Assessing network security situation quantitatively based on information fusion
-
摘要: 针对目前网络安全态势评估大多存在信息来源单一、评估范围有限、模型不易构建、时空开销大且可信度较低等问题,提出了一种多源异构信息融合量化评估网络安全态势的方法。首先,构建分级朴素贝叶斯分类器,快速高效地融合主机上各多源异构非确定性信息源。然后,利用拉普拉斯原理平滑参数学习,优化分类与推理结果。使用数理统计的方法融合网络上各主机的安全指数,量化评估网络安全态势,对当前网络安全状况有一个宏观整体的认识。最后,通过真实网络环境的实验,验证了所提方法在网络安全态势评估中的可行性和有效性。Abstract: Concerning the problem that current network security situation assessment has the characteristics of single information source, limited assessment scope, not easy to build model, high time and space complexity and not high credibility, a new method of network security situation assessment is proposed based on multi-source and heterogeneous information fusion. A hierarchical naive Bayesian classifier was constructed based on the theory of Laplace's principle for smoothing parameter learning in order to optimize the result of classification and inference. The quantization for the network security situation was assessed using the method of mathematical statistics, which can generate every host security index through information fusion. The current network security situation should be understood overall and macroscopically. The feasibility and effectiveness of the proposed method for network security situation assessment are verified by the experiments in real network environment.
-
[1] BASS T.Intrusion detection systems and multisensory data fusion[J].Communications of the ACM,2000,43(4):99-105. [2] JANSEN A,MELCHERS K G,LIEVENS F,et al.Situation assessment as an ignored factor in the behavioral consistency paradigm underlying the validity of personnel selection procedures[J].Journal of Applied Psychology,2013,98(2):326-341. [3] SHARMA C,KATE V.ICARFAD:A novel framework for improved network security situation awareness[J].International Journal of Computer Applications,2014,87(19):26-31. [4] BECHTSOUDIS A,SKLAVOS N.Aiming at higher network security through extensive penetration tests[J].IEEE Latin America Transactions,2012,10(3):1752-1756. [5] 黄同庆,庄毅.一种实时网络安全态势预测方法[J].小型微型计算机系统,2014,35(2):303-306.HUANG T Q,ZHUANG Y.An approach to real-time network security situation prediction[J].Journal of Chinese Computer Systems,2014,35(2):303-306(in Chinese). [6] 刘玉岭,冯登国,连一峰,等.基于时空维度分析的网络安全态势预测方法[J].计算机研究与发展,2014,51(8):1681-1694.LIU Y L,FENG D G,LIAN Y F,et al.Network situation prediction method based on spatial-time dimension analysis[J].Journal of Computer Research and Development,2014,51(8):1681-1694(in Chinese). [7] 谢丽霞,王亚超,于巾博.基于神经网络的网络安全态势感知[J].清华大学学报(自然科学版),2013,53(12):1750-1760.XIE L X,WANG Y C,YU J B.Network security situation awareness based on neural networks[J].Journal of Tsinghua University(Science and Technology),2013,53(12):1750-1760(in Chinese). [8] 席荣荣,云晓春,张永铮,等.一种改进的网络安全态势量化评估方法[J].计算机学报,2015,38(4):749-758.XI R R,YUN X C,ZHANG Y Z,et al.An improved quantitative evaluation method for network security[J].Chinese Journal of Computers,2015,38(4):749-758(in Chinese). [9] 张勇,谭小彬,崔孝林,等.基于Markov博弈模型的网络安全态势感知方法[J].软件学报,2011,22(3):495-508.ZHANG Y,TAN X B,CUI X L,et al.Network security situation awareness approach based on Markov game model[J].Journal of Software,2011,22(3):495-508(in Chinese). [10] KHREICH W,GRANGER E,MIRI A,et al.Adaptive ROC-based ensembles of HMMs applied to anomaly detection[J].Pattern Recognition,2012,45(1):208-230. [11] SENDI A S,DAGENAIS M,JABBARIFAR M,et al.Real time intrusion prediction based on optimized alerts with hidden Markov model[J].Journal of Networks,2012,7(2):311-321. [12] LAMINE F B,KALTI K,MAHJOUB M A.The threshold EM algorithm for parameter learning in Bayesian network with incomplete data[J].International Journal of Advanced Computer Science and Applications,2011,2(7):86-91. [13] 张轮,杨文臣,刘拓,等.基于朴素贝叶斯分类的高速公路交通事件检测[J].同济大学学报(自然科学版),2014,42(4):558-563.ZHANG L,YANG W C,LIU T,et al.A naive Bayesian classifier-based algorithm for freeway traffic incident detection[J].Journal of Tongji University(Natural Science),2014,42(4):558-563(in Chinese). [14] PANDA M,ABRAHAM A,PATRA M R.A hybrid intelligent approach for network intrusion detection[C]//International Conference on Communication Technology and System Design 2011.Amsterdam:Elsevier,2012,30:1-9. [15] 国务院.国家突发公共事件总体应急预案[M].北京:中国法制出版社,2006:1-2.The State Council of the People's Republic of China.A overall emergency plans of national public event[M].Beijing:China Legal Press,2006:1-2(in Chinese).
点击查看大图
计量
- 文章访问数: 904
- HTML全文浏览量: 68
- PDF下载量: 848
- 被引次数: 0