基于卷积神经网络多源融合的网络安全态势感知模型  被引量：15

作　　者：常利伟[1,2] 刘秀娟 钱宇华 耿海军 赖裕平[4] CHANG Liwei;LIU Xiujuan;QIAN Yuhua;GENG Haijun;LAI Yuping(School of Information,Shanxi University of Finance and Economics,Taiyuan 030006,China;Institute of Big Data Science and Industry,Shanxi University,Taiyuan 030006,China;School of Automation and Software,Shanxi University,Taiyuan 030006,China;School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China)

机构地区：[1]山西财经大学信息学院,太原030006 [2]山西大学大数据科学与产业研究院,太原030006 [3]山西大学自动化与软件学院,太原030006 [4]北京邮电大学网络空间安全学院,北京100876

出　　处：《计算机科学》2023年第5期382-389,共8页Computer Science

基　　金：山西省自然科学基金(20210302124290);山西省教育科学“十四五”规划项目(GH-21600);山西省重点研发国际科技合作项目(201903D421003);国家自然科学基金(62002210)。

摘　　要：为了准确获取整个网络的安全态势,设计了一种包含流量探测、属性提炼、决策引擎、多源融合和态势评估五大核心环节的网络安全态势感知模型。流量探测指,以网络流量探测器和入侵检测探测器为工具对流量进行监测,分别抓取流量基础特征和恶意活动特征;属性提炼指,以准确地提炼核心属性为目的,重点关注能够刻画恶意活动特征的报警信息、报警类别和连接属性;决策引擎指,以属性提炼生成的各探测器的核心属性数据为输入,以卷积神经网络为引擎识别各种攻击;多源融合指,采用指数加权的D-S融合方法有效地融合各决策引擎的输出结果,提升攻击识别率;态势评估指,借助权系数理论有效地量化威胁等级,利用层次化分析方法准确地获取整个网络的安全态势。实验结果表明,不同探测器探测到的数据对各类攻击识别的差异较大,多源融合算法可将攻击识别的准确率提升到92.76%,在准确率指标上优于多数研究成果,准确率的提升有助于层次化网络分析方法更加准确地计算整个网络的安全态势。For accurately calculating security situation of the whole network,a network security situation awareness model with five core elements is elaborated,which are traffic detection,attribute extraction,decision engine,multi-source fusion and situation assessment.In the traffic detection module,the network traffic detector and the intrusion detection detector are taken as a tool to grab the basic characteristics of traffic and malicious activity characteristics respectively;in the attribute extraction module,with the aim of precisely extracting key attributes,alarm messages,alarm types and connection characteristics,which contribute to describe malicious activities,are the center of attention;in the decision engine module,the key attribute data from attribute extraction is utilized as input,and CNN as an engine is employed to identify various kinds of attacks;in the multi-source fusion module,exponential weighted D-S fusion algorithm is used to effectively integrate the output of each decision engine to improve the identification rate of attack types;in the situation assessment module,in virtue of weight coefficient theory the threat levels are quantified,the hierarchical analysis method is applied to exactly get security situation of the whole network.Experimental results show that,there is a great difference in identifying varieties of attacks for different detectors,the proposed multi-source fusion algorithm can improve the accuracy of attack identification which can reach up to 92.76%,in such accuracy index our results are better than most research achievements,and the improvement of accuracy makes a great impact on accurately calculating and intuitively reflecting security situation of the whole network by means of hierarchical analysis method.

关 键 词：网络安全态势感知 攻击识别 卷积神经网络 多源融合算法 层次化分析方法 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]