摘要
针对基于单点网络数据很难准确地检测网络恶意活动且无法有效地分析网络状况的问题,本文通过引入多源异构数据融合策略,借鉴层次化网络分析思想,构建出包含流量探测模块、属性提炼模块、决策引擎模块、多源融合模块、态势评估模块等五大模块的网络安全态势评估体系。评估体系以BP神经网络为决策引擎分析各数据源的数据,使用指数加权D-S证据理论融合各决策引擎的输出结果,并基于层次化网络威胁评估方法评估网络威胁状况。实验结果表明:不同探测器探测到的数据对于识别不同类型攻击的优势不同;多源融合技术进一步将识别攻击类型的准确率提升到88.7%;层次化网络威胁评估方法能够有效地评估网络威胁状况。
Because it is difficult to detect malicious network activity precisely and analyze the network situation effectively based only on the single point network data,in this paper,we propose a network security situation assessment architecture consisting of five modules:a traffic detection module,attribute extraction module,decision engine module,multi-source fusion module,and situation assessment module based on the strategy of multi-source heterogeneous data fusion and the idea of hierarchical network security assessment.In this assessment architecture,a BP neural network is used as the decision engine to analyze the multi-source heterogeneous data,the exponential weighting D-S evidence theory is used to merge the output of multiple decision engines,and the threat status of the network is exhibited by referring to the hierarchical network security threat assessment method.The experimental results demonstrate that first,the data from different detectors have different advantages for identifying different types of attacks;second,the multisource fusion technology can further improve the accuracy of identifying attacks,which is up to 88.7%;and third,the hierarchical network analysis method can exactly exhibit the threat status of network effectivity.
作者
常利伟
田晓雄
张宇青
钱宇华
胡治国
CHANG Liwei;TIAN Xiaoxiong;ZHANG Yuqing;QIAN Yuhua;HU Zhiguo(College of Information,Shanxi University of Finance and Economics,Taiyuan 030006,China;Institute of Big Data Science and Industry,Shanxi University,Taiyuan 030006,China)
出处
《智能系统学报》
CSCD
北大核心
2021年第1期38-47,共10页
CAAI Transactions on Intelligent Systems
基金
山西省自然科学基金项目(201801D221159)
山西省高等学校科技创新项目(2019L0470)
山西省重点研发项目(201903D421003)。
关键词
网络安全
网络安全态势评估
数据融合
层次化分析方法
网络攻击
威胁量化
检测评估
network security
network security situation assessment
data fusion
hierarchical analysis method
network attacks
threat quantification
detection and evaluation