复杂网络环境下面向威胁监测的采集策略精化方法

李凤华; 李子孚; 李凌; 张铭; 耿魁; 郭云川

doi:10.11959/j.issn.1000-436x.2019096

您当前的位置：

首页 >

文章列表页 >

复杂网络环境下面向威胁监测的采集策略精化方法

学术论文 | 更新时间：2024-06-05

- 复杂网络环境下面向威胁监测的采集策略精化方法
- Collection policy refining method for threat monitoring in complex network environment
- 通信学报 2019年40卷第4期页码：49-61
- 作者机构：
  
  1. 中国科学院信息工程研究所，北京 100093
  2. 中国科学院大学网络空间安全学院，北京 100049
  3. 通信网信息传输与分发技术重点实验室，河北石家庄 050081
  4. 西安电子科技大学网络与信息安全学院，陕西西安 710071
- 作者简介：
  
  [ "李凤华（1966- ），男，湖北浠水人，博士，中国科学院研究员、博士生导师，主要研究方向为网络与系统安全、信息保护、隐私计算。" ]
  [ "李子孚（1992- ），女，内蒙古赤峰人，中国科学院博士生，主要研究方向为访问控制、安全策略管理。" ]
  [ "李凌（1993- ），女，湖南浏阳人，中国科学院硕士生，主要研究方向为安全策略管理。" ]
  [ "张铭（1997- ），男，浙江宁波人，主要研究方向为访问控制。" ]
  [ "耿魁（1989- ），男，湖北红安人，博士，中国科学院助理研究员，主要研究方向为网络安全。" ]
  [ "郭云川（1977- ），男，四川营山人，博士，中国科学院副研究员、博士生导师，主要研究方向为访问控制、形式化方法。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2016YFB0801001);国家自然科学基金资助项目(61672515);中国科学院大学生创新实践训练计划基金资助项目
- DOI：10.11959/j.issn.1000-436x.2019096
  中图分类号： TP302
- 网络出版日期：2019-04，
  
  纸质出版日期：2019-04-25
- 稿件说明：
移动端阅览
李凤华, 李子孚, 李凌, 等. 复杂网络环境下面向威胁监测的采集策略精化方法[J]. 通信学报, 2019,40(4):49-61.

Fenghua LI, Zifu LI, Ling LI, et al. Collection policy refining method for threat monitoring in complex network environment[J]. Journal on communications, 2019, 40(4): 49-61.
李凤华, 李子孚, 李凌, 等. 复杂网络环境下面向威胁监测的采集策略精化方法[J]. 通信学报, 2019,40(4):49-61. DOI： 10.11959/j.issn.1000-436x.2019096.

Fenghua LI, Zifu LI, Ling LI, et al. Collection policy refining method for threat monitoring in complex network environment[J]. Journal on communications, 2019, 40(4): 49-61. DOI： 10.11959/j.issn.1000-436x.2019096.

摘要

个性化采集策略是有效监测复杂网络环境面临的威胁的必要条件之一，然而安全需求和威胁类型差异等导致难以有效生成个性化的采集策略。针对上述问题，设计了面向威胁监测的采集策略自动精化方法。首先，提出了采集策略层次模型；然后，将威胁类型到采集项的精化转化为采集收益和采集成本平衡的非线性优化问题，并利用遗传算法进行求解；最后，通过模拟实验，验证可根据高层监测需求自动生成采集方案。

Abstract

Personalized collect policy is one of the necessary conditions for effectively monitoring threats in the complex network environment.However

differences in security requirements and threat types make it difficult to effectively generate personalized collect policy.To address the above problem

a collection policy automatic refinement method was designed.Firstly

a hierarchical model of collection policy was proposed.Then

by transforming the policy refinement into a nonlinear optimization problem

a genetic algorithm was designed to balance between collection revenue and collection cost.Finally

simulation experiments verify that according to the requirements of high-level monitoring

the acquisition scheme can be automatically generated.

关键词

Keywords

references

李凤华 , 熊金波 . 复杂网络环境下访问控制技术 [M ] . 北京 : 人民邮电出版社 , 2015 .

LI F H , XIONG J B . Access control technology in complex network environment [M ] . Beijing : Posts ＆ Telecom PressPress , 2015 .

PADHY P , DASH R K , MARTINEZ K , et al . A utility-based sensing and communication model for a glacial sensor network [C ] // The 5th International Joint Conference on Autonomous Agents and Multi-agent Systems . 2016 : 1353 - 1360 .

曾文序 , 库少平 , 郑浩 . 基于旋转门算法的自适应变频数据采集策略 [J ] . 计算机应用研究 , 2018 , 35 ( 3 ): 769 - 772 .

ZENG W X , KU S P , ZHENG H . Strategy of self-adaptive frequency conversion data acquisition based on swing door trending algorithm [J ] . Application Research of Computers , 2018 , 35 ( 3 ): 769 - 772 .

张斌 , 朱建涛 , 徐曌 . 基于动态频率算法的远程监控系统数据采集优化策略 [J ] . 微电子学与计算机 , 2016 , 33 ( 8 ): 86 - 91 .

ZHANG B , ZHU J T , XU Z . Data gathering optimization strategy based on dynamic frequency algorithm for remote monitoring system [J ] . Microelectronics ＆ Computer , 2016 , 33 ( 8 ): 86 - 91 .

MAULLO M , CALO S . Policy management:an architecture and approach [C ] // The 1st International Workshop on Systems Management . 1993 : 13 - 26 .

MONT M C , BALDWIN A , GOH C . Power prototype:towards integrated policy-based management [C ] // IEEE/IFIP Network Operations and Management Symposium . 2000 : 789 - 802 .

ALBUQUERQUE J P D , KRUMM H , GEUS P L D , et al . Scalable model-based configuration management of security services in complex enterprise networks [J ] . Software:Practice and Experience , 2011 , 41 ( 3 ): 307 - 338 .

ALBUQUERQUE J P D , KRUMM H , GEUS P L D . Formal validation of automated policy refinement in the management of network security systems [J ] . International Journal of Information Security , 2010 , 9 ( 2 ): 99 - 125 .

ROMEIKAT R , BAUER B . Specification and refinement of domain-specific ECA policies [C ] // International Conference on Advanced Information Systems Engineering Workshops . 2011 : 197 - 206 .

NEISSE R , STERI G , GENEIATAKIS D , et al . A privacy enforcing framework for Android applications [J ] . Computers ＆ Security , 2016 , 62 : 257 - 277 .

RUDOLPH M , FETH D , DOERR J , et al . Requirements elicitation and derivation of security policy templates—an Industrial case study [C ] // The 24th International Requirements Engineering Conference . 2016 : 283 - 292 .

GUARDA P , RANISE S , SISWANTORO H . Security analysis and legal compliance checking for the design of privacy-friendly information systems [C ] // The 22nd ACM on Symposium on Access Control Models and Technologies . 2017 : 247 - 254 .

RUDOLPH M , MOUCHA C , FETH D . A framework for generating user and domain-tailored security policy editors [C ] // The 24th International Requirements Engineering Conference Workshops . 2016 : 56 - 61 .

BEIGI M S , CALO S , VERMA D . Policy transformation techniques in policy-based systems management [C ] // The 5th IEEE International Workshop on Policies for Distributed Systems and Networks . 2004 : 1 - 10 .

HAN W , FANG Z , YANG L T , et al . Collaborative policy administration [J ] . IEEE Transactions on Parallel and Distributed Systems , 2014 , 25 ( 2 ): 498 - 507 .

UDUPI Y B , SAHAI A , SINGHAL S . A classification-based approach to policy refinement [C ] // The 10th IFIP/IEEE International Symposium on Integrated Network Management . 2007 : 785 - 788 .

RIEKSTIN A C , JANUÁRIO G C , RODRIGUES B B , et al . Orchestration of energy efficiency capabilities in networks [J ] . Journal of Network and Computer Applications , 2016 , 59 : 74 - 87 .

SCHEID E J , MACHADO C C , FRANCO M L , et al . INSpIRE:integrated NFV-based intent refinement environment [C ] // IFIP/IEEE Symposium on Integrated Network and Service Management . 2017 : 186 - 194 .

RANA A I , JENNINGS B . Semantic aware processing of user defined inference rules to manage home networks [J ] . Journal of Network and Computer Applications , 2017 , 79 : 68 - 87 .

MACHADO C C , WICKBOLDT J A GRANVILLE L Z , et al . ARKHAM:an advanced refinement toolkit for handling service level agreements in Software-Defined Networking [J ] . Journal of Network and Computer Applications , 2017 , 90 : 1 - 16 .

RIEKSTIN A C , JANUÁRIO G C , RODRIGUES B B , et al . A survey of policy refinement methods as a support for sustainable networks [J ] . IEEE Communications Surveys and Tutorials , 2016 , 18 ( 1 ): 222 - 235 .

AZIZ B . Modelling fine-grained access control policies in grids [J ] . Journal of Grid Computing , 2016 , 14 ( 3 ): 477 - 493 .

BANDARA K , LUPU E C , RUSSO A . Using event calculus to formalise policy specification and analysis [C ] // The 4th International Workshop on Policies for Distributed Systems and Networks . 2003 : 26 - 39 .

CRAVEN R , LOBO J , LUPU E , et al . Policy refinement:decomposition and operationalization for dynamic domains [C ] // The 7th International Conference on Network and Services Management . 2011 : 115 - 123 .

RUBIO-LOYOLA J . Towards the policy refinement problem in policy-based management systems [M ] . Saarbrücken : VDM VerlagPress , 2008 .

LEIGHTON G , BARBOSA D . Access control policy translation,verification,and minimization within heterogeneous data federations [J ] . ACM Transactions on Information and System Security , 2011 , 14 ( 3 ): 1 - 28 .

JOHNSON M , KARAT J , KARAT C M , et al . Usable policy template authoring for iterative policy refinement [C ] // IEEE International Symposium on Policies for Distributed Systems and Networks . 2010 : 18 - 21 .

CHUNG L , NIXON B A , YU E , et al . Non-functional requirements in software engineering [M ] . New York : Springer Publishing CompanyPress , 2000 .

LIPPMANN R , HAINES J W , FRIED D J , et al . The 1999 DARPA off-line Intrusion Detection Evaluation [J ] . Computer Networks , 2000 , 34 ( 4 ): 579 - 595 .

AFFLECK A , KRISHNA A . Supporting quantitative reasoning of non-functional requirements:a process-oriented approach [C ] // International Conference on Software and System Process . 2012 : 88 - 92 .

KAMRAN S , ZAHID A , FARRUKH A K , et al . KDD cup 99 data sets:a perspective on the role of data sets in network intrusion detection research [J ] . Computer , 2019 , 52 ( 2 ): 41 - 51 .

窦全胜 , 陈姝颖 . 演化计算方法及应用 [M ] . 北京 : 电子工业出版社 , 2016 .

DOU Q S , CHEN S Y . Evolutionary calculation method and application [M ] . Beijing : Publishing House of Electronics IndustryPress , 2016 .

浏览量

625

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于移动sink的无线传感器网络数据采集方案