摘要
社会物联网技术迅速发展,安全问题日益严重,对简便易用的物联网安全态势感知方法进行了研究。针对当前物联网安全态势感知系统缺乏通用性、过分依赖专家知识的缺点,提出了一种基于改进D-S证据理论的物联网安全态势感知方法。利用模糊高斯隶属函数计算漏洞信息隶属度矩阵,归一化后作为证据分布矩阵;利用改进Topsis方法衡量证据可信度,聚合两两证据间的局部可信度,根据态势评估场景改进期望正负解向量,充分抑制冲突性证据可信度,提高相互支持证据间可信度,利用加权平均方法进行漏洞信息融合得到态势评估结果;基于时间因子折扣和高危漏洞比例折扣证据理论融合形成态势感知结果,利用时间因子聚合多个态势评估数据,根据时间尺度对不同时刻的态势评估证据进行折扣,越接近当前时刻的证据折扣度越小,反之越大。同时,综合考虑不同时刻物联网漏洞信息,利用高危漏洞比例信息进行自适应动态加权,把不同时刻的高危信息折扣入识别框架,系统的危险变化信息集中体现在证据融合过程中。经过实验表明,在不同数量证据体融合和4种常见冲突证据融合中,改进Topsis方法对可信命题的融合概率更高;在态势评估方面,准确评估当前系统危险程度;在态势感知方面,折扣理论可以充分预测高风险和紧急风险概率,比传统D-S证据理论更加有效。根据所提理论设计了一种物联网安全态势感知方法流程用于指导工程实践,未来在漏洞信息利用方面,可以考虑漏洞间的关联关系,提炼漏洞间更丰富的态势信息,使态势评估的结果更加准确合理,也可以借鉴博弈论的思想在攻击者、防御者动态博弈过程中进行态势感知。
The security problem of IoT became more and more serious with its rapid development.Considering that the current IoT security situation awareness system lacks generality and excessively relies on expert knowledge,a IoT security situation awareness method based on improved D-S evidence theory was proposed in this paper.Fuzzy Gaussian membership function was used to calculate the vulnerability information membership matrix,which was normalized as evidence distribution matrix.The improved Topsis method was used to measure the evidence credibility.In order to fully restrain the credibility of conflicting evidence and improve the credibility of mutually supporting evidence,local credibility between two evidence was aggregated and the expected positive and negative solution vectors were improved according to the situation assessment scenario.And the weighted average method was used for vulnerability information fusion,to obtain the result of situational assessment.The result of situational awareness was fused with the time discount and high-risk vulnerability information discount evidence theory.At the same time,the IoT vulnerability information at different moments was considered comprehensively,the evidence was adaptively and dynamically weighted with the ratio information of high-risk vulnerability.The experimental results show that in the fusion of different numbers of evidence bodies and four common conflicting evidence,the improved Topsis method has higher fusion probability on credible proposition.In the aspect of situation assessment,the risk degree of current system is accurately assessed.And in the aspect of situational awareness,this discount evidence theory can predict the probability of high risk and critical risk,which is more effective than the traditional D-S evidence theory.According to this theory,a IoT security situational awareness method process was proposed,which would be used to guide engineering practice.In the future,the relationship between vulnerabilities can be considered and richer information between vulnerabilities can be extracted for vulnerability exploiting,so that the result of situation assessment is more accurate and reasonable.On the other hand,for situational awareness,game theory can be adopted in the process of dynamic game between the attacker and defender.
作者
李剑
董廷鲁
李劼
LI Jian;DONG Tinglu;LI Jie(School of Artificial Intelligence,Beijing University of Posts and Telecommunications,Beijing 100876,China;School of Computer Science(National Pilot Software Engineering School),Beijing University of Posts and Telecommunications,Beijing 100876,China)
出处
《网络与信息安全学报》
2022年第2期39-47,共9页
Chinese Journal of Network and Information Security
基金
国家自然科学基金(61472048)。
