Research on Network Local Security Situation Fusion Method Based on Self-Attention Mechanism

doi:10.3969/j.issn.1671-1122.2024.03.006

Abstract

Abstract:

Addressing the issue of traditional network security situation awareness methods being inefficient at integrating multi-node data to obtain a global network security situation, this article proposed a network local security situation fusion method named SA-RBF-CNN, based on self-attention mechanism, radial basis function (RBF) neural network, and convolutional neural network (CNN). Through the self-attention mechanism, the model effectively identifies and emphasizes key nodes, enhancing the understanding of the global security situation. Meanwhile, the improved RBF structure combined with CNN further refines features, boosting the model’s ability to capture complex data patterns. Experimental results show that SA-RBF-CNN outperforms other similar methods in key indicators of network security situation prediction. Compared to traditional situation awareness methods, it increases computational speed and reduces communication overhead, proving that the model has certain practical application value.

Key words: network security situation awareness, self-attention mechanism, deep learning, radial basis function neural network

CLC Number:

TP309

YANG Zhipeng, LIU Daidong, YUAN Junyi, WEI Songjie. Research on Network Local Security Situation Fusion Method Based on Self-Attention Mechanism[J]. Netinfo Security, 2024, 24(3): 398-410.

Figures/Tables 15

References 28

[1]	D’AMBROSIO B, TAKIKAWA M, FITZGERALD J, et al. Security Situation Assessment and Response Evaluation (SSARE)[C]// IEEE. Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX’01. New York:IEEE, 2001: 387-394.
[2]	GONG Jian, ZANG Xiaodong, SU Qi, et al. A Review of Network Security Situation Awareness[J]. Journal of Software, 2017, 28(4): 1010-1026.
	龚俭, 臧小东, 苏琪, 等. 网络安全态势感知综述[J]. 软件学报, 2017, 28(4):1010-1026.
[3]	ENDSLEY M R. Design and Evaluation for Situation Awareness Enhancement[J]. Proceedings of the Human Factors Society Annual Meeting, 1988, 32(2): 97-101. doi: 10.1177/154193128803200221 URL
[4]	BASS T. Multisensor Data Fusion for Next Generation Distributed Intrusion Detection Systems[J]. Proceedings of the IRIS National Symposium on Sensor and Data Fusion, 1999, 24(28): 24-27.
[5]	BASS T. Intrusion Detection Systems and Multisensor Data Fusion[J]. Communications of the ACM, 2000, 43(4): 99-105.
[6]	TAO Yuan, HUANG Tao, ZHANG Mohan, et al. Research and Development Trend Analysis of Key Technologies for Cyberspace Security Situation Awareness[J]. Netinfo Security, 2018, 18(8): 79-85.
	陶源, 黄涛, 张墨涵, 等. 网络安全态势感知关键技术研究及发展趋势分析[J]. 信息网络安全, 2018, 18(8):79-85.
[7]	HUSÁK M, KOMÁRKOVÁ J, BOU-HARB E, et al. Survey of Attack Projection, Prediction, and Forecasting in Cyber Security[J]. IEEE Communications Surveys & Tutorials, 2019, 21(1): 640-660.
[8]	HU Chuhang, LIU Guikai, LI Ming. A Network Security Situation Prediction Method Based on Attention-CNN-BiGRU[C]// IEEE. 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). New York: IEEE, 2022: 257-262.
[9]	XIE Lixia, WANG Yachao, YU Jinbo. Network Security Situation Awareness Based on Neural Networks[J]. Journal of Tsinghua University (Science and Technology), 2013, 53(12): 1750-1760.
	谢丽霞, 王亚超, 于巾博. 基于神经网络的网络安全态势感知[J]. 清华大学学报(自然科学版), 2013, 53(12):1750-1760.
[10]	YU Qing, ZHENG Chonghui, DU Ye. Research on Key Technologies of Security Situation Assessment for the Virtual Layer of Cloud Platform[J]. Netinfo Security, 2020, 20(7): 53-59.
	余晴, 郑崇辉, 杜晔. 面向云平台虚拟层的安全态势评估关键技术研究[J]. 信息网络安全, 2020, 20(7):53-59.
[11]	CHEN Zhihua. Research on Internet Security Situation Awareness Prediction Technology Based on Improved RBF Neural Network Algorithm[J]. Journal of Computational and Cognitive Engineering, 2022, 1(3): 103-108. doi: 10.47852/bonviewJCCE149145205514 URL
[12]	ELMAN J L. Distributed Representations, Simple Recurrent Networks, and Grammatical Structure[J]. Machine Learning, 1991, 7: 195-225.
[13]	ZHANG Haofang, KANG Chunying, XIAO Yao. Research on Network Security Situation Awareness Based on the LSTM-DT Model[J]. Sensors, 2021, 21(14): 4788. doi: 10.3390/s21144788 URL
[14]	ZHANG Shengcai, FU Qiming, AN Dezhi. Network Security Situation Prediction Model Based on VMD Decomposition and DWOA Optimized BiGRU-ATTN Neural Network[J]. IEEE Access, 2023, 11: 129507-129535. doi: 10.1109/ACCESS.2023.3333666 URL
[15]	GUO Qipeng, QIU Xipeng, XUE Xiangyang, et al. Low-Rank and Locality Constrained Self-Attention for Sequence Modeling[J]. IEEE/ACM Transactions on Audio, Speech, and Language Processing, 2019, 27(12): 2213-2222. doi: 10.1109/TASLP.6570655 URL
[16]	MEI Xiaoguang, PAN E, MA Yong, et al. Spectral-Spatial Attention Networks for Hyperspectral Image Classification[J]. Remote Sensing, 2019, 11(8): 963. doi: 10.3390/rs11080963 URL
[17]	LI Jiyu, FU Zhangjie, ZHANG Yubin. An Image Information Hiding Algorithm Based on Cross-Domain Adversarial Adaptation[J]. Netinfo Security, 2023, 23(1): 93-102.
	李季瑀, 付章杰, 张玉斌. 一种基于跨域对抗适应的图像信息隐藏算法[J]. 信息网络安全, 2023, 23(1):93-102.
[18]	HU Chuhang, LIU Guikai, LI Ming. A Network Security Situation Prediction Method Based on Attention-CNN-BiGRU[C]// IEEE. 2022 IEEE 25th International Conference on Computer Supported Cooperative Work in Design (CSCWD). New York: IEEE, 2022: 257-262.
[19]	ZHAO Dongmei, SHEN Pengcheng, ZENG Shuiguang. ALSNAP: Attention-Based Long and Short-Period Network Security Situation Prediction[J]. Ad Hoc Networks, 2023, 150: 103279. doi: 10.1016/j.adhoc.2023.103279 URL
[20]	CHENG Jiagen, QI Zhenghua, CHEN Tianfu. Network Security Situation Awareness Based on RBF Neural Network[J]. Journal of Nanjing University of Posts and Telecommunications (Natural Science), 2019, 39(4):88-95.
	程家根, 祁正华, 陈天赋. 基于RBF神经网络的网络安全态势感知[J]. 南京邮电大学学报(自然科学版), 2019, 39(4):88-95.
[21]	YAO Chengpeng, YANG Yu, YIN Kun. Research on Network Security Situation Prediction Method Based on AM and LSTM Hybrid Neural Network[C]// IEEE. 2021 8th International Forum on Electrical Engineering and Automation (IFEEA). New York: IEEE, 2021: 322-330.
[22]	ZHAO Dongmei, SONG Huiqian, ZHANG Hongbin. Network Security Situation Assessment Based on Time Factor and Composite CNN Structure[J]. Computer Science, 2021, 48(12): 349-356. doi: 10.11896/jsjkx.210400227
	赵冬梅, 宋会倩, 张红斌. 基于时间因子和复合CNN结构的网络安全态势评估[J]. 计算机科学, 2021, 48(12):349-356. doi: 10.11896/jsjkx.210400227
[23]	CHANG Liwei, LIU Xiujuan, QIAN Yuhua, et al. Network Security Situation Awareness Model Based on Multi-Source Fusion of Convolutional Neural Networks[J]. Computer Science, 2023, 50(5): 382-389. doi: 10.11896/jsjkx.220400134
	常利伟, 刘秀娟, 钱宇华, 等. 基于卷积神经网络多源融合的网络安全态势感知模型[J]. 计算机科学, 2023, 50(5):382-389. doi: 10.11896/jsjkx.220400134
[24]	VAN P J M, PEDRYCZ W. A Fuzzy Extension of Saaty’s Priority Theory[J]. Fuzzy Sets and Systems, 1983, 11(1-3): 229-241. doi: 10.1016/S0165-0114(83)80082-7 URL
[25]	MOUSTAFA N, SLAY J. UNSW-NB15:A Comprehensive Dataset for Network Intrusion Detection Systems (UNSW-NB15 Network Dataset)[C]// IEEE. 2015 Military Communications and Information Systems Conference (MilCIS). New York: IEEE, 2015: 1-6.
[26]	WANG Yixuan, ZHAO Bo, LI Weidong, et al. An Ontology-Centric Approach for Network Security Situation Awareness[C]// IEEE. 2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC). New York: IEEE, 2023: 777-787.
[27]	XIAO Lin, BOYD S. Fast Linear Iterations for Distributed Averaging[J]. Systems & Control Letters, 2004, 53(1): 65-78. doi: 10.1016/j.sysconle.2004.02.022 URL
[28]	MCMAHAN B, MOORE E, RAMAGE D, et al. Communication-Efficient Learning of Deep Networks from Decentralized Data[C]// PMLR. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. New York: PMLR, 2017: 1273-1282.

威胁名称	威胁中文名称	威胁危险度	描述
Normal	正常	0.000	未受到攻击
Fuzzers	模糊攻击	0.925	通过提供随机生成的数据使网络暂停
Analysis	分析攻击	0.961	包含端口扫描、垃圾邮件等不同的攻击
Backdoors	后门	1.190	绕过系统安全机制秘密访问数据
DoS	拒绝服务攻击	0.914	恶意尝试使服务器或网络资源对用户不可用
Exploits	渗透攻击	1.202	利用程序的漏洞获得控制权
Generic	通用攻击	0.913	一种适用于所有分组密码的攻击
Reconnaissance	侦察攻击	0.942	使攻击者获得更多有关受害者的信息
Shellcode	漏洞代码	1.301	一段利用软件漏洞执行的代码
Worms	恶性计算机病毒	1.144	复制自身以传播到其他计算机的病毒

SA-RBF-CNN模型参数	参数值
学习率	0.001
自注意力头数	1
RBF基函数数量	64
RBF参数gamma	0.2
RBF中心点选取方法	K-Means
CNN卷积核数	64
卷积核尺寸	（3,3）
池化层尺寸	（2,2）
损失函数	MAE
优化器	Adam
训练轮数	500

数据集	模型	MSE	MAPE	R2拟合系数
UNSW-NB15	SA-RBF-CNN(本文方法)	0.0011	1.20%	0.978
	FedAvg	0.0020	2.36%	0.914
	LD	0.0023	2.47%	0.901
	SSAO	0.0038	4.90%	0.862
CIC-IDS2020	SA-RBF-CNN(本文方法)	0.0006	0.77%	0.948
	FedAvg	0.0014	1.32%	0.904
	LD	0.0018	1.68%	0.883
	SSAO	0.0027	2.34%	0.831

模型	MSE	MAPE	R2拟合系数
Self-Attention	0.0670	5.42%	0.758
SA-RBF	0.0380	3.28%	0.826
RBF-CNN	0.0230	2.47%	0.901
SA-CNN	0.0035	1.74%	0.948
SA-RBF-CNN	0.0011	1.20%	0.978