基于多源异构数据融合的网络安全态势评估体系

Network security situation assessment architecture based on multi-source heterogeneous data fusion

针对基于单点网络数据很难准确地检测网络恶意活动且无法有效地分析网络状况的问题,本文通过引入多源异构数据融合策略,借鉴层次化网络分析思想,构建出包含流量探测模块、属性提炼模块、决策引擎模块、多源融合模块、态势评估模块等五大模块的网络安全态势评估体系。评估体系以BP神经网络为决策引擎分析各数据源的数据,使用指数加权D-S证据理论融合各决策引擎的输出结果,并基于层次化网络威胁评估方法评估网络威胁状况。实验结果表明:不同探测器探测到的数据对于识别不同类型攻击的优势不同;多源融合技术进一步将识别攻击类型的准确率提升到88.7%;层次化网络威胁评估方法能够有效地评估网络威胁状况。

Because it is difficult to detect malicious network activity precisely and analyze the network situation effectively based only on the single point network data,in this paper,we propose a network security situation assessment architecture consisting of five modules:a traffic detection module,attribute extraction module,decision engine module,multi-source fusion module,and situation assessment module based on the strategy of multi-source heterogeneous data fusion and the idea of hierarchical network security assessment.In this assessment architecture,a BP neural network is used as the decision engine to analyze the multi-source heterogeneous data,the exponential weighting D-S evidence theory is used to merge the output of multiple decision engines,and the threat status of the network is exhibited by referring to the hierarchical network security threat assessment method.The experimental results demonstrate that first,the data from different detectors have different advantages for identifying different types of attacks;second,the multisource fusion technology can further improve the accuracy of identifying attacks,which is up to 88.7%;and third,the hierarchical network analysis method can exactly exhibit the threat status of network effectivity.