摘要
为了有效发现网络中隐藏的攻击事件,以多源日志为研究对象,提出改进加权信任度值D-S证据理论算法来融合日志。经过数据预处理和动态自适应时间间隔阈值算法聚合生成超级告警日志,将安全设备对不同告警事件的检测率作为证据,动态修正权值并融合。实验结果与传统D-S证据理论算法的比较结果表明,改进加权信任度值D-S证据理论算法能够更准确地检测到网络中的攻击事件。
In order to effectively find hidden attacks in network, taking muhi-source log as research object, an improved weighted trust value D-S evidence theory is proposed to fuse logs. With data preprocessing and dynamic self- adaptive time interval threshold algorithm, super warning log is aggregated. Taking detection rates of different alarm events by safety equipment as evidence, the weights of alarm data are dynamically revised and fused. Comparison between experimental result and traditional D-S evidence theory algorithm indicates that the improved weighted trust value D-S evidence theory can improve the detection accuracy of network alarm event.
出处
《中国民航大学学报》
CAS
2017年第5期41-46,共6页
Journal of Civil Aviation University of China
基金
国家自然科学基金项目(61601467)
民航安全能力建设基金(PEAS0001)
