【摘要】：隨著互聯(lián)網(wǎng)的普及,網(wǎng)絡(luò)安全已經(jīng)成為了影響社會穩(wěn)定的重要因素。網(wǎng)絡(luò)安全態(tài)勢感知技術(shù)就是以網(wǎng)絡(luò)安全發(fā)展?fàn)顩r為切入點,對安全狀態(tài)以及發(fā)展趨勢進(jìn)行高效全面的感知。近年來網(wǎng)絡(luò)態(tài)勢感知技術(shù)研究已經(jīng)日趨成熟,但仍存在以下不足:缺乏安全態(tài)勢要素預(yù)測值對態(tài)勢影響的研究、缺乏態(tài)勢要素的反饋防護(hù)并忽略了各要素及主機(jī)態(tài)勢值之間的相互關(guān)系對預(yù)測的影響。此外,網(wǎng)絡(luò)安全態(tài)勢融合過程中主機(jī)的重要性未考慮主機(jī)在攻防場景的作用以及主機(jī)之間的連帶關(guān)系。為解決以上問題,本文首先研究了網(wǎng)絡(luò)安全態(tài)勢感知中數(shù)據(jù)源的處理預(yù)測方法,選取多個數(shù)據(jù)源作為感知要素,分別進(jìn)行處理預(yù)測并加固防護(hù);然后提出基于時空維度的多源網(wǎng)絡(luò)態(tài)勢感知方法,評估并預(yù)測網(wǎng)絡(luò)安全態(tài)勢。主要研究內(nèi)容有:1、為提高入侵檢測準(zhǔn)確率,針對攻擊方典型數(shù)據(jù)源—入侵威脅集,提出層次屬性約減的入侵檢測(HRGA-IDS)方法。首先對數(shù)據(jù)進(jìn)行預(yù)處理并且分層劃分子空間;其次采用文化算法的雙層進(jìn)化模型控制粗糙集-遺傳算法的進(jìn)化,形成具有針對性的約減集;最后設(shè)計層次Bayes分類器驗證算法性能。實驗表明,該算法可將Bayes分類的正確率提高至98.21%,并能較好識別出流量特征不明顯的R2L、U2R類別的入侵。2、為挖掘漏洞內(nèi)在聯(lián)系并對其進(jìn)行預(yù)測,針對防守方典型數(shù)據(jù)源—脆弱性集,提出了基于文本挖掘-粒子群優(yōu)化算法(PSO-K-means)的漏洞信息聚類、漏洞分析預(yù)測(VAPA)算法。首先利用PSO-K-means算法對漏洞進(jìn)行聚類并獲取主題詞;其次用VAPA算法對漏洞進(jìn)行預(yù)測。實驗表明PSO-K-means算法用于漏洞分類的準(zhǔn)確率達(dá)90.16%。VAPA算法能預(yù)測一個時間步長的漏洞類別及數(shù)量。3、根據(jù)以上兩點的研究,提出基于時空維度的網(wǎng)絡(luò)態(tài)勢感知方法。首先從時間維度對數(shù)據(jù)源的處理結(jié)果進(jìn)行融合得到主機(jī)態(tài)勢,并通過空間關(guān)系對其進(jìn)行動態(tài)修正和預(yù)測;其次結(jié)合網(wǎng)絡(luò)拓?fù)浣Y(jié)構(gòu)和攻擊圖,計算空間維度攻防場景中的主機(jī)重要性權(quán)重,得到時空維度網(wǎng)絡(luò)層的態(tài)勢預(yù)測值。實驗表明,本算法與現(xiàn)有方法相比將態(tài)勢預(yù)測的準(zhǔn)確率提高了 10.6%,證明了本算法能夠有效計算并預(yù)測網(wǎng)絡(luò)安全態(tài)勢。
[Abstract]:With the popularity of the Internet, network security has become an important factor affecting social stability. Network security situational awareness technology takes the development of network security as the starting point, and makes an efficient and comprehensive perception of the security state and development trend. In recent years, the research of network situational awareness technology has become more and more mature, but there are still the following shortcomings: lack of research on the influence of security situation element prediction on situation, lack of feedback protection of situation element and neglect of the influence of the relationship between each element and the host state value on the prediction. In addition, the importance of the host in the process of network security situation fusion does not take into account the role of the host in the attack and defense scene and the associated relationship between the hosts. In order to solve the above problems, this paper first studies the processing and prediction method of data sources in network security situational awareness, selects multiple data sources as perceptual elements, processes, forecasts and strengthens protection separately, and then proposes a multi-source network situational awareness method based on space-time dimension to evaluate and predict the network security situation. The main research contents are as follows: 1. In order to improve the accuracy of intrusion detection, a hierarchical attribute reduction intrusion detection (HRGA-IDS) method is proposed for the typical data source of attack party, intrusion threat set. Firstly, the data is preprocessed and layered into molecular space; secondly, the double-layer evolutionary model of cultural algorithm is used to control the evolution of rough set-genetic algorithm to form a targeted reduction set. Finally, a hierarchical Bayes classifier is designed to verify the performance of the algorithm. The experimental results show that the algorithm can improve the correct rate of Bayes classification to 98.21%, and can well identify the intrusion of R2L and U2R categories where the traffic characteristics are not obvious. 2. In order to mine the internal relationship of vulnerabilities and predict the vulnerability sets, a vulnerability information clustering algorithm based on text mining particle swarm optimization (PSO-K-means) is proposed, and the vulnerability analysis and prediction (VAPA) algorithm is proposed for the typical data source of defenders. Firstly, PSO-K-means algorithm is used to cluster the vulnerability and obtain the subject word. Secondly, the VAPA algorithm is used to predict the vulnerability. Experiments show that the accuracy of PSO-K-means algorithm in vulnerability classification is up to that of 90.16%.VAPA algorithm, which can predict the category and number of vulnerabilities in a time step. 3. According to the above two points, a network situational awareness method based on space-time dimension is proposed. Firstly, the host situation is obtained from the processing results of the data source from the time dimension, and the dynamic correction and prediction are carried out through the spatial relationship. Secondly, combined with the network topology and attack graph, the host importance weight in the spatial dimension attack and defense scene is calculated, and the situation prediction value of the space-time dimension network layer is obtained. The experimental results show that the algorithm improves the accuracy of situation prediction by 10.6% compared with the existing methods, which proves that the algorithm can effectively calculate and predict the network security situation.
【學(xué)位授予單位】：西北大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2017
【分類號】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 龔儉;臧小東;蘇琪;胡曉艷;徐杰;;網(wǎng)絡(luò)安全態(tài)勢感知綜述[J];軟件學(xué)報;2017年04期

2 蔣銘初;潘志松;尤峻;;基于PLSA主題模型的多標(biāo)記文本分類[J];數(shù)據(jù)采集與處理;2016年03期

3 高妮;高嶺;賀毅岳;雷艷婷;高全力;;基于貝葉斯攻擊圖的動態(tài)安全風(fēng)險評估模型[J];四川大學(xué)學(xué)報(工程科學(xué)版);2016年01期

4 高嶺;申元;高妮;雷艷婷;孫騫;;基于文本挖掘的漏洞信息聚類分析[J];東南大學(xué)學(xué)報(自然科學(xué)版);2015年05期

5 文志誠;陳志剛;鄧曉衡;劉安豐;;基于多源多層次信息融合的網(wǎng)絡(luò)安全態(tài)勢感知方法[J];上海交通大學(xué)學(xué)報;2015年08期

6 李丹丹;田春偉;李佰洋;孫廣路;康健;;基于子空間聚類的網(wǎng)絡(luò)流量分類方法[J];哈爾濱理工大學(xué)學(xué)報;2015年02期

7 唐成華;劉鵬程;湯申生;謝逸;;基于特征選擇的模糊聚類異常入侵行為檢測[J];計算機(jī)研究與發(fā)展;2015年03期

8 劉玉嶺;馮登國;連一峰;陳愷;吳迪;;基于時空維度分析的網(wǎng)絡(luò)安全態(tài)勢預(yù)測方法[J];計算機(jī)研究與發(fā)展;2014年08期

9 陳小軍;方濱興;譚慶豐;張浩亮;;基于概率攻擊圖的內(nèi)部攻擊意圖推斷算法研究[J];計算機(jī)學(xué)報;2014年01期

10 張玲;白中英;羅守山;謝康;崔冠寧;孫茂華;;基于粗糙集和人工免疫的集成入侵檢測模型[J];通信學(xué)報;2013年09期

相關(guān)博士學(xué)位論文 前2條

1 張建鋒;網(wǎng)絡(luò)安全態(tài)勢評估若干關(guān)鍵技術(shù)研究[D];國防科學(xué)技術(shù)大學(xué);2013年

2 賴積保;基于異構(gòu)傳感器的網(wǎng)絡(luò)安全態(tài)勢感知若干關(guān)鍵技術(shù)研究[D];哈爾濱工程大學(xué);2009年

相關(guān)碩士學(xué)位論文 前2條

1 王一村;網(wǎng)絡(luò)安全態(tài)勢分析與預(yù)測方法研究[D];北京交通大學(xué);2015年

2 孫德衡;基于指標(biāo)融合的網(wǎng)絡(luò)安全態(tài)勢評估模型研究[D];西北大學(xué);2012年

，

本文編號：2503805