摘要
网络安全态势感知是近年来的一种新型安全技术,因其可以解决传统安全技术难以解决的数据源单一、虚警率高等问题,提升对全局安全状况的动态理解能力而备受关注。针对现有的研究,提出一种基于多源融合的网络安全态势层次感知模型,利用蚁群D-S证据组合规则处理多源融合问题,从而减少态势参数赋予主观性强的问题。同时,利用神经网络搜索安全事件的关键特征,降低数据维数,避免维数爆炸,提高实时性。最后采用层次化感知算法,将离散报警映射为动态威胁趋势,提升对网络安全的定量分析能力。仿真结果表明,提出的算法能够提高检测率,降低误警率,可以动态监控网络安全威胁的演化状态。
In recent year,network security situation awareness is an emerging security technology and garners widespread attentions be- cause it can solve the issues that the traditional security technology difficult to deal with, such as a single data source and the high false alarm rate, and enhance the dynamic understanding abilities for the overall security situation. For the current research, a network security situation awareness model is proposed based on multi-source fusion which utilizes ant colony D-S evidence combination role to deal with the multi-source data fusion problem with aim of reducing the subjective dependence of situation parameters. Meanwhile, the neural network is applied for searching key characteristics of security events to reduce data dimension, avoid dimension explosion and improve the real-time performance. It also discusses a hierarchical awareness algorithm and can map the discrete alarms to the dynamic threats tendency in order to improve the capacity of quantitative analysis for network security. The simulation shows that the proposed model and algorithm can improve the detection rate and decrease false alarm rate, and dynamically monitor the evolution of the network security threats.
出处
《计算机技术与发展》
2016年第10期77-82,共6页
Computer Technology and Development
基金
山东省高校科技计划项目(J11LG09)
关键词
网络安全态势感知
数据融合
蚁群算法
神经网络
特征选择
network security situation awareness
data fusion
ant colony optimization
neural network
feature selection