發(fā)布時間：2018-01-11 21:02

  本文關鍵詞：電信網信息內容安全事件態(tài)勢感知技術研究　出處：《解放軍信息工程大學》2014年博士論文　論文類型：學位論文

  更多相關文章： 電信網 信息內容安全事件 態(tài)勢感知 態(tài)勢覺察 態(tài)勢理解 事件分類 態(tài)勢評估 態(tài)勢預測

【摘要】：隨著電信網規(guī)模的日益龐大和通信技術的迅猛發(fā)展,電信網在用戶數目和普及率、終端類型、業(yè)務種類以及與互聯(lián)網絡的融合程度等方面都呈現(xiàn)出了前所未有的蓬勃趨勢。然而,也為電信網信息內容安全領域帶來了新的挑戰(zhàn)。諸如騷擾音/視頻電話和垃圾短/彩信等信息內容安全事件隨之增多,影響和干擾了用戶的正常工作和生活,為社會和諧發(fā)展帶來不穩(wěn)定因素。因此,對此類事件的監(jiān)管已成為電信網信息內容安全領域的研究熱點。信息內容安全事件態(tài)勢感知,描述了對引起此類事件態(tài)勢變化的要素的獲取、理解和預測,能夠為決策提供有效、有力的數據支持,具有重要的現(xiàn)實意義和理論價值。本文將電信網絡中典型的信息內容安全事件,即騷擾音/視頻電話和垃圾短/彩信作為研究對象;以實現(xiàn)對電信網中以騷擾音/視頻電話和垃圾短/彩信為代表的信息內容安全事件的態(tài)勢感知為研究目標;沿用Endsly提出的經典態(tài)勢感知框架,將電信網信息內容安全事件態(tài)勢感知的信息處理過程,分為態(tài)勢覺察、態(tài)勢理解和態(tài)勢預測,其中對態(tài)勢的理解分為事件分類和態(tài)勢評估兩部分,作為本文的研究主線。主要研究內容和創(chuàng)新點如下:1、提出了一種基于關聯(lián)規(guī)則的態(tài)勢覺察方法。利用信息內容安全事件自身的特點與常規(guī)通信特征的不同,將通信特征中的行為特征、關系特征、位置特征及內容特征的相關數據進行關聯(lián)挖掘,實現(xiàn)對信息內容安全事件的發(fā)現(xiàn);針對大數據情況下可能存在的虛警問題,提出了基于邦弗朗尼校正的檢驗準則,對得到的頻繁項集是否符合事件發(fā)生條件進行篩選。實驗結果表明,該方法切實有效,在低虛警率和漏檢率的情況下,具有較好的檢測率;2、提出了分布式冪級Apriori算法和層次式協(xié)同演化遺傳算法,分別針對離線和在線數據進行關聯(lián)規(guī)則的挖掘。其中,分布式冪級Apriori算法在Apriori算法原理的基礎上,采用冪集法生成所有經過1次支持度篩選后的頻繁1項集的子項作為候選項,減少了掃描數據庫和剪枝次數,提高了運算速度,并且保留了原算法中可能被濾除的頻繁項集,使得結果更為完備。實驗結果表明,該算法運行時間短,并行運算能力強,性能優(yōu)于現(xiàn)有Apriori算法;層次式協(xié)同演化遺傳算法中,采用層次式結構,對由項集形成的子種群采用遺傳算法進行演化,作為局部解,對形成的優(yōu)勢種群采用合作協(xié)同思想進行演化,實現(xiàn)信息的交互和傳遞,從而將局部解整合得到全局解。實驗結果表明,該算法在保證一定準確率的前提下,運行速度快、聚焦能力強、泛化性好,在大規(guī)模數據處理中具有較高的優(yōu)越性;3、提出一種多維信息聯(lián)合的LDA模型的事件分類方法。以網絡通信中的時間特征為軸,對由此劃分出的各個時間片段中的用戶信息和通信內容特征采用LDA模型進行建模分類,對分類結果的相似性進行度量后,再與增量更新數據部分的分類結果歸納合并,從而實現(xiàn)對數據集中所含事件的在線分類。實驗結果表明,該模型具有較好的泛化能力和事件分類能力,可以有效實現(xiàn)對信息內容安全事件的在線分類。與其他分類算法相比,提出算法可在較短時間內完成對事件細粒度的分類,準確度較高;4、提出了一種層次化的態(tài)勢評估模型。該模型采用層次式結構,分別對事件級、區(qū)域級和系統(tǒng)級的態(tài)勢評估值進行計算。其中,事件級態(tài)勢利用事件特征中的行為特征和內容特征進行計算;區(qū)域級態(tài)勢則依據關系特征和位置特征;系統(tǒng)級態(tài)勢整合所涉及的各區(qū)域級態(tài)勢,對各級態(tài)勢評估值參數的計算方法進行了定義。實驗結果表明,該模型及計算方法具有可行性和可靠性,在對信息內容安全事件的態(tài)勢評估過程中,能夠有效反映事件的變化及其影響程度;5、提出了一種基于精英選擇模型的免疫遺傳算法優(yōu)化RBF神經網絡的態(tài)勢預測方法。模型采用精英選擇策略,確保優(yōu)良基因得以保留進入下一代。同時,通過退火因子的擾動,在一定程度上增加了變異的多樣性,提高整個算法的收斂速度和局部搜索能力。實驗結果表明,該算法可以準確地對信息內容安全事件的態(tài)勢做出預測,與實際數據的擬合度較高,有效體現(xiàn)了事件強度的變化趨勢。算法具有的強收斂性,減少了訓練的成本,降低了算法的學習時間,綜合性能與現(xiàn)有算法相比具有優(yōu)越性。
[Abstract]:With the rapid development of increasingly large scale telecommunication network and communication technology, telecommunication network in the number of users and the penetration rate, terminal type, service type and network integration and other aspects of the degree of showing a booming trend hitherto unknown. However, it also brings new challenges to the telecom network information security field such as harassment. Audio / video call and spam SMS / MMS and other information security incidents increased, affect and interfere with the user's normal work and life, bring instability to the harmonious development of the society. Therefore, the supervision of such events has become a hot research topic in telecom network information security. Information security incident situation awareness. Describe the elements of such events caused by obtaining situation change, understand and predict, to provide effective and powerful data support, has important practical significance and The theory of value. In this paper, the content of information security events typical of the telecommunication network, namely audio / video and telephone harassment spam short / MMS as the research object; in order to achieve the telecommunication network to audio / video telephone harassment and spam short information content security incidents / MMS as the representative of the situation perception as the research object; the classical situational awareness framework proposed by Endsly, the information network information security situation awareness event process, divided into situation awareness, situation understanding and situation forecast, the situation understanding of event classification and situation assessment is divided into two parts, as the main line of this paper. The main research contents and innovations are as follows: 1 put forward a method of association rules based on situation awareness. The information content security event itself and conventional communication characteristics of the different characteristics of the communication behavior characteristic, relationship characteristics, position Association mining related data set features and content features, implementation of security incidents on the information content of discovery; for the false alarm problem may exist in large data situation, proposed the Bong Furlong Ni correction test based on the criterion of frequent itemsets obtained is consistent with the occurrence conditions were selected. The experimental results show that this method is effective and in the effective, low false alarm rate and missing rate, has better detection rate; 2, the co evolution genetic algorithm for distributed power level Apriori algorithm and hierarchical, mining association rules for off-line and on-line data respectively. Among them, the distributed power level Apriori algorithm based on the principle of Apriori algorithm. The power generation of all after 1 support after the screening of frequent itemsets 1 sub items as a candidate set, reducing the number of scanning the database and pruning, improves the operation speed, and Paul May be left in the original algorithm of frequent itemsets filtering, which makes it more complete. The experimental results show that the algorithm running time is short, parallel computing ability, the performance is better than the existing Apriori algorithm; hierarchical co evolution genetic algorithm, using hierarchical structure, formed by the set of sub populations by genetic algorithm evolution, as a partial solution, for the formation of the dominant population collaborative thought evolution, to realize the information interaction and transfer, so as to get the global solution of the integration of local solutions. The experimental results show that the algorithm not only guarantees the accuracy, fast running speed, focusing ability, good generalization, superiority high in mass data processing; 3, we propose a LDA model combined with the multidimensional information event classification method. With time characteristics of network communication in the axis of each time segment which divided into the The user information and communication content features of the LDA model is used to measure the similarity classification modeling, the results of the classification, classification and incremental updating data part of the results are summarized with, thus realizing the online classification data set contains the event. The experimental results show that the model has good generalization ability and event classification ability that can effectively achieve the online classification of security events on information content. Compared with other classification algorithms, this algorithm can be in a relatively short period of time to complete the classification of fine-grained, high degree of accuracy; 4, we propose a hierarchical model of situation assessment. The model uses the hierarchical structure of the event. Regional level and system level situation assessment value were calculated. The event level situation using behavioral features and content features of the event features were calculated; regional situation according to the special relationship Sign and position features; system level integration situation involving the regional level situation, at all levels of situation assessment method of calculating parameters are defined. The experimental results show that the model and the calculation method is feasible and reliable, in the event of information content security situation assessment process, can effectively reflect the changes and influence the event; 5, proposed an elitist selection model RBF neural network optimized by immune genetic algorithm. The model trend prediction method based on elitist selection strategy, to ensure good genes survive into the next generation. At the same time, by disturbing the annealing factor, the diversity increased to a certain extent, improve the convergence speed the whole algorithm and local search ability. The experimental results show that this algorithm can accurately the content of information security incidents situation forecast, and the actual data fitting Higher efficiency effectively reflects the trend of the change of event intensity. The algorithm has strong convergence, reducing the cost of training, reducing the learning time of the algorithm, and the comprehensive performance is superior to the existing algorithm.

【學位授予單位】：解放軍信息工程大學
【學位級別】：博士
【學位授予年份】：2014
【分類號】：TN915.08

【參考文獻】

相關期刊論文 前10條

1 向劍平;左R，

本文編號：1411188