Journal of Computer Applications ›› 2015, Vol. 35 ›› Issue (7): 1882-1887.DOI: 10.11772/j.issn.1001-9081.2015.07.1882

Previous Articles     Next Articles

Network security situational awareness model based on information fusion

LI Fangwei, ZHANG Xinyue, ZHU Jiang, ZHANG Haibo   

  1. Chongqing Key Laboratory of Mobile Communications Technology (Chongqing University of Posts and Telecommunications), Chongqing 400065, China
  • Received:2015-01-29 Revised:2015-03-29 Online:2015-07-10 Published:2015-07-17

基于信息融合的网络安全态势评估模型

李方伟, 张新跃, 朱江, 张海波   

  1. 移动通信技术重庆市重点实验室(重庆邮电大学), 重庆 400065
  • 通讯作者: 张新跃(1990-),男,江苏连云港人,硕士研究生,主要研究方向:态势感知,414200842@qq.com
  • 作者简介:李方伟(1960-),男,重庆南岸人,教授,博士生导师,主要研究方向:信息安全; 朱江(1977-),男,湖北荆州人,副教授,博士,主要研究方向:认知无线电; 张海波(1979-),男,重庆南岸人,讲师,博士,主要研究方向:无线资源优化。
  • 基金资助:

    国家自然科学基金资助项目(61271260, 61301122);教育部科学研究重点项目(212145)。

Abstract:

Since the evaluation of Distributed Denial of Service (DDoS) is inaccurate and network security situational evaluation is not comprehensive, a new network security situational awareness model based on information fusion was proposed. Firstly, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed; Secondly, the original Common Vulnerability Scoring System (CVSS) was improved and the leak vulnerability was evaluated to make the assessment more comprehensive; Then, according to the combination of objective weight and subjective weight, the method of calculating the combined weights and optimizing the results by Sequence Quadratic Program (SQP) algorithm was raised to reduce the uncertainty of fusion; Finally, the network security situation was got by fusing three aspects evaluation. To verify the original evaluation of DDoS was inaccurate, a testing platform was built and the alarm of the same DDoS differed by 3 orders of magnitude. Compared to the original method based on alarm, the steady and accurate result of evaluation was obtained based on data packet. The experimental results show that the proposed method can improve the accuracy of evaluation results.

Key words: Distributed Denial of Service (DDoS) evaluation, Common Vulnerability Scoring System (CVSS), combined weight, Sequence Quadratic Program (SQP), situation assessment

摘要:

针对分布式拒绝服务(DDoS)攻击评估不准确和网络安全态势评估不全面的问题,提出了一种基于信息融合的网络安全态势评估模型。首先,提出了以数据包信息为原始数据的DDoS攻击威胁评估方法,提高了评估的准确性;然后,对原有的通用弱点评价体系(CVSS)进行改进并对漏洞脆弱性进行评估,使得评估更加全面;其次,结合客观权重和主观权重,并以序列二次规划(SQP)算法对组合权重进行寻优,降低了融合的不确定性;最后,将三者进行融合得到网络的安全态势。通过搭建入侵检测平台,利用不同的规则库,针对相同DDoS 攻击的报警数会相差3 个数量级,与依赖报警数评估方法相比,以数据包信息评估DDoS 攻击的方法可得到准确的DDoS攻击威胁态势。仿真对比结果表明,提出的模型和方法能够提高评估结果准确度。

关键词: 拒绝服务攻击评估, 通用弱点评价体系, 组合权重, 序列二次规划, 态势评估

CLC Number: