摘要
现有网络安全态势预测方法无法准确反映未来安全态势要素值变化对未来安全态势的影响,且不能很好地处理各安全要素间的相互影响关系对未来网络安全态势的影响,提出了基于时空维度分析的网络安全态势预测方法.首先从攻击方、防护方和网络环境3方面提取网络安全态势评估要素,然后在时间维度上预测分析未来各时段内的安全态势要素集,最后在空间维度上分析各安全态势要素集及其相互影响关系对网络安全态势的影响,从而得出网络的安全态势.通过对公用数据集网络的测评分析表明,该方法符合实际应用环境,且相比现有方法提高了安全态势感知的准确性.
Network security situation prediction methods can make the security administrator better understand the network security situation and the network situation trend. However, the existing security situational prediction methods can not precisely reflect the variation of network future security situation caused by security elements' change and do not handle the impact of the interaction relationship between the various security elements of future network security situation. In view of this situation, a network situation prediction method based on spatial-time dimension analysis is presented. The proposed method extracts security elements from attacker, defender and network environment. We predict and analyze these elements from the time dimension in order to provide data for the situation calculation method. Using the predicted elements, the impact value caused by neighbor node's security situation elements is computed based on spatial data mining theory. In combination with node's degree of importance, the security situation value is obtained. To evaluate our methods, MIT Lincoln Lab's public dataset is used to conduct our experiments. The experiments results indicate that our method is suitable for a real network environment. Besides, our method is much more accurate than the ARMA model method.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2014年第8期1681-1694,共14页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目(SQ2013GX02D01211
2011AA01A203)
国家自然科学基金项目(61100226
60970028)
北京市自然科学基金项目(4122085)
国家科技支撑计划"十二五"项目-IT产品信息安全认证关键技术研究项目(2012BAK26B01)
关键词
网络安全
安全态势预测
安全态势要素
空间数据发掘
时空维度
network security
security situation prediction
security situation element
spatial data mining
spatial-time dimension
