亚平,杨佳,胡亚明. 动态分簇的异构传感器网络安全路由协议[J]. 重庆邮电大学学报:自然科学版,2011,23(3):336-342. Deng Ya-ping,Yang Jia,Hu Ya-ming. Dynamic cluster-based security routing protocol in HWSN[J]. Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition), 2011,23(3):336-342.

[13] 李川川, 刘衍珩, 田大新. 基于序列模式的网络入侵检测系统[J]. 吉林大学学报:工学版,2007,37(1):121-125. Li Chuan-chuan, Liu Yan-heng, Tian Da-xin. Network intrusion detection system based on sequential patterns[J].Journal of Jilin University (Engineering and Technology Edition),2007,37(1):121-125.

[1] 刘富,宗宇轩,康冰,张益萌,林彩霞,赵宏伟. 基于优化纹理特征的手背静脉识别系统[J]. 吉林大学学报(工学版), 2018, 48(6): 1844-1850.
[2] 王利民,刘洋,孙铭会,李美慧. 基于Markov blanket的无约束型K阶贝叶斯集成分类模型[J]. 吉林大学学报(工学版), 2018, 48(6): 1851-1858.
[3] 金顺福,王宝帅,郝闪闪,贾晓光,霍占强. 基于备用虚拟机同步休眠的云数据中心节能策略及性能[J]. 吉林大学学报(工学版), 2018, 48(6): 1859-1866.
[4] 赵东,孙明玉,朱金龙,于繁华,刘光洁,陈慧灵. 结合粒子群和单纯形的改进飞蛾优化算法[J]. 吉林大学学报(工学版), 2018, 48(6): 1867-1872.
[5] 刘恩泽,吴文福. 基于机器视觉的农作物表面多特征决策融合病变判断算法[J]. 吉林大学学报(工学版), 2018, 48(6): 1873-1878.
[6] 欧阳丹彤, 范琪. 子句级别语境感知的开放信息抽取方法[J]. 吉林大学学报(工学版), 2018, 48(5): 1563-1570.
[7] 刘富, 兰旭腾, 侯涛, 康冰, 刘云, 林彩霞. 基于优化k-mer频率的宏基因组聚类方法[J]. 吉林大学学报(工学版), 2018, 48(5): 1593-1599.
[8] 桂春, 黄旺星. 基于改进的标签传播算法的网络聚类方法[J]. 吉林大学学报(工学版), 2018, 48(5): 1600-1605.
[9] 刘元宁, 刘帅, 朱晓冬, 陈一浩, 郑少阁, 沈椿壮. 基于高斯拉普拉斯算子与自适应优化伽柏滤波的虹膜识别[J]. 吉林大学学报(工学版), 2018, 48(5): 1606-1613.
[10] 车翔玖, 王利, 郭晓新. 基于多尺度特征融合的边界检测算法[J]. 吉林大学学报(工学版), 2018, 48(5): 1621-1628.
[11] 赵宏伟, 刘宇琦, 董立岩, 王玉, 刘陪. 智能交通混合动态路径优化算法[J]. 吉林大学学报(工学版), 2018, 48(4): 1214-1223.
[12] 黄辉, 冯西安, 魏燕, 许驰, 陈慧灵. 基于增强核极限学习机的专业选择智能系统[J]. 吉林大学学报(工学版), 2018, 48(4): 1224-1230.
[13] 傅文博, 张杰, 陈永乐. 物联网环境下抵抗路由欺骗攻击的网络拓扑发现算法[J]. 吉林大学学报(工学版), 2018, 48(4): 1231-1236.
[14] 曹洁, 苏哲, 李晓旭. 基于Corr-LDA模型的图像标注方法[J]. 吉林大学学报(工学版), 2018, 48(4): 1237-1243.
[15] 侯永宏, 王利伟, 邢家明. 基于HTTP的动态自适应流媒体传输算法[J]. 吉林大学学报(工学版), 2018, 48(4): 1244-1253.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!