摘要
针对目前网络安全威胁态势分析实时性不足以及对复杂攻击感知敏感度不高的问题,设计实时感知系统结构模型,提出相应的感知方法和分析技术。通过粗集(rough set,RS),从已有的组合攻击样本数据集中提取复杂攻击规则,结合事件流处理技术(event stream processing,ESP),实现对安全事件流的在线动态分析检测,提高对复杂攻击的感知能力,提升网络安全威胁态势分析的实时性和客观性。实验验证了该方法的有效性和可行性。
Aiming at the lack of real-time analysis of network security threats situation and sensitivity perceived of complex attack,the architecture of real-time perceived system was designed,and the method and analysis technology were proposed.Complex attack rules from the sample were got through rough set(RS)theory.Combining with event stream processing(ESP)technology,online dynamic analysis and detection of security event stream was completed.The sensitivity for complex attack was promoted,so that it can improve the timeliness and objectivity of situation analysis of network security threats.Experiments verifies the effectiveness and feasibility of the proposed method.
出处
《计算机工程与设计》
北大核心
2015年第11期2953-2957,共5页
Computer Engineering and Design
关键词
网络安全
威胁态势
RS
ESP
实时
复杂攻击
network security
threat situation
rough set
event stream processing
real-time
complex attack
