智能化网络安全威胁感知融合模型研究

doi:10.3969/j.issn.1671-1122.2020.04.011

信息网络安全 ›› 2020, Vol. 20 ›› Issue (4): 87-93.doi: 10.3969/j.issn.1671-1122.2020.04.011

智能化网络安全威胁感知融合模型研究

赵志岩¹(), 纪小默²

1. 中国人民公安大学警务信息工程与网络安全学院,北京 100038
2. 北京市公安局网络安全保卫总队,北京 100740

收稿日期:2020-01-09 出版日期:2020-04-10 发布日期:2020-05-11
通讯作者: 赵志岩 E-mail:zhaozhiyan@ppsuc.edu.cn
作者简介:
作者简介：赵志岩（1980—）,女,北京,讲师,硕士,主要研究方向为网络犯罪与取证、大数据分析;纪小默（1979—）,男,北京,本科,主要研究方向为网络安全。
基金资助:
公安部技术研究计划[2019JSYJB03];中央高校基本科研业务费专项资金[2020JKF310]

Research on the Intelligent Fusion Model of Network Security Situation Awareness

ZHAO Zhiyan¹(), JI Xiaomo²

1. School of Police Information Engineering and Network Security, People’s Public Security University of China, Beijing 100038, China
2. Cyber Security Corps of Beijing Public Security Bureau, Beijing 100740, China

Received:2020-01-09 Online:2020-04-10 Published:2020-05-11
Contact: Zhiyan ZHAO E-mail:zhaozhiyan@ppsuc.edu.cn

摘要/Abstract

摘要：

文章针对当前网络安全态势感知模型数据分析的深度和广度的局限性,以及协作联动能力不足等问题,提出了一种智能化网络安全威胁感知融合模型。模型采用模块化、组件化进行结构组织,包括网络安全漏洞隐患检测模块、网络安全数据预处理模块、网络安全数据要素提取模块、网络安全态势评估模块、网络安全态势预测模块及网络安全态势可视化模块,并明确了每个模块使用的技术方法。这些方法包括K-means聚类、PCA特征提取、贝叶斯网络、人工神经网络等。分析发现,模型具有持续监控、威胁预警、多重角度的可视化数据呈现、模块化与可插拔的中间件等功能,可根据不同组合的模型应用实现数据安全服务与信任评估服务,有效提升网络安全态势感知系统的监测预警能力。

关键词: 网络安全态势感知, 漏洞隐患检测, 数据预处理, 安全态势评估, 安全态势预测

Abstract:

In view of the limitation of the depth and breadth of data analysis of current network security situation awareness model, as well as the lack of logical collaboration and functional linkage, this paper proposes an intelligent fusion model of network security situation awareness, which adopts modularization and componentization to organize the structure of the model. The model contains six modules: network security vulnerability detection module, network security data preprocessing module, network security data element extraction module, network security situation analysis module, network security situation prediction module, and network security situation visualization module. And the technical details of modules are denoted in this paper, that includes K-means clustering, PCA feature extraction, Bayesian network, artificial neural network, etc. The model has the abilities of continuous monitoring, threat early warning, visual data presentation with multi angles, and the function design of modular and pluggable middleware. The model would provide data protection service and trustaccessment serviceaccording to different combination of model applications. The model could improve the monitoring and alert ability of network security situation awareness system effectively.

Key words: network security situation awareness, vulnerability detection, data preprocessing, situation analysis, situation prediction

中图分类号:

TP309

赵志岩, 纪小默. 智能化网络安全威胁感知融合模型研究[J]. 信息网络安全, 2020, 20(4): 87-93.

ZHAO Zhiyan, JI Xiaomo. Research on the Intelligent Fusion Model of Network Security Situation Awareness[J]. Netinfo Security, 2020, 20(4): 87-93.

图/表 2

参考文献 29

[1]	LIU Zhongqiang, YU Chengli.Exploring the Security Defense Strategy of Computer Virus in LAN from Wannacry Blackmail Virus[J]. Security Science and Technology, 2017(6): 18-21.
	刘中强,于成丽.从Wannacry勒索病毒着手探究局域网内计算机病毒的安全防御策略[J]. 保密科学技术,2017(6):18-21.
[2]	CIO. Inventory of Top Ten Data Leakage Security Events in 2018[EB/OL]. , 2018-12-18.
	CIO. 2018年十大数据泄露安全事件盘点[EB/OL]. , 2018-12-18.
[3]	FreeBuf.2020 Network Security Industry Trend Forecast[EB/OL]. , 2020-1-5.
	FreeBuf.2020年网络安全行业趋势预测[EB/OL]. , 2020-1-5.
[4]	Xinhuatone. With the Popularization of Internet, Network Security has Received Unprecedented Attention[EB/OL]. , 2019-8-23.
	新经网. 随着互联网普及网络安全受到了前所未有的关注[EB/OL]. , 2019-8-23.
[5]	LI Yan, HUANG Guangqiu, WANG Chunzi, et al.Analysis Framework of Network Security Situational Awareness and Comparison of Implementation Methods[J]. EURASIP Journal on Wireless Communications and Networking, 2019(1): 1-32.
[6]	STEINBERGA N, BOWMAN C L, WHITE F E. Revisions to the JDL Data Fusion Model[EB/OL]. , 2019-12-10.
[7]	YUAN Yuan, SUN Fuchun. Secure the Control System Against DoS Attacks: A JDL Data Fusion Method[EB/OL]. , 2019-12-10.
[8]	BASST. Intrusion Detection Systems and Multisensor Data Fusion[J]. Communications of the ACM, 2000, 43(4): 99-105.
[9]	LAI Te.Research on Logfusion Technology of Network Security Appliances[D]. Chengdu: University of Electronic Science and technology, 2015.
	赖特. 网络安全设备日志融合技术研究[D]. 成都:电子科技大学,2015.
[10]	ZHAO Guosheng, WANG Huiqiang, WANG Jian.A Situation Awareness Model of Network Security Based on Grey Verhulst Model[J]. Journal of Harbin University of Technology, 2008, 40(5): 798-801.
	赵国生,王慧强,王健.基于灰色Verhulst的网络安全态势感知模型[J].哈尔滨工业大学学报,2008,40(5):798-801.
[11]	LIU Xiaowu, WANG Huiqiang, LIANG Ying, et al.Network Security Situation Awareness Model Based on Heterogeneous Multi-sensor Fusion[J]. Computer Science, 2008, 35(8): 69-73.
	刘效武,王慧强,梁颖,等.基于异质多传感器融合的网络安全态势感知模型[J].计算机科学,2008,35(8):69-73.
[12]	LIU Xiaowu, WANG Huiqiang, YU Jiguo, et al.Network Security Situation Awareness Model Based on Multi-source Fusion[J]. Journal of PLA University of Science and Technology(Natural Science Edition), 2012(4): 53-57.
	刘效武,王慧强,禹继国,等.基于多源融合的网络安全态势感知模型[J]. 解放军理工大学学报(自然科学版),2012(4):53-57.
[13]	HUI Xinya, LIU Jianhua, LIU Hao.Construction and Analysis of Network Security Situation Awareness Model Based on Colored Petri Nets[J]. Computer and Digital Engineering, 2019, 47(2): 393-401.
	惠馨雅,刘建华,刘浩. 基于有色Petri网的网络安全态势感知模型构建及分析[J]. 计算机与数字工程,2019,47(2):393-401.
[14]	CAI Yuancui, DU Hongyan, WANG Xin.Network Security Situation Awareness Platform Based on Generating Countermeasure Network[J]. Information Technology and Network Security, 2019, 38(8): 1-5.
[15]	CHENG Jiagen.Network Security Situation Awareness Based on RBF Neural Networks[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition), 2019, 39(4): 88-95.
	程家根. 基于RBF神经网络的网络安全态势感知[J]. 南京邮电大学学报(自然科学版),2019,39(4):88-95.
[16]	LI Weichao, ZHANG Zheng, WANG Liqun, et al.A Web Threat Situation Analysis Method with Pseudo Structure[J]. Computer Engineering, 2019, 45(8): 1-6.
	李卫超,张铮,王立群,等. 一种拟态构造的Web威胁态势分析方法[J]. 计算机工程,2019,45(8):1-6.
[17]	GERHARDS R. The Syslog Protocol[EB/OL]. , 2019-12-10.
[18]	STALLINGS W. SNMP, NMPv2, SNMPv3, and RMON 1 and 2(paperback)[EB/OL]. , 2019-12-10.
[19]	HOFFMAN P. The Telnet URI Scheme[EB/OL]. , 2019-12-10.
[20]	MINAR P, DYMÁCEK TD. NetFlow Data Visualization Based on Graphs[EB/OL]. , 2019-12-10.
[21]	GRANT J D, SOMERS L, ZHANG Yue, et al. FGDP: Functional Genomics Data Pipeline for Automated, Multiple Microarray Data Analyses[EB/OL]. , 2019-12-10.
[22]	DENG Xiaobei, CHEN Youqing.Data Integration Method for Customer Oriented Data Warehouse[J]. Modern Computer, 2002(5): 42-45.
	邓晓蓓,陈有青. 面向客户数据仓库的数据集成方法[J]. 现代计算机,2002(5):42-45.
[23]	WOLD S, ESBENSEN K, GELADI P.Principal Component Analysis[J]. Chemometrics & Intelligent Laboratory Systems, 1987, 2(1): 37-52.
[24]	MAO Wei, SONG Yangdong, WANG Dapeng, et al.Research on Data Fusion Based on Bayesian Network with Weight[J]. Missile and Space Launch Technology, 2014(5): 52-59.
	毛伟,宋扬东,汪大鹏,等.基于带权重的贝叶斯网络数据融合研究[J]. 导弹与航天运载技术,2014(5):52-59.
[25]	HE Yanghui, ZHOU Haiying.Research on Multi-source Information Fusion Technology Based on Artificial Neural Network[J]. Computer Knowledge and Technology, 2009, 5(1): 149-150.
	贺养慧,周海英.基于人工神经网络的多源信息融合技术研究[J].电脑知识与技术,2009,5(1):149-150.
[26]	GUO Jinyu, ZHANG Zhongbin, SUN Qingyun.Study and Applications of Analytic Hierarchy Process[J]. Chinese Journal of Safety Sciences, 2008(5): 152-157.
	郭金玉,张忠彬,孙庆云.层次分析法的研究与应用[J]. 中国安全科学学报,2008(5):152-157.
[27]	REN Wei, JIANG Xinghao, SUN Xuefeng.RBFNN-based Prediction of Networks Security Situation[J]. Computer Engineering and Application, 2006, 42(31): 140-142, 148.
	任伟,蒋兴浩,孙锬锋. 基于RBF神经网络的网络安全态势预测方法[J]. 计算机工程与应用,2006,42(31):140-142,148.
[28]	WANG Caiyin.Assessment of Network Security Situation Based on GreyrelationAlanalysisand SupportVector Machine[J]. Computer Application Research, 2013, 30(6): 265-268.
	汪材印. 灰色关联分析和支持向量机相融合的网络安全态势评估[J]. 计算机应用研究,2013,30(6):265-268.
[29]	XU Ruzhi, CHANG Taihua, LV Guangjuan.Research on Prediction Method of Network Security Situation Based on Time Series[J]. Practice and Understanding of Mathematics, 2010(12): 124-131.
	徐茹枝,常太华,吕广娟. 基于时间序列的网络安全态势预测方法的研究[J]. 数学的实践与认识,2010(12):124-131.

智能化网络安全威胁感知融合模型研究

Research on the Intelligent Fusion Model of Network Security Situation Awareness

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 2

参考文献 29

相关文章 5

编辑推荐

Metrics

本文评价

[1]	薛丽敏, 李忠, 蓝湾湾. 基于在线学习RBFNN的网络安全态势预测技术研究[J]. 信息网络安全, 2016, 16(4): 23-30.
[2]	. 网络安全态势感知系统的构建与应用[J]. , 2014, 14(5): 73-.
[3]	陈敏欣;谢冬青;黄海. 环境监测有害成分的数据融合及其水质状况评价[J]. , 2014, 14(2): 0-0.
[4]	. 环境监测有害成分的数据融合及其水质状况评价[J]. , 2014, 14(2): 63-.
[5]	谭小彬;张勇;钟力. 基于多层次多角度分析的网络安全态势感知[J]. , 2008, 8(11): 0-0.