网络空间对抗防御中的智能监测技术研究  被引量：6

作　　者：郭世泽 王小娟[2] 何明枢 任传伦 俞赛赛 GUO Shize;WANG Xiaojuan;HE Mingshu;REN Chuanlun;YU Saisai(School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China;School of Electronic Engineering,Beijing University of Posts and Telecommunications,Beijing 100876,China;No.30 Institute of CETC,Chengdu Sichuan 610041,China)

机构地区：[1]北京邮电大学网络空间安全学院,北京100876 [2]北京邮电大学电子工程学院,北京100876 [3]中国电子科技集团公司第三十研究所,四川成都610041

出　　处：《信息安全与通信保密》2021年第11期79-94,共16页Information Security and Communications Privacy

基　　金：国家自然科学基金项目(No.62071056)。

摘　　要：网络空间数据流观测与威胁行为分析是国家网络空间安全防御中的重要方向。为应对国家网络空间大规模数据流观测和不断涌现的网络威胁对抗防御重大需求,针对传统基于时域、依赖先验知识的网络数据流威胁监测方法存在分析效率低、准确率低、误报率高等不足,在调研分析现有网络流智能检测技术和提取公开科学问题的基础上,借鉴电磁世界频谱、光谱理论,围绕“域变换”“谱推导”总体解决思路,提出网络空间流谱基础理论,给出流谱、变换空间的定义及网络流特征矩阵、流谱变换的数学表示,从可分离性、表征性出发给出了面向流谱变换的指标评估体系,基于网络流数据进行了基本可行性分析,初步验证流谱理论在网络威胁表征的可行性,以期从新的视角和对抗性思维理解认识网络空间和网络防御问题,为同行提供借鉴参考。Cyberspace data flow observation and threat behavior analysis are important directions in national cyberspace security defense.In order to meet the major needs of large-scale data flow observation in national cyberspace and emerging network threat defense,this paper focuses on the shortcomings of traditional network data flow threat monitoring methods that is based on time domain and rely on prior knowledge,such as low analysis efficiency,low accuracy and high false alarm rate.According to the investigation and analysis of existing network flow intelligent detection technology and extraction of open scientific problems,it proposes the basic theory of network space flow spectrum based on the electromagnetic world spectrum and spectrum theory,focuses on the overall solution of"domain transformation"and"spectrum derivation".This paper gives the definition of flow spectrum and transformation space,as well as the mathematical representation of network flow characteristic matrix and flow spectrum transformation based on the characterization.Besides,the flow spectrum theory gives an index evaluation system for flow spectrum transformation,which also makes a basic feasibility analysis based on network flow data,and preliminarily verifies the feasibility of flow spectrum theory in network threat characterization.It's hoped that this theory could provide reference for peers to understand cyberspace and network defense problems from a new perspective and confrontational thinking.

关 键 词：流谱 智能监测 对抗防御 域变换 安全感知 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]