區(qū)域網(wǎng)絡(luò)的態(tài)勢預(yù)測及可視化技術(shù)研究與實現(xiàn)
發(fā)布時間:2018-08-17 12:35
【摘要】:近些年,互聯(lián)網(wǎng)蓬勃發(fā)展,已經(jīng)滲透到老百姓生活的各個方面,也應(yīng)用到國家的重要基礎(chǔ)設(shè)施,加速了國家的信息化進程;ヂ(lián)網(wǎng)已經(jīng)成為人民生活的一部分,不可分割。與此同時,網(wǎng)絡(luò)攻擊技術(shù)也得到了快速發(fā)展,并且計算機網(wǎng)絡(luò)和操作系統(tǒng)的漏洞也借著互聯(lián)網(wǎng)平臺更多的暴露出來,使得利用網(wǎng)絡(luò)進行違法活動的事件經(jīng)常發(fā)生,造成不小的經(jīng)濟損失。因此,及時了解當前網(wǎng)絡(luò)的安全狀態(tài),并預(yù)測網(wǎng)絡(luò)狀態(tài)的發(fā)展趨勢顯得極其重要。此外,單一性質(zhì)的防護方式已經(jīng)不能滿足需求,需要綜合考慮多種防護措施之間的關(guān)聯(lián)性,實現(xiàn)協(xié)同防護。為了實現(xiàn)協(xié)同防護、趨勢預(yù)測,幫助快速、準確的定位異常,本文設(shè)計并實現(xiàn)了一個區(qū)域網(wǎng)絡(luò)的態(tài)勢預(yù)測及可視化系統(tǒng),通過采集區(qū)域網(wǎng)絡(luò)中不同設(shè)備相關(guān)的多源數(shù)據(jù),預(yù)處理后進行理解、關(guān)聯(lián)分析及預(yù)測,最終實現(xiàn)可視化,使得網(wǎng)絡(luò)攻擊防御由被動變主動,為網(wǎng)絡(luò)管理人員分析以及調(diào)整防御策略提供強大的支撐。本文圍繞區(qū)域網(wǎng)絡(luò)的態(tài)勢預(yù)測及可視化技術(shù)研究與實現(xiàn)開展了七個重點工作:第一,設(shè)計并實現(xiàn)了一套完整的從數(shù)據(jù)采集、數(shù)據(jù)分析到數(shù)據(jù)可視化的態(tài)勢感知預(yù)測系統(tǒng)。第二,研究并實現(xiàn)多源異構(gòu)數(shù)據(jù)的采集,為系統(tǒng)的核心功能關(guān)聯(lián)分析和趨勢預(yù)測提供強大的數(shù)據(jù)支撐。第三,研究并實現(xiàn)關(guān)聯(lián)分析算法,挖掘在區(qū)域網(wǎng)絡(luò)中發(fā)生的網(wǎng)絡(luò)安全事件之間的關(guān)聯(lián)規(guī)則,并給出關(guān)聯(lián)安全事件之間的置信度。第四,分析比較了兩種神經(jīng)網(wǎng)絡(luò)算法的優(yōu)缺點,提出了對RIBF神經(jīng)網(wǎng)絡(luò)的改進方法,使用改進的RBF實現(xiàn)對趨勢的預(yù)測,并對比了算法改進前后的預(yù)測效果。第五,提出了一種基于大量數(shù)據(jù)的網(wǎng)絡(luò)異常流量的檢測方式,通過對大量流量歷史曲線數(shù)據(jù)存儲,提取相同行為模式的訓(xùn)練數(shù)據(jù),建立模型曲線。計算觀測流量曲線與模型曲線之間的距離來定位異常發(fā)生的時間范圍。第六,實現(xiàn)了安全數(shù)據(jù)可視化,給網(wǎng)絡(luò)管理人員提供管理安全數(shù)據(jù)的交互接口。最后對關(guān)聯(lián)分析模塊和預(yù)測模塊進行了功能性測試,以及監(jiān)控端可視化的可用性驗證。本文是態(tài)勢感知預(yù)測系統(tǒng)的一個初期呈現(xiàn),為后來區(qū)域網(wǎng)絡(luò)的安全管理與防御做了很好的基礎(chǔ)鋪墊。
[Abstract]:In recent years, the rapid development of the Internet has penetrated into all aspects of people's life, also applied to the important infrastructure of the country, accelerated the process of national information. Internet has become a part of people's life, inseparable. At the same time, the technology of network attack has also developed rapidly, and the loopholes in computer networks and operating systems have been exposed more by the Internet platform, so that the use of the network for illegal activities often occurs. Cause no small economic loss. Therefore, it is very important to know the security state of the current network and predict the development trend of the network state. In addition, the single nature of the protection can not meet the needs of the need for comprehensive consideration of a variety of protective measures between the relevance of the realization of collaborative protection. In order to achieve cooperative protection, trend prediction and help to locate anomalies quickly and accurately, this paper designs and implements a situation prediction and visualization system of regional network, which collects multi-source data related to different devices in regional network. After preprocessing, understanding, association analysis and prediction are carried out, and finally visualization is realized, which makes network attack defense from passive to active, and provides strong support for network managers to analyze and adjust defense strategy. This paper focuses on the research and implementation of situation prediction and visualization technology of regional network. Firstly, it designs and implements a complete situational awareness forecasting system from data acquisition, data analysis to data visualization. Secondly, research and implementation of multi-source heterogeneous data acquisition, for the system's core function of correlation analysis and trend prediction provides a strong data support. Thirdly, we study and implement the association analysis algorithm, mining the association rules between the network security events that occur in the local network, and give the confidence between the associated security events. Fourthly, the advantages and disadvantages of the two neural network algorithms are analyzed and compared, and the improved method of RIBF neural network is put forward, the trend prediction is realized by using the improved RBF, and the prediction results before and after the improved algorithm are compared. Fifth, a network anomaly detection method based on a large amount of data is proposed. By storing a large amount of traffic history curve data, the training data of the same behavior pattern are extracted, and the model curve is established. The distance between the observed flow curve and the model curve is calculated to locate the time range of the anomaly. Sixth, the security data visualization is realized, and the interactive interface for network managers to manage secure data is provided. Finally, the functional tests of the association analysis module and the prediction module are carried out, as well as the visual usability verification of the monitor side. This paper is an initial presentation of situational awareness prediction system, which lays a good foundation for the later regional network security management and defense.
【學(xué)位授予單位】:電子科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2017
【分類號】:TP393.0
本文編號:2187646
[Abstract]:In recent years, the rapid development of the Internet has penetrated into all aspects of people's life, also applied to the important infrastructure of the country, accelerated the process of national information. Internet has become a part of people's life, inseparable. At the same time, the technology of network attack has also developed rapidly, and the loopholes in computer networks and operating systems have been exposed more by the Internet platform, so that the use of the network for illegal activities often occurs. Cause no small economic loss. Therefore, it is very important to know the security state of the current network and predict the development trend of the network state. In addition, the single nature of the protection can not meet the needs of the need for comprehensive consideration of a variety of protective measures between the relevance of the realization of collaborative protection. In order to achieve cooperative protection, trend prediction and help to locate anomalies quickly and accurately, this paper designs and implements a situation prediction and visualization system of regional network, which collects multi-source data related to different devices in regional network. After preprocessing, understanding, association analysis and prediction are carried out, and finally visualization is realized, which makes network attack defense from passive to active, and provides strong support for network managers to analyze and adjust defense strategy. This paper focuses on the research and implementation of situation prediction and visualization technology of regional network. Firstly, it designs and implements a complete situational awareness forecasting system from data acquisition, data analysis to data visualization. Secondly, research and implementation of multi-source heterogeneous data acquisition, for the system's core function of correlation analysis and trend prediction provides a strong data support. Thirdly, we study and implement the association analysis algorithm, mining the association rules between the network security events that occur in the local network, and give the confidence between the associated security events. Fourthly, the advantages and disadvantages of the two neural network algorithms are analyzed and compared, and the improved method of RIBF neural network is put forward, the trend prediction is realized by using the improved RBF, and the prediction results before and after the improved algorithm are compared. Fifth, a network anomaly detection method based on a large amount of data is proposed. By storing a large amount of traffic history curve data, the training data of the same behavior pattern are extracted, and the model curve is established. The distance between the observed flow curve and the model curve is calculated to locate the time range of the anomaly. Sixth, the security data visualization is realized, and the interactive interface for network managers to manage secure data is provided. Finally, the functional tests of the association analysis module and the prediction module are carried out, as well as the visual usability verification of the monitor side. This paper is an initial presentation of situational awareness prediction system, which lays a good foundation for the later regional network security management and defense.
【學(xué)位授予單位】:電子科技大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2017
【分類號】:TP393.0
【參考文獻】
相關(guān)期刊論文 前10條
1 丁麗;;網(wǎng)絡(luò)安全監(jiān)測數(shù)據(jù)分析——2016年10月[J];互聯(lián)網(wǎng)天地;2016年12期
2 李平;;2015年電腦病毒感染突破48億次 病毒成斂財工具[J];計算機與網(wǎng)絡(luò);2016年Z1期
3 席榮榮;云曉春;金舒原;張永錚;;網(wǎng)絡(luò)安全態(tài)勢感知研究綜述[J];計算機應(yīng)用;2012年01期
4 李碩;戴欣;周渝霞;;網(wǎng)絡(luò)安全態(tài)勢感知研究進展[J];計算機應(yīng)用研究;2010年09期
5 韋勇;連一峰;;基于日志審計與性能修正算法的網(wǎng)絡(luò)安全態(tài)勢評估模型[J];計算機學(xué)報;2009年04期
6 賴積保;王慧強;金爽;;基于Netflow的網(wǎng)絡(luò)安全態(tài)勢感知系統(tǒng)研究[J];計算機應(yīng)用研究;2007年08期
7 王慧強;賴積保;朱亮;梁穎;;網(wǎng)絡(luò)態(tài)勢感知系統(tǒng)研究綜述[J];計算機科學(xué);2006年10期
8 劉柏森;劉美佳;秦進平;;RBF網(wǎng)絡(luò)在逼近能力方面的探討[J];交通科技與經(jīng)濟;2006年01期
9 胡華平,張怡,陳海濤,宣蕾,孫鵬;面向大規(guī)模網(wǎng)絡(luò)的入侵檢測與預(yù)警系統(tǒng)研究[J];國防科技大學(xué)學(xué)報;2003年01期
10 閆懷志,胡昌振,譚惠民;基于模糊矩陣博弈的網(wǎng)絡(luò)安全威脅評估[J];計算機工程與應(yīng)用;2002年13期
相關(guān)碩士學(xué)位論文 前1條
1 呂智勇;基于數(shù)據(jù)挖掘的入侵檢測系統(tǒng)的研究[D];哈爾濱工程大學(xué);2006年
,本文編號:2187646
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2187646.html
最近更新
教材專著
