基于无监督多源数据特征解析的网络威胁态势评估

杨宏宇; 王峰岩

doi:10.11959/j.issn.1000-436x.2020015

您当前的位置：

首页 >

文章列表页 >

基于无监督多源数据特征解析的网络威胁态势评估

学术论文 | 更新时间：2024-06-05

- 基于无监督多源数据特征解析的网络威胁态势评估
- Network threat situation assessment based on unsupervised multi-source data feature analysis
- 通信学报 2020年41卷第2期页码：143-154
- 作者机构：
  
  中国民航大学计算机科学与技术学院，天津 300300
- 作者简介：
  
  [ "杨宏宇（1969- ），男，吉林长春人，博士，中国民航大学教授，主要研究方向为网络信息安全" ]
  [ "王峰岩（1993- ），男，河南南阳人，中国民航大学硕士生，主要研究方向为网络信息安全" ]
- 基金信息：
  
  国家自然科学基金民航联合研究基金资助项目(U1833107)
- DOI：10.11959/j.issn.1000-436x.2020015
  中图分类号： TP309
- 网络出版日期：2020-02，
  
  纸质出版日期：2020-02-25
- 稿件说明：
移动端阅览
杨宏宇, 王峰岩. 基于无监督多源数据特征解析的网络威胁态势评估[J]. 通信学报, 2020,41(2):143-154.

Hongyu YANG, Fengyan WANG. Network threat situation assessment based on unsupervised multi-source data feature analysis[J]. Journal on communications, 2020, 41(2): 143-154.
杨宏宇, 王峰岩. 基于无监督多源数据特征解析的网络威胁态势评估[J]. 通信学报, 2020,41(2):143-154. DOI： 10.11959/j.issn.1000-436x.2020015.

Hongyu YANG, Fengyan WANG. Network threat situation assessment based on unsupervised multi-source data feature analysis[J]. Journal on communications, 2020, 41(2): 143-154. DOI： 10.11959/j.issn.1000-436x.2020015.

摘要

针对监督式神经网络测试网络威胁时需根据数据类别标记进行建模的局限性，提出了一种基于无监督多源数据特征解析的网络威胁态势评估方法。首先，设计了一个面向安全威胁评估的变分自动编码器-生成式对抗网络（V-G），将只包含正常网络流量的训练数据集输入V-G的网络集合层进行模型训练，并计算各层网络输出的重构误差。然后，通过输出层的三层变分自动编码器重构误差学习并获取训练异常阈值，使用包含异常网络流量的测试数据集测试分组威胁并统计每组测试的威胁发生概率。最后，根据威胁发生概率确定网络安全威胁严重度，结合威胁影响度计算威胁态势值以获取网络威胁态势。仿真实验结果表明，所提方法对网络威胁具有较强的表征能力，能够有效直观地评估网络威胁的整体态势。

Abstract

Aiming at the limitations of supervised neural network in the network threat testing task relying on data category tagging

a network threat situation evaluation method based on unsupervised multi-source data feature analysis was proposed.Firstly

a variant auto encoder-generative adversarial network (V-G) for security threat assessment was designed.The training data set containing only normal network traffic was input to the network collection layer of V-G to perform the model training

and the reconstruction error of the network output of each layer was calculated.Then

the reconstruction error learning was performed by the three-layer variation automatic encoder of the output layer

and the training abnormal threshold was obtained.The packet threat was tested by using the test data set containing the abnormal network traffic

and the probability of occurrence of the threat of each group of tests was counted.Finally

the severity of the network security threat was determined according to the probability of threat occurrence

and the threat situation value was calculated according to the threat impact to obtain the network threat situation.The simulation results show that the proposed method has strong characterization ability for network threats

and can effectively and intuitively evaluate the overall situation of network threat.

关键词

Keywords

references

YANG M , JIANG R , GAO T L , et al . Research on cloud computing security risk assessment based on information entropy and Markov chain [J ] . International Journal of Network Security , 2018 , 20 ( 4 ): 664 - 673 .

WANG H , CHEN Z , FENG X , et al . Research on network security situation assessment and quantification method based on analytic hierarchy process [J ] . Wireless Personal Communications , 2018 , 102 ( 2 ): 1401 - 1420 .

SALLAM H . Cyber security risk assessment using multi fuzzy inference system [J ] . International Journal of Engineering and Innovative Technology , 2015 , 4 ( 8 ): 13 - 19 .

文志诚 , 陈志刚 , 唐军 . 基于信息融合的网络安全态势量化评估方法 [J ] . 北京航空航天大学学报 , 2016 , 42 ( 8 ): 1593 - 1602 .

WEN Z C , CHEN Z G , TANG J . Network security situation quantitative evaluation method based on information fusion [J ] . Journal of Beijing University of Aeronautics and Astronautics , 2016 , 42 ( 8 ): 1593 - 1602 .

FENG W , WU Y , FAN Y . A new method for the prediction of network security situations based on recurrent neural network with gated recurrent unit [J ] . International Journal of Intelligent Computing and Cybernetics , 2018 , 11 ( 4 ): 511 - 525 .

HE F , ZHANG Y , LIU D , et al . Mixed wavelet-based neural network model for cyber security situation prediction using modwt and hurst exponent analysis [C ] // International Conference on Network and System Security . Springer-Verlag , 2017 : 99 - 111 .

DOERSCH C . Tutorial on variational autoencoders [J ] . arXiv Preprint arXiv:1606.05908 , 2016 .

GOODFELLOW I J , POUGET-ABADIE J , MIRZA M . et al . Generative adversarial nets [C ] // The 27th International Conference on Neural Information Processing Systems . MIT Press , 2014 : 1 - 9 .

LAENG E , MORPURGO C . An uncertainty inequality involving L1 norms [J ] . Proceedings of the American Mathematical Society , 1999 , 127 ( 12 ): 3565 - 3572 .

MELL P , SCARFONE K , ROMANOSKY S . Common vulnerability scoring system [J ] . IEEE Security and Privacy Magazine , 2012 , 4 ( 6 ): 85 - 89 .

唐成华 , 余顺争 . 一种基于似然 BP 的网络安全态势预测方法 [J ] . 计算机科学 , 2009 , 36 ( 11 ): 97 - 100 .

TANG C H , YU S Z . A network security situation prediction method based on likelihood BP [J ] . Computer Science , 2009 , 36 ( 11 ): 97 - 100 .

赖智全 . 基于混合优化RBF神经网络的网络安全态势预测模型 [D ] . 兰州:兰州大学 , 2017 .

LAI Z Q . Network security situation prediction model based on hybrid optimization RBF neural network [D ] . Lanzhou:Lanzhou University , 2017 .

浏览量

1046

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据