【摘要】：隨著互聯(lián)網(wǎng)的普及,網(wǎng)絡(luò)安全已經(jīng)成為了影響社會(huì)穩(wěn)定的重要因素。網(wǎng)絡(luò)安全態(tài)勢(shì)感知技術(shù)就是以網(wǎng)絡(luò)安全發(fā)展?fàn)顩r為切入點(diǎn),對(duì)安全狀態(tài)以及發(fā)展趨勢(shì)進(jìn)行高效全面的感知。近年來網(wǎng)絡(luò)態(tài)勢(shì)感知技術(shù)研究已經(jīng)日趨成熟,但仍存在以下不足:缺乏安全態(tài)勢(shì)要素預(yù)測(cè)值對(duì)態(tài)勢(shì)影響的研究、缺乏態(tài)勢(shì)要素的反饋防護(hù)并忽略了各要素及主機(jī)態(tài)勢(shì)值之間的相互關(guān)系對(duì)預(yù)測(cè)的影響。此外,網(wǎng)絡(luò)安全態(tài)勢(shì)融合過程中主機(jī)的重要性未考慮主機(jī)在攻防場(chǎng)景的作用以及主機(jī)之間的連帶關(guān)系。為解決以上問題,本文首先研究了網(wǎng)絡(luò)安全態(tài)勢(shì)感知中數(shù)據(jù)源的處理預(yù)測(cè)方法,選取多個(gè)數(shù)據(jù)源作為感知要素,分別進(jìn)行處理預(yù)測(cè)并加固防護(hù);然后提出基于時(shí)空維度的多源網(wǎng)絡(luò)態(tài)勢(shì)感知方法,評(píng)估并預(yù)測(cè)網(wǎng)絡(luò)安全態(tài)勢(shì)。主要研究?jī)?nèi)容有:1、為提高入侵檢測(cè)準(zhǔn)確率,針對(duì)攻擊方典型數(shù)據(jù)源—入侵威脅集,提出層次屬性約減的入侵檢測(cè)(HRGA-IDS)方法。首先對(duì)數(shù)據(jù)進(jìn)行預(yù)處理并且分層劃分子空間;其次采用文化算法的雙層進(jìn)化模型控制粗糙集-遺傳算法的進(jìn)化,形成具有針對(duì)性的約減集;最后設(shè)計(jì)層次Bayes分類器驗(yàn)證算法性能。實(shí)驗(yàn)表明,該算法可將Bayes分類的正確率提高至98.21%,并能較好識(shí)別出流量特征不明顯的R2L、U2R類別的入侵。2、為挖掘漏洞內(nèi)在聯(lián)系并對(duì)其進(jìn)行預(yù)測(cè),針對(duì)防守方典型數(shù)據(jù)源—脆弱性集,提出了基于文本挖掘-粒子群優(yōu)化算法(PSO-K-means)的漏洞信息聚類、漏洞分析預(yù)測(cè)(VAPA)算法。首先利用PSO-K-means算法對(duì)漏洞進(jìn)行聚類并獲取主題詞;其次用VAPA算法對(duì)漏洞進(jìn)行預(yù)測(cè)。實(shí)驗(yàn)表明PSO-K-means算法用于漏洞分類的準(zhǔn)確率達(dá)90.16%。VAPA算法能預(yù)測(cè)一個(gè)時(shí)間步長(zhǎng)的漏洞類別及數(shù)量。3、根據(jù)以上兩點(diǎn)的研究,提出基于時(shí)空維度的網(wǎng)絡(luò)態(tài)勢(shì)感知方法。首先從時(shí)間維度對(duì)數(shù)據(jù)源的處理結(jié)果進(jìn)行融合得到主機(jī)態(tài)勢(shì),并通過空間關(guān)系對(duì)其進(jìn)行動(dòng)態(tài)修正和預(yù)測(cè);其次結(jié)合網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu)和攻擊圖,計(jì)算空間維度攻防場(chǎng)景中的主機(jī)重要性權(quán)重,得到時(shí)空維度網(wǎng)絡(luò)層的態(tài)勢(shì)預(yù)測(cè)值。實(shí)驗(yàn)表明,本算法與現(xiàn)有方法相比將態(tài)勢(shì)預(yù)測(cè)的準(zhǔn)確率提高了 10.6%,證明了本算法能夠有效計(jì)算并預(yù)測(cè)網(wǎng)絡(luò)安全態(tài)勢(shì)。
[Abstract]:With the popularity of the Internet, network security has become an important factor affecting social stability. Network security situational awareness technology takes the development of network security as the starting point, and makes an efficient and comprehensive perception of the security state and development trend. In recent years, the research of network situational awareness technology has become more and more mature, but there are still the following shortcomings: lack of research on the influence of security situation element prediction on situation, lack of feedback protection of situation element and neglect of the influence of the relationship between each element and the host state value on the prediction. In addition, the importance of the host in the process of network security situation fusion does not take into account the role of the host in the attack and defense scene and the associated relationship between the hosts. In order to solve the above problems, this paper first studies the processing and prediction method of data sources in network security situational awareness, selects multiple data sources as perceptual elements, processes, forecasts and strengthens protection separately, and then proposes a multi-source network situational awareness method based on space-time dimension to evaluate and predict the network security situation. The main research contents are as follows: 1. In order to improve the accuracy of intrusion detection, a hierarchical attribute reduction intrusion detection (HRGA-IDS) method is proposed for the typical data source of attack party, intrusion threat set. Firstly, the data is preprocessed and layered into molecular space; secondly, the double-layer evolutionary model of cultural algorithm is used to control the evolution of rough set-genetic algorithm to form a targeted reduction set. Finally, a hierarchical Bayes classifier is designed to verify the performance of the algorithm. The experimental results show that the algorithm can improve the correct rate of Bayes classification to 98.21%, and can well identify the intrusion of R2L and U2R categories where the traffic characteristics are not obvious. 2. In order to mine the internal relationship of vulnerabilities and predict the vulnerability sets, a vulnerability information clustering algorithm based on text mining particle swarm optimization (PSO-K-means) is proposed, and the vulnerability analysis and prediction (VAPA) algorithm is proposed for the typical data source of defenders. Firstly, PSO-K-means algorithm is used to cluster the vulnerability and obtain the subject word. Secondly, the VAPA algorithm is used to predict the vulnerability. Experiments show that the accuracy of PSO-K-means algorithm in vulnerability classification is up to that of 90.16%.VAPA algorithm, which can predict the category and number of vulnerabilities in a time step. 3. According to the above two points, a network situational awareness method based on space-time dimension is proposed. Firstly, the host situation is obtained from the processing results of the data source from the time dimension, and the dynamic correction and prediction are carried out through the spatial relationship. Secondly, combined with the network topology and attack graph, the host importance weight in the spatial dimension attack and defense scene is calculated, and the situation prediction value of the space-time dimension network layer is obtained. The experimental results show that the algorithm improves the accuracy of situation prediction by 10.6% compared with the existing methods, which proves that the algorithm can effectively calculate and predict the network security situation.
【學(xué)位授予單位】：西北大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 龔儉;臧小東;蘇琪;胡曉艷;徐杰;;網(wǎng)絡(luò)安全態(tài)勢(shì)感知綜述[J];軟件學(xué)報(bào);2017年04期

2 蔣銘初;潘志松;尤峻;;基于PLSA主題模型的多標(biāo)記文本分類[J];數(shù)據(jù)采集與處理;2016年03期

3 高妮;高嶺;賀毅岳;雷艷婷;高全力;;基于貝葉斯攻擊圖的動(dòng)態(tài)安全風(fēng)險(xiǎn)評(píng)估模型[J];四川大學(xué)學(xué)報(bào)(工程科學(xué)版);2016年01期

4 高嶺;申元;高妮;雷艷婷;孫騫;;基于文本挖掘的漏洞信息聚類分析[J];東南大學(xué)學(xué)報(bào)(自然科學(xué)版);2015年05期

5 文志誠;陳志剛;鄧曉衡;劉安豐;;基于多源多層次信息融合的網(wǎng)絡(luò)安全態(tài)勢(shì)感知方法[J];上海交通大學(xué)學(xué)報(bào);2015年08期

6 李丹丹;田春偉;李佰洋;孫廣路;康健;;基于子空間聚類的網(wǎng)絡(luò)流量分類方法[J];哈爾濱理工大學(xué)學(xué)報(bào);2015年02期

7 唐成華;劉鵬程;湯申生;謝逸;;基于特征選擇的模糊聚類異常入侵行為檢測(cè)[J];計(jì)算機(jī)研究與發(fā)展;2015年03期

8 劉玉嶺;馮登國;連一峰;陳愷;吳迪;;基于時(shí)空維度分析的網(wǎng)絡(luò)安全態(tài)勢(shì)預(yù)測(cè)方法[J];計(jì)算機(jī)研究與發(fā)展;2014年08期

9 陳小軍;方濱興;譚慶豐;張浩亮;;基于概率攻擊圖的內(nèi)部攻擊意圖推斷算法研究[J];計(jì)算機(jī)學(xué)報(bào);2014年01期

10 張玲;白中英;羅守山;謝康;崔冠寧;孫茂華;;基于粗糙集和人工免疫的集成入侵檢測(cè)模型[J];通信學(xué)報(bào);2013年09期

相關(guān)博士學(xué)位論文 前2條

1 張建鋒;網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估若干關(guān)鍵技術(shù)研究[D];國防科學(xué)技術(shù)大學(xué);2013年

2 賴積保;基于異構(gòu)傳感器的網(wǎng)絡(luò)安全態(tài)勢(shì)感知若干關(guān)鍵技術(shù)研究[D];哈爾濱工程大學(xué);2009年

相關(guān)碩士學(xué)位論文 前2條

1 王一村;網(wǎng)絡(luò)安全態(tài)勢(shì)分析與預(yù)測(cè)方法研究[D];北京交通大學(xué);2015年

2 孫德衡;基于指標(biāo)融合的網(wǎng)絡(luò)安全態(tài)勢(shì)評(píng)估模型研究[D];西北大學(xué);2012年

，

本文編號(hào)：2503805