基于融合模型的网络安全态势感知方法  被引量：2

作　　者：郭尚伟 刘树峰 李子铭 欧阳德强 王宁[1] 向涛[1] GUO Shangwei;LIU Shufeng;LI Ziming;OUYANG Deqiang;WANG Ning;XIANG Tao(College of Computer Science,Chongqing University,Chongqing 400044,China)

机构地区：[1]重庆大学计算机学院,重庆400044

出　　处：《计算机工程》2024年第11期1-9,共9页Computer Engineering

基　　金：国家重点研发计划(2022YFB3103501);国家自然科学基金(62101079);重庆市自然科学基金面上项目(cstc2021jcyj-msxm0465);重庆市留学人员回国创业创新支持计划(cx2021012)。

摘　　要：伴随着网络技术的飞速发展,网络安全面临的风险也日益增加,网络攻击呈现复杂化、多样化的特征,给现有网络攻击应对措施带来了巨大挑战。态势感知技术作为一种新兴概念,为网络安全领域带来了新的思路。针对现有网络安全态势感知方法存在数据特征提取及较长时间序列数据处理能力不足的问题,提出一种融合堆栈稀疏自编码器(SSAE)、卷积神经网络(CNN)、双向门控循环单元(BiGRU)和注意力机制(AM)的模型。通过SSAE和CNN提取数据特征,利用AM强化BiGRU对关键信息的关注度,实现对异常流量的攻击类别判定,并结合网络安全态势量化指标,对网络安全态势进行量化评分并划分等级。实验结果表明,融合模型在各项指标上均优于传统深度学习模型,能够准确感知网络态势。Cybersecurity threats are becoming increasingly prevalent with the rapid advancement of Internet technologies.Cyberattacks exhibiting high complexity and diversity,are posing significant challenges to existing defense mechanisms.As an emerging concept,situation awareness technology offers new approaches to enhancing cybersecurity defense.However,the current cybersecurity situation awareness methods suffer from limited data feature extraction capabilities and inadequate handling of long-term sequential data.To address these issues,this study proposes a fusion model that integrates Stack Sparse Auto-Encoder(SSAE),Convolutional Neural Network(CNN),Bidirectional Gated Recurrent Unit(BiGRU),and Attention Mechanism(AM).By utilizing SSAE and CNN to extract data features and enhancing the focus on critical information through the AM in the BiGRU model,the proposed model aims to classify the attack categories of abnormal traffic.In conjunction with the network security situational quantification indicators proposed in this study,the network security situation is quantitatively evaluated and classified.The experimental results demonstrate that the proposed fusion model outperforms traditional deep learning models in various metrics,enabling an accurate perception of the network situation.

关 键 词：态势感知 威胁检测 堆叠稀疏自编码器 卷积神经网络 双向门控循环单元 注意力机制 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]