基于异构网络空管安全监控关联算法研究

doi:10.3969/j.issn.1671-1122.2022.04.007

摘要/Abstract

摘要：

大数据给人们带来方便的同时,也带来了安全隐患,保证大数据环境的网络安全已成为当今社会的一个重要课题,尤其是民航空管数据安全。文章针对其查询分析复杂以及大数据量等特点,通过分析大数据环境下的异构网络空管安全监控技术,进一步简化、清洗真实数据,得到核心数据库,进而构建一个可以提供测试环境并能够模拟实际攻击行为的集群实验环境,最终测试并验证大数据环境下异构网络空管安全监控平台的FP-Growth算法的改进,通过MDFP-Growth算法安全事件的关联和分布式序列图的模式等方式进行网络安全空管监控的整体态势分析,进一步加强异构网络空管大数据安全管理,也为相关民航企业分析提供大数据环境下隐含规律提高参考模型。

关键词: FP-Growth, 异构网络, 大数据, 关联算法

Abstract:

Big data brings convenience to people, but it also brings some security risks. Ensuring network security in big data environment has become an important topic nowadays, especially in civil aviation air traffic control data security. In view of its complex query and analysis and large amount of data, by analyzing the heterogeneous network air traffic control security monitoring technology in big data environment, it further simplifies and cleans the real data to get the core database, and then builds a cluster experimental environment that can provides a test environment and simulates the actual attack behavior. Finally, by testing and verifying the improvement of FP-Growth algorithm of heterogeneous network ATC security monitoring platform under big data environment, and analyzing the overall situation of network security ATC monitoring through the correlation of security events of MDFP-Growth algorithm and the mode of distributed sequence diagram, the big data security management of heterogeneous network can be further strengthened, It also provides a reference model for the analysis of relevant civil aviation enterprises to improve the hidden law in the big data environment.

Key words: FP-Growth, heterogeneous network, big data, correlation algorithm

中图分类号:

TP309

刘龙庚. 基于异构网络空管安全监控关联算法研究[J]. 信息网络安全, 2022, 22(4): 58-66.

LIU Longgeng. Research on Association Algorithm of Heterogeneous Network Security Monitoring[J]. Netinfo Security, 2022, 22(4): 58-66.

图/表 9

图1

图2

图3

表1

图4

表2

图5

图6

表3

参考文献 25

[1]	RAGHAVENDRA K C, ASWANI K C. Scalable Algorithm for Generation of Attribute Implication Base Using FP-Growth and Spark[J]. Soft Computing, 2021, 25(14): 9219-9240. doi: 10.1007/s00500-021-05844-9 URL
[2]	ZHANG Mingwei, CHEN Rong. Research on Optimization of Heterogeneous Air Cargo Network Based on Hybrid Particle Swarm Algorithm[EB/OL]. [2021-11-05]. https://www.researchgate.net/publication/349983223_Research_on_Optimization_of_Heterogeneous_Air_Cargo_Network_Based_on_Hybrid_Particle_Swarm_Algorithm .
[3]	HE Wang, LIN Guoyuan. Analysis of Cloud Server Fault Data Based on Improved FP-Growth Algorithm[J]. Computer Engineering & Science, 2020, 42(5): 770-775.
	何望, 林果园. 基于FP-Growth改进算法的云服务器故障数据分析[J]. 计算机工程与科学, 2020, 42(5):770-775.
[4]	ZHU Anqing, LI Shuai, TANG Xiaodong. Parallel FP_Growth Association Rules Mining Method on Spark Platform[J]. Computer Science, 2020, 47(12): 147-151.
	朱岸青, 李帅, 唐晓东. Spark平台中的并行化FP_Growth关联规则挖掘方法[J]. 计算机科学, 2020, 47(12): 147-151.
[5]	ZHANG Ya. On Mining of Frequent Item Sets of Big Data Based on K-Means Clustering[J]. Computer Simulation, 2020, 37(8): 463-467.
	张娅. 基于K均值聚类的大数据频繁项集挖掘研究[J]. 计算机仿真, 2020, 37(8):463-467.
[6]	DAI Weimin. Research and Implementation of Parallelization of FP Growth Algorithm Based on Hadoop Platform[J]. Journal of Ningxia University(Natural Science Edition), 2020, 41(1): 74-79.
	戴伟敏. 基于Hadoop平台FP-Growth算法并行化研究与实现[J]. 宁夏大学学报(自然科学版), 2020, 41 (1):74-79.
[7]	WU Yilan, ZHANG Jing. Building the Electronic Evidence Analysis Model Based on Association Rule Mining and FP-Growth Algorithm[J]. Soft Computing, 2019, 24: 1-12. doi: 10.1007/s00500-019-04566-3 URL
[8]	SHABTAY L, FOURNIER V P, YAARI R, et al. A Guided FP-Growth Algorithm for Mining Multitude-Targeted Item-Sets and Class Association Rules in Imbalanced Data[J]. Information Sciences, 2021, 55(3): 353-375.
[9]	HU Wei, LI Jing, CHENG Jie, et al. Security Monitoring of Heterogeneous Networks for Big Data Based on Distributed Association Algorithm[J]. Computer Communications, 2020, 152(2): 206-214. doi: 10.1016/j.comcom.2020.01.045 URL
[10]	HE Yunrui, YAN Yiying, DANG Yijie, et al. Research on Alarm Association Mechanism of Information System Based on FP-Growth Algorithm[J]. Journal of Physics: Conference Series, 2020, 93(1): 12082-12087.
[11]	WANG Xiaoying, LIU Qingjie, PAN Zhian, et al. APT Attack Detection Algorithm Based on Spatio-Temporal Association Analysis in Industrial Network[J]. Journal of Ambient Intelligence and Humanized Computing, 2020(12): 1-10.
[12]	FU Zeqiang, WANG Xiaofeng, KONG Jun. High-Performance Association Analysis Method for Network Security Alarm Information[J]. Computer Science, 2019, 46(5): 123-128.
	付泽强, 王晓锋, 孔军. 高性能网络安全告警信息的关联分析方法[J]. 计算机科学, 2019, 46(5): 123-128.
[13]	LU Xianguang, DU Xuehui, WANG Wenjuan. Alert Correlation Algorithm Based on Improved FP Growth[J]. Computer Science, 2019, 46(8): 64-70.
	鲁显光, 杜学绘, 王文娟. 基于改进FP growth的告警关联算法[J]. 计算机科学, 2019, 46(8):64-70.
[14]	GAO Quan, WAN Xiaodong. Parallel FP-Growth Algorithm Based on Load Balance[J]. Computer Engineering, 2019, 45(3): 38-41, 46.
	高权, 万晓冬. 基于负载均衡的并行FP-growth算法[J]. 计算机工程, 2019, 45 (3):38-41,46.
[15]	WU Zihong, CHENG Lianglun, WANG Zhuowei. Hierarchical Itemset Mining Algorithm Based on Spark[J]. Computer Engineering and Design, 2019, 40(4): 96-100.
	吴梓宏, 程良伦, 王卓薇. 基于Spark的层次化项集挖掘算法[J]. 计算机工程与设计, 2019, 40(4):96-100.
[16]	YANG Xiaodong, LIN Xiaoxia, LIN Xiaole. Application of Apriori and FP-Growth Algorithms in Soft Examination Data Analysis[J]. Journal of Intelligent and Fuzzy Systems, 2019, 37(1): 425-432. doi: 10.3233/JIFS-179097
[17]	DONG Jie. Research on Intelligent Classification Method of Multi-Component Big Data in Heterogeneous Networks[J]. Modern Electronics Technique, 2019, 42(18): 164-167.
[18]	ZHAI Jianli, WANG Yingli. Research on Network Anomaly Detection Algorithm Based on Fuzzy Clustering[J]. Electronic Measurement Technology, 2019, 42(16): 172-176.
[19]	YUAN Ziye, GE Wancheng. Research on Resource Management Optimization of Heterogeneous Network in Vehicle Networking[J]. Information & Communications, 2019(5): 93-95.
[20]	LU Xianguang, DU Xuehui, WANG Wenjuan. Alert Correlation Algorithm Based on Improved FP Growth[J]. Computer Science, 2019, 46(8): 64-70.
[21]	LIANG Zhiqing, LI Peiyu, WANG Hui, et al. Research on TCP Protocol of QoS in Heterogeneous Network[J]. Computer Measurement & Control, 2018, 26(8): 186-190.
[22]	WANG Tianyue, HOU Jinxiu, YU Zhihong. Analysis of Hierarchical and Time-Phased Model of Large-Scale Power Grid Based on FP-Growth Algorithm[J]. IOP Conference Series: Earth and Environmental Science, 2018, 192(1): 31-38.
[23]	LIU Longgeng, LUO Guangchun. Routing Optimization in Networks Based on Traffic Gravitational Field Model[J]. International Journal of Modern Physics B, 2017, 31(11): 74-82.
[24]	LIU Longgeng, LUO Guangchun, QIN Ke, et al. An Algorithm Based on Logistic Regression with Data Fusion in Wireless Sensor Networks[J]. Eurasip Journal on Wireless Communications & Networking, 2017, 2017(1): 1-9.
[25]	LIU Longgeng, LUO Guangchun, QIN Ke, et al. An On-Demand Global Time Synchronization Based on Data Analysis for Wireless Sensor Networks[J]. Procedia Computer Science, 2018, 12(9): 503-510.

项事务	a₁	a₂	a₃	a₄	a₅	b₁	b₂	b₃	b₄	b₅	c₁	c₂	c₃	c₄	c₅
1	1	1	1	1	1	0	0	0	0	0	0	0	0	0	0
2	1	1	1	1	1	0	0	0	0	0	0	0	0	0	0
3	1	1	1	1	1	0	0	0	0	0	0	0	0	0	0
4	0	0	0	0	0	1	1	1	1	1	0	0	0	0	0
5	0	0	0	0	0	1	1	1	1	1	0	0	0	0	0
6	0	0	0	0	0	1	1	1	1	1	0	0	0	0	0
7	0	0	0	0	0	0	0	0	0	0	1	1	1	1	1
8	0	0	0	0	0	0	0	0	0	0	1	1	1	1	1
9	0	0	0	0	0	0	0	0	0	0	1	1	1	1	1
10	0	0	0	0	0	0	0	0	0	0	1	1	1	1	1

后缀	频繁项集
e	{e},{d,e},{a,d,e},{c,e},{a,e}
d	{d},{c,d},{b,c,d},{a,c,d},{b,d},{a,b,d},{a,d}
c	{c},{b,c},{a,b,c},{a,c}
b	{b},{a,b}
a	{a}

序号	规则	支持度	置信度	兴趣度
1	IP_dst=206.71.77.2;Port_dst=80;IP_src=172.16.113.169⇒alarm_name=WEB-CGIcount.cgiaccess	0.103％	1	483.275
2	IP_dst=131.84.1.31;IP_src=172.16.115.20⇒alarm_name=（snortdecoder）BadTrafficLoopbackIP	14.2％	0.495256	1.83333