發(fā)布時(shí)間：2018-01-11 21:02

  本文關(guān)鍵詞：電信網(wǎng)信息內(nèi)容安全事件態(tài)勢(shì)感知技術(shù)研究　出處：《解放軍信息工程大學(xué)》2014年博士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 電信網(wǎng) 信息內(nèi)容安全事件 態(tài)勢(shì)感知 態(tài)勢(shì)覺察 態(tài)勢(shì)理解 事件分類 態(tài)勢(shì)評(píng)估 態(tài)勢(shì)預(yù)測(cè)

【摘要】：隨著電信網(wǎng)規(guī)模的日益龐大和通信技術(shù)的迅猛發(fā)展,電信網(wǎng)在用戶數(shù)目和普及率、終端類型、業(yè)務(wù)種類以及與互聯(lián)網(wǎng)絡(luò)的融合程度等方面都呈現(xiàn)出了前所未有的蓬勃趨勢(shì)。然而,也為電信網(wǎng)信息內(nèi)容安全領(lǐng)域帶來了新的挑戰(zhàn)。諸如騷擾音/視頻電話和垃圾短/彩信等信息內(nèi)容安全事件隨之增多,影響和干擾了用戶的正常工作和生活,為社會(huì)和諧發(fā)展帶來不穩(wěn)定因素。因此,對(duì)此類事件的監(jiān)管已成為電信網(wǎng)信息內(nèi)容安全領(lǐng)域的研究熱點(diǎn)。信息內(nèi)容安全事件態(tài)勢(shì)感知,描述了對(duì)引起此類事件態(tài)勢(shì)變化的要素的獲取、理解和預(yù)測(cè),能夠?yàn)闆Q策提供有效、有力的數(shù)據(jù)支持,具有重要的現(xiàn)實(shí)意義和理論價(jià)值。本文將電信網(wǎng)絡(luò)中典型的信息內(nèi)容安全事件,即騷擾音/視頻電話和垃圾短/彩信作為研究對(duì)象;以實(shí)現(xiàn)對(duì)電信網(wǎng)中以騷擾音/視頻電話和垃圾短/彩信為代表的信息內(nèi)容安全事件的態(tài)勢(shì)感知為研究目標(biāo);沿用Endsly提出的經(jīng)典態(tài)勢(shì)感知框架,將電信網(wǎng)信息內(nèi)容安全事件態(tài)勢(shì)感知的信息處理過程,分為態(tài)勢(shì)覺察、態(tài)勢(shì)理解和態(tài)勢(shì)預(yù)測(cè),其中對(duì)態(tài)勢(shì)的理解分為事件分類和態(tài)勢(shì)評(píng)估兩部分,作為本文的研究主線。主要研究內(nèi)容和創(chuàng)新點(diǎn)如下:1、提出了一種基于關(guān)聯(lián)規(guī)則的態(tài)勢(shì)覺察方法。利用信息內(nèi)容安全事件自身的特點(diǎn)與常規(guī)通信特征的不同,將通信特征中的行為特征、關(guān)系特征、位置特征及內(nèi)容特征的相關(guān)數(shù)據(jù)進(jìn)行關(guān)聯(lián)挖掘,實(shí)現(xiàn)對(duì)信息內(nèi)容安全事件的發(fā)現(xiàn);針對(duì)大數(shù)據(jù)情況下可能存在的虛警問題,提出了基于邦弗朗尼校正的檢驗(yàn)準(zhǔn)則,對(duì)得到的頻繁項(xiàng)集是否符合事件發(fā)生條件進(jìn)行篩選。實(shí)驗(yàn)結(jié)果表明,該方法切實(shí)有效,在低虛警率和漏檢率的情況下,具有較好的檢測(cè)率;2、提出了分布式冪級(jí)Apriori算法和層次式協(xié)同演化遺傳算法,分別針對(duì)離線和在線數(shù)據(jù)進(jìn)行關(guān)聯(lián)規(guī)則的挖掘。其中,分布式冪級(jí)Apriori算法在Apriori算法原理的基礎(chǔ)上,采用冪集法生成所有經(jīng)過1次支持度篩選后的頻繁1項(xiàng)集的子項(xiàng)作為候選項(xiàng),減少了掃描數(shù)據(jù)庫和剪枝次數(shù),提高了運(yùn)算速度,并且保留了原算法中可能被濾除的頻繁項(xiàng)集,使得結(jié)果更為完備。實(shí)驗(yàn)結(jié)果表明,該算法運(yùn)行時(shí)間短,并行運(yùn)算能力強(qiáng),性能優(yōu)于現(xiàn)有Apriori算法;層次式協(xié)同演化遺傳算法中,采用層次式結(jié)構(gòu),對(duì)由項(xiàng)集形成的子種群采用遺傳算法進(jìn)行演化,作為局部解,對(duì)形成的優(yōu)勢(shì)種群采用合作協(xié)同思想進(jìn)行演化,實(shí)現(xiàn)信息的交互和傳遞,從而將局部解整合得到全局解。實(shí)驗(yàn)結(jié)果表明,該算法在保證一定準(zhǔn)確率的前提下,運(yùn)行速度快、聚焦能力強(qiáng)、泛化性好,在大規(guī)模數(shù)據(jù)處理中具有較高的優(yōu)越性;3、提出一種多維信息聯(lián)合的LDA模型的事件分類方法。以網(wǎng)絡(luò)通信中的時(shí)間特征為軸,對(duì)由此劃分出的各個(gè)時(shí)間片段中的用戶信息和通信內(nèi)容特征采用LDA模型進(jìn)行建模分類,對(duì)分類結(jié)果的相似性進(jìn)行度量后,再與增量更新數(shù)據(jù)部分的分類結(jié)果歸納合并,從而實(shí)現(xiàn)對(duì)數(shù)據(jù)集中所含事件的在線分類。實(shí)驗(yàn)結(jié)果表明,該模型具有較好的泛化能力和事件分類能力,可以有效實(shí)現(xiàn)對(duì)信息內(nèi)容安全事件的在線分類。與其他分類算法相比,提出算法可在較短時(shí)間內(nèi)完成對(duì)事件細(xì)粒度的分類,準(zhǔn)確度較高;4、提出了一種層次化的態(tài)勢(shì)評(píng)估模型。該模型采用層次式結(jié)構(gòu),分別對(duì)事件級(jí)、區(qū)域級(jí)和系統(tǒng)級(jí)的態(tài)勢(shì)評(píng)估值進(jìn)行計(jì)算。其中,事件級(jí)態(tài)勢(shì)利用事件特征中的行為特征和內(nèi)容特征進(jìn)行計(jì)算;區(qū)域級(jí)態(tài)勢(shì)則依據(jù)關(guān)系特征和位置特征;系統(tǒng)級(jí)態(tài)勢(shì)整合所涉及的各區(qū)域級(jí)態(tài)勢(shì),對(duì)各級(jí)態(tài)勢(shì)評(píng)估值參數(shù)的計(jì)算方法進(jìn)行了定義。實(shí)驗(yàn)結(jié)果表明,該模型及計(jì)算方法具有可行性和可靠性,在對(duì)信息內(nèi)容安全事件的態(tài)勢(shì)評(píng)估過程中,能夠有效反映事件的變化及其影響程度;5、提出了一種基于精英選擇模型的免疫遺傳算法優(yōu)化RBF神經(jīng)網(wǎng)絡(luò)的態(tài)勢(shì)預(yù)測(cè)方法。模型采用精英選擇策略,確保優(yōu)良基因得以保留進(jìn)入下一代。同時(shí),通過退火因子的擾動(dòng),在一定程度上增加了變異的多樣性,提高整個(gè)算法的收斂速度和局部搜索能力。實(shí)驗(yàn)結(jié)果表明,該算法可以準(zhǔn)確地對(duì)信息內(nèi)容安全事件的態(tài)勢(shì)做出預(yù)測(cè),與實(shí)際數(shù)據(jù)的擬合度較高,有效體現(xiàn)了事件強(qiáng)度的變化趨勢(shì)。算法具有的強(qiáng)收斂性,減少了訓(xùn)練的成本,降低了算法的學(xué)習(xí)時(shí)間,綜合性能與現(xiàn)有算法相比具有優(yōu)越性。
[Abstract]:With the rapid development of increasingly large scale telecommunication network and communication technology, telecommunication network in the number of users and the penetration rate, terminal type, service type and network integration and other aspects of the degree of showing a booming trend hitherto unknown. However, it also brings new challenges to the telecom network information security field such as harassment. Audio / video call and spam SMS / MMS and other information security incidents increased, affect and interfere with the user's normal work and life, bring instability to the harmonious development of the society. Therefore, the supervision of such events has become a hot research topic in telecom network information security. Information security incident situation awareness. Describe the elements of such events caused by obtaining situation change, understand and predict, to provide effective and powerful data support, has important practical significance and The theory of value. In this paper, the content of information security events typical of the telecommunication network, namely audio / video and telephone harassment spam short / MMS as the research object; in order to achieve the telecommunication network to audio / video telephone harassment and spam short information content security incidents / MMS as the representative of the situation perception as the research object; the classical situational awareness framework proposed by Endsly, the information network information security situation awareness event process, divided into situation awareness, situation understanding and situation forecast, the situation understanding of event classification and situation assessment is divided into two parts, as the main line of this paper. The main research contents and innovations are as follows: 1 put forward a method of association rules based on situation awareness. The information content security event itself and conventional communication characteristics of the different characteristics of the communication behavior characteristic, relationship characteristics, position Association mining related data set features and content features, implementation of security incidents on the information content of discovery; for the false alarm problem may exist in large data situation, proposed the Bong Furlong Ni correction test based on the criterion of frequent itemsets obtained is consistent with the occurrence conditions were selected. The experimental results show that this method is effective and in the effective, low false alarm rate and missing rate, has better detection rate; 2, the co evolution genetic algorithm for distributed power level Apriori algorithm and hierarchical, mining association rules for off-line and on-line data respectively. Among them, the distributed power level Apriori algorithm based on the principle of Apriori algorithm. The power generation of all after 1 support after the screening of frequent itemsets 1 sub items as a candidate set, reducing the number of scanning the database and pruning, improves the operation speed, and Paul May be left in the original algorithm of frequent itemsets filtering, which makes it more complete. The experimental results show that the algorithm running time is short, parallel computing ability, the performance is better than the existing Apriori algorithm; hierarchical co evolution genetic algorithm, using hierarchical structure, formed by the set of sub populations by genetic algorithm evolution, as a partial solution, for the formation of the dominant population collaborative thought evolution, to realize the information interaction and transfer, so as to get the global solution of the integration of local solutions. The experimental results show that the algorithm not only guarantees the accuracy, fast running speed, focusing ability, good generalization, superiority high in mass data processing; 3, we propose a LDA model combined with the multidimensional information event classification method. With time characteristics of network communication in the axis of each time segment which divided into the The user information and communication content features of the LDA model is used to measure the similarity classification modeling, the results of the classification, classification and incremental updating data part of the results are summarized with, thus realizing the online classification data set contains the event. The experimental results show that the model has good generalization ability and event classification ability that can effectively achieve the online classification of security events on information content. Compared with other classification algorithms, this algorithm can be in a relatively short period of time to complete the classification of fine-grained, high degree of accuracy; 4, we propose a hierarchical model of situation assessment. The model uses the hierarchical structure of the event. Regional level and system level situation assessment value were calculated. The event level situation using behavioral features and content features of the event features were calculated; regional situation according to the special relationship Sign and position features; system level integration situation involving the regional level situation, at all levels of situation assessment method of calculating parameters are defined. The experimental results show that the model and the calculation method is feasible and reliable, in the event of information content security situation assessment process, can effectively reflect the changes and influence the event; 5, proposed an elitist selection model RBF neural network optimized by immune genetic algorithm. The model trend prediction method based on elitist selection strategy, to ensure good genes survive into the next generation. At the same time, by disturbing the annealing factor, the diversity increased to a certain extent, improve the convergence speed the whole algorithm and local search ability. The experimental results show that this algorithm can accurately the content of information security incidents situation forecast, and the actual data fitting Higher efficiency effectively reflects the trend of the change of event intensity. The algorithm has strong convergence, reducing the cost of training, reducing the learning time of the algorithm, and the comprehensive performance is superior to the existing algorithm.

【學(xué)位授予單位】：解放軍信息工程大學(xué)
【學(xué)位級(jí)別】：博士
【學(xué)位授予年份】：2014
【分類號(hào)】：TN915.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 向劍平;左R，

本文編號(hào)：1411188