Research on the Intelligent Fusion Model of Network Security Situation Awareness

doi:10.3969/j.issn.1671-1122.2020.04.011

Abstract

Abstract:

In view of the limitation of the depth and breadth of data analysis of current network security situation awareness model, as well as the lack of logical collaboration and functional linkage, this paper proposes an intelligent fusion model of network security situation awareness, which adopts modularization and componentization to organize the structure of the model. The model contains six modules: network security vulnerability detection module, network security data preprocessing module, network security data element extraction module, network security situation analysis module, network security situation prediction module, and network security situation visualization module. And the technical details of modules are denoted in this paper, that includes K-means clustering, PCA feature extraction, Bayesian network, artificial neural network, etc. The model has the abilities of continuous monitoring, threat early warning, visual data presentation with multi angles, and the function design of modular and pluggable middleware. The model would provide data protection service and trustaccessment serviceaccording to different combination of model applications. The model could improve the monitoring and alert ability of network security situation awareness system effectively.

Key words: network security situation awareness, vulnerability detection, data preprocessing, situation analysis, situation prediction

CLC Number:

TP309

ZHAO Zhiyan, JI Xiaomo. Research on the Intelligent Fusion Model of Network Security Situation Awareness[J]. Netinfo Security, 2020, 20(4): 87-93.

Figures/Tables 2

References 29

[1]	LIU Zhongqiang, YU Chengli.Exploring the Security Defense Strategy of Computer Virus in LAN from Wannacry Blackmail Virus[J]. Security Science and Technology, 2017(6): 18-21.
	刘中强,于成丽.从Wannacry勒索病毒着手探究局域网内计算机病毒的安全防御策略[J]. 保密科学技术,2017(6):18-21.
[2]	CIO. Inventory of Top Ten Data Leakage Security Events in 2018[EB/OL]. , 2018-12-18.
	CIO. 2018年十大数据泄露安全事件盘点[EB/OL]. , 2018-12-18.
[3]	FreeBuf.2020 Network Security Industry Trend Forecast[EB/OL]. , 2020-1-5.
	FreeBuf.2020年网络安全行业趋势预测[EB/OL]. , 2020-1-5.
[4]	Xinhuatone. With the Popularization of Internet, Network Security has Received Unprecedented Attention[EB/OL]. , 2019-8-23.
	新经网. 随着互联网普及网络安全受到了前所未有的关注[EB/OL]. , 2019-8-23.
[5]	LI Yan, HUANG Guangqiu, WANG Chunzi, et al.Analysis Framework of Network Security Situational Awareness and Comparison of Implementation Methods[J]. EURASIP Journal on Wireless Communications and Networking, 2019(1): 1-32.
[6]	STEINBERGA N, BOWMAN C L, WHITE F E. Revisions to the JDL Data Fusion Model[EB/OL]. , 2019-12-10.
[7]	YUAN Yuan, SUN Fuchun. Secure the Control System Against DoS Attacks: A JDL Data Fusion Method[EB/OL]. , 2019-12-10.
[8]	BASST. Intrusion Detection Systems and Multisensor Data Fusion[J]. Communications of the ACM, 2000, 43(4): 99-105.
[9]	LAI Te.Research on Logfusion Technology of Network Security Appliances[D]. Chengdu: University of Electronic Science and technology, 2015.
	赖特. 网络安全设备日志融合技术研究[D]. 成都:电子科技大学,2015.
[10]	ZHAO Guosheng, WANG Huiqiang, WANG Jian.A Situation Awareness Model of Network Security Based on Grey Verhulst Model[J]. Journal of Harbin University of Technology, 2008, 40(5): 798-801.
	赵国生,王慧强,王健.基于灰色Verhulst的网络安全态势感知模型[J].哈尔滨工业大学学报,2008,40(5):798-801.
[11]	LIU Xiaowu, WANG Huiqiang, LIANG Ying, et al.Network Security Situation Awareness Model Based on Heterogeneous Multi-sensor Fusion[J]. Computer Science, 2008, 35(8): 69-73.
	刘效武,王慧强,梁颖,等.基于异质多传感器融合的网络安全态势感知模型[J].计算机科学,2008,35(8):69-73.
[12]	LIU Xiaowu, WANG Huiqiang, YU Jiguo, et al.Network Security Situation Awareness Model Based on Multi-source Fusion[J]. Journal of PLA University of Science and Technology(Natural Science Edition), 2012(4): 53-57.
	刘效武,王慧强,禹继国,等.基于多源融合的网络安全态势感知模型[J]. 解放军理工大学学报(自然科学版),2012(4):53-57.
[13]	HUI Xinya, LIU Jianhua, LIU Hao.Construction and Analysis of Network Security Situation Awareness Model Based on Colored Petri Nets[J]. Computer and Digital Engineering, 2019, 47(2): 393-401.
	惠馨雅,刘建华,刘浩. 基于有色Petri网的网络安全态势感知模型构建及分析[J]. 计算机与数字工程,2019,47(2):393-401.
[14]	CAI Yuancui, DU Hongyan, WANG Xin.Network Security Situation Awareness Platform Based on Generating Countermeasure Network[J]. Information Technology and Network Security, 2019, 38(8): 1-5.
[15]	CHENG Jiagen.Network Security Situation Awareness Based on RBF Neural Networks[J]. Journal of Nanjing University of Posts and Telecommunications(Natural Science Edition), 2019, 39(4): 88-95.
	程家根. 基于RBF神经网络的网络安全态势感知[J]. 南京邮电大学学报(自然科学版),2019,39(4):88-95.
[16]	LI Weichao, ZHANG Zheng, WANG Liqun, et al.A Web Threat Situation Analysis Method with Pseudo Structure[J]. Computer Engineering, 2019, 45(8): 1-6.
	李卫超,张铮,王立群,等. 一种拟态构造的Web威胁态势分析方法[J]. 计算机工程,2019,45(8):1-6.
[17]	GERHARDS R. The Syslog Protocol[EB/OL]. , 2019-12-10.
[18]	STALLINGS W. SNMP, NMPv2, SNMPv3, and RMON 1 and 2(paperback)[EB/OL]. , 2019-12-10.
[19]	HOFFMAN P. The Telnet URI Scheme[EB/OL]. , 2019-12-10.
[20]	MINAR P, DYMÁCEK TD. NetFlow Data Visualization Based on Graphs[EB/OL]. , 2019-12-10.
[21]	GRANT J D, SOMERS L, ZHANG Yue, et al. FGDP: Functional Genomics Data Pipeline for Automated, Multiple Microarray Data Analyses[EB/OL]. , 2019-12-10.
[22]	DENG Xiaobei, CHEN Youqing.Data Integration Method for Customer Oriented Data Warehouse[J]. Modern Computer, 2002(5): 42-45.
	邓晓蓓,陈有青. 面向客户数据仓库的数据集成方法[J]. 现代计算机,2002(5):42-45.
[23]	WOLD S, ESBENSEN K, GELADI P.Principal Component Analysis[J]. Chemometrics & Intelligent Laboratory Systems, 1987, 2(1): 37-52.
[24]	MAO Wei, SONG Yangdong, WANG Dapeng, et al.Research on Data Fusion Based on Bayesian Network with Weight[J]. Missile and Space Launch Technology, 2014(5): 52-59.
	毛伟,宋扬东,汪大鹏,等.基于带权重的贝叶斯网络数据融合研究[J]. 导弹与航天运载技术,2014(5):52-59.
[25]	HE Yanghui, ZHOU Haiying.Research on Multi-source Information Fusion Technology Based on Artificial Neural Network[J]. Computer Knowledge and Technology, 2009, 5(1): 149-150.
	贺养慧,周海英.基于人工神经网络的多源信息融合技术研究[J].电脑知识与技术,2009,5(1):149-150.
[26]	GUO Jinyu, ZHANG Zhongbin, SUN Qingyun.Study and Applications of Analytic Hierarchy Process[J]. Chinese Journal of Safety Sciences, 2008(5): 152-157.
	郭金玉,张忠彬,孙庆云.层次分析法的研究与应用[J]. 中国安全科学学报,2008(5):152-157.
[27]	REN Wei, JIANG Xinghao, SUN Xuefeng.RBFNN-based Prediction of Networks Security Situation[J]. Computer Engineering and Application, 2006, 42(31): 140-142, 148.
	任伟,蒋兴浩,孙锬锋. 基于RBF神经网络的网络安全态势预测方法[J]. 计算机工程与应用,2006,42(31):140-142,148.
[28]	WANG Caiyin.Assessment of Network Security Situation Based on GreyrelationAlanalysisand SupportVector Machine[J]. Computer Application Research, 2013, 30(6): 265-268.
	汪材印. 灰色关联分析和支持向量机相融合的网络安全态势评估[J]. 计算机应用研究,2013,30(6):265-268.
[29]	XU Ruzhi, CHANG Taihua, LV Guangjuan.Research on Prediction Method of Network Security Situation Based on Time Series[J]. Practice and Understanding of Mathematics, 2010(12): 124-131.
	徐茹枝,常太华,吕广娟. 基于时间序列的网络安全态势预测方法的研究[J]. 数学的实践与认识,2010(12):124-131.