基于信息融合的网络安全态势评估模型

doi:10.11772/j.issn.1001-9081.2015.07.1882

计算机应用 ›› 2015, Vol. 35 ›› Issue (7): 1882-1887.DOI: 10.11772/j.issn.1001-9081.2015.07.1882

基于信息融合的网络安全态势评估模型

李方伟, 张新跃, 朱江, 张海波

移动通信技术重庆市重点实验室(重庆邮电大学), 重庆 400065

收稿日期:2015-01-29 修回日期:2015-03-29 出版日期:2015-07-10 发布日期:2015-07-17
通讯作者: 张新跃(1990-),男,江苏连云港人,硕士研究生,主要研究方向:态势感知,414200842@qq.com
作者简介:李方伟(1960-),男,重庆南岸人,教授,博士生导师,主要研究方向:信息安全; 朱江(1977-),男,湖北荆州人,副教授,博士,主要研究方向:认知无线电; 张海波(1979-),男,重庆南岸人,讲师,博士,主要研究方向:无线资源优化。
基金资助:
国家自然科学基金资助项目(61271260, 61301122);教育部科学研究重点项目(212145)。

Network security situational awareness model based on information fusion

LI Fangwei, ZHANG Xinyue, ZHU Jiang, ZHANG Haibo

Chongqing Key Laboratory of Mobile Communications Technology (Chongqing University of Posts and Telecommunications), Chongqing 400065, China

Received:2015-01-29 Revised:2015-03-29 Online:2015-07-10 Published:2015-07-17

摘要/Abstract

摘要：

针对分布式拒绝服务(DDoS)攻击评估不准确和网络安全态势评估不全面的问题,提出了一种基于信息融合的网络安全态势评估模型。首先,提出了以数据包信息为原始数据的DDoS攻击威胁评估方法,提高了评估的准确性;然后,对原有的通用弱点评价体系(CVSS)进行改进并对漏洞脆弱性进行评估,使得评估更加全面;其次,结合客观权重和主观权重,并以序列二次规划(SQP)算法对组合权重进行寻优,降低了融合的不确定性;最后,将三者进行融合得到网络的安全态势。通过搭建入侵检测平台,利用不同的规则库,针对相同DDoS 攻击的报警数会相差3 个数量级,与依赖报警数评估方法相比,以数据包信息评估DDoS 攻击的方法可得到准确的DDoS攻击威胁态势。仿真对比结果表明,提出的模型和方法能够提高评估结果准确度。

关键词: 拒绝服务攻击评估, 通用弱点评价体系, 组合权重, 序列二次规划, 态势评估

Abstract:

Since the evaluation of Distributed Denial of Service (DDoS) is inaccurate and network security situational evaluation is not comprehensive, a new network security situational awareness model based on information fusion was proposed. Firstly, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed; Secondly, the original Common Vulnerability Scoring System (CVSS) was improved and the leak vulnerability was evaluated to make the assessment more comprehensive; Then, according to the combination of objective weight and subjective weight, the method of calculating the combined weights and optimizing the results by Sequence Quadratic Program (SQP) algorithm was raised to reduce the uncertainty of fusion; Finally, the network security situation was got by fusing three aspects evaluation. To verify the original evaluation of DDoS was inaccurate, a testing platform was built and the alarm of the same DDoS differed by 3 orders of magnitude. Compared to the original method based on alarm, the steady and accurate result of evaluation was obtained based on data packet. The experimental results show that the proposed method can improve the accuracy of evaluation results.

Key words: Distributed Denial of Service (DDoS) evaluation, Common Vulnerability Scoring System (CVSS), combined weight, Sequence Quadratic Program (SQP), situation assessment

中图分类号:

TP393.08

李方伟, 张新跃, 朱江, 张海波. 基于信息融合的网络安全态势评估模型[J]. 计算机应用, 2015, 35(7): 1882-1887.

LI Fangwei, ZHANG Xinyue, ZHU Jiang, ZHANG Haibo. Network security situational awareness model based on information fusion[J]. Journal of Computer Applications, 2015, 35(7): 1882-1887.

参考文献

[1] XU Z. Demand-oriented traffic measuring method for network security situation assessment [J]. Journal of Networks, 2014, 9(4): 221-224.
[2] FISCHER Y, BEYERER J. Ontologies for probabilistic situation assessment in the maritime domain [C]// CogSIMA 2013: Proceedings of the 2013 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support. Piscataway: IEEE, 2013: 102-105.
[3] BASS T. Intrusion detection systems & multisensor data fusion: cre-ating cyberspace situational awareness [J]. Communications of the ACM, 2000, 43(4): 99-105.
[4] GORODETSKY V, KARSAEV O, SAMOILOV V. On-line update of situation assessment based on asynchronous data streams [C]// Proceedings of the 8th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, LNCS 3213. Berlin: Springer, 2004: 1136-1142.
[5] FRIGAULT M, WANG L, SINGHAL A, et al. Measuring network security using dynamic Bayesian network [C]// Proceedings of the 4th ACM Workshop on Quality of Protection. New York: ACM, 2008: 23-30.
[6] WANG L, WANG B, PENG Y. Research the information security risk assessment technique based on Bayesian network [C]// Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering. Piscataway: IEEE, 2010: 600-604.
[7] JI X, PATTINSON C. AHP implemented security assessment and security weight verification [C]// Proceedings of the 2010 IEEE Second International Conference on Social Computing. Piscataway: IEEE, 2010: 1026-1031.
[8] CHEN X, ZHENG Q, GUAN X, et al. Quantitative hierarchical threat evaluation model for network security [J]. Journal of Software, 2006, 17(4):885-897.(陈秀真,郑庆华,管晓宏,等.层次化网络安全威胁态势量化评估方法[J].软件学报,2006,17(4):885-897.)
[9] FU Y, WU X, YE Q. Approach for information systems security situation evaluation using improved FAHP and Bayesian network [J]. Journal on Communications, 2009, 30(9): 135-140.(付钰,吴晓平,叶青.基于改进FAHP-BN的信息系统安全态势评估方法[J].通信学报,2009,30(9):135-140.)
[10] LIU Q, ZHANG C, ZHANG Y, et al. Research on key technology of vulnerability threat classification [J]. Journal on Communications, 2012, 33(Z1): 79-86.(刘奇旭,张翀斌,张玉清,等.安全漏洞等级划分关键技术研究[J].通信学报,2012,33(Z1):79-86.)
[11] HU W, LI J, CHEN X, et al. Improved design of the scalable net-work security situation model [J]. Journal of University of Electronic Science and Technology of China, 2009, 38(1): 113-116.(胡威,李建华,陈秀真,等.可扩展的网络安全态势评价模型优化设计[J].电子科技大学学报,2009,38(1):113-116.)
[12] LI C, ZHAO J, ZHEN X. Network security situational awareness method of multi-period assessment [J]. Journal of Computer Applications, 2013, 33(12): 3506-3510.(李淳,赵健保,申晓留.多评估时间段的网络安全态势感知方法[J].计算机应用,2013,33(12):3506-3510.)
[13] MIT Lincoln Laboratory. 2000 DARPA intrusion detection scenario specific data sets [EB/OL]. [2014-12-20]. http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000data.html.
[14] ROESCH M, GREEN C. Snort users manual [EB/OL]. [2014-12-20]. http://manual.snort.org/snort_manual.html.

基于信息融合的网络安全态势评估模型

Network security situational awareness model based on information fusion

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 9

编辑推荐

Metrics

[1]	孙圣姿, 万源, 曾成. 自适应嵌入的半监督多视角特征降维方法[J]. 计算机应用, 2018, 38(12): 3391-3398.
[2]	谢丽霞, 王志华. 基于布谷鸟搜索优化BP神经网络的网络安全态势评估方法[J]. 计算机应用, 2017, 37(7): 1926-1930.
[3]	李方伟, 李骐, 朱江. 改进的基于隐马尔可夫模型的态势评估方法[J]. 计算机应用, 2017, 37(5): 1331-1334.
[4]	王坤, 邱辉, 杨豪璞. 基于攻击模式识别的网络安全态势评估方法[J]. 计算机应用, 2016, 36(1): 194-198.
[5]	陈珍, 夏靖波, 杨娟, 韦泽鲲. 基于MapReduce的支持向量机态势评估算法[J]. 计算机应用, 2016, 36(1): 133-137.
[6]	文志诚, 曹春丽, 周浩. 基于朴素贝叶斯分类器的网络安全态势评估方法[J]. 计算机应用, 2015, 35(8): 2164-2168.
[7]	李方伟杨绍成朱江. 基于模糊层次法的改进型网络安全态势评估方法[J]. 计算机应用, 2014, 34(9): 2622-2626.
[8]	汪永伟刘育楠赵荣彩司成邱卫. 基于改进证据理论的态势评估方法[J]. 计算机应用, 2014, 34(2): 491-495.
[9]	张丹郑瑞娟吴庆涛代玉梅. 基于自律计算的网络安全态势感知模型[J]. 计算机应用, 2013, 33(02): 404-407.