文章快速检索 高级检索

1. 中南大学信息科学与工程学院, 长沙 410083;
2. 湖南工业大学计算机与通信学院, 株洲 412007

Constructing general cube to be aware of network security situation
WEN Zhicheng1,2, Chen Zhigang1
1. School of Information Science and Engineering, Central South University, Changsha 410083, China;
2. College of Computer and Communication, Hunan University of Technology, Zhuzhou 412007, China
Abstract: Concerning the problems of limited current network security situation assessment scope, single information source, higher time and space complexity and larger deviation of the accuracy, a method was put forward to construct general cube, which can be aware of the network security situation. The continuous situation factor data monitored can be pretreated by discretizing by "3σ rule" and aggregated in the general built cube, that fused into component security situation vertically and merged into the network security situation from component security situation using statistical methods horizontally. It can provide reliable reference to enhance network security. Finally, making full use of network data, the network security situation awareness model and algorithm proposed are verified and the experimental results show correctness of this method.
Key words: network security     situation awareness     network manager     information fusion     general cube

1 安全态势感知模型 1.1 整体感知模型

 图 1 整体网络安全态势感知模型 Fig. 1 Overall network security situational awareness model
1.2 多源多层次信息融合分层感知框架

 图 2 多源多层次信息融合分层感知框架 Fig. 2 Multi-source and multi-level information fusion layered awareness framework

2 安全态势感知前提与基础

2.1 态势因子的遴选

2.2 态势因子值离散化

1) 采集xin个大样本历史数据,计算其平均值xi,代替总体xi的数学期望E(xi)=μ=xi.

2) 同理,计算xi的方差Si2,代替总体xi的方差D(xi)=σ2=S2i.

3) 按照上述方法把xi划分为5个区间SSi.

4) 当获得xi的一个具体值时,根据落在哪个区间SSi来取相应的离散值i.

2.3 数据库的构建

2.4 信息融合方法

3 安全态势感知方法 3.1 构建广义立方体

 图 3 三维广义立方体格 Fig. 3 3D generalized cubic physique

3.2 组件安全态势感知

3.3 网络安全态势感知

3.4 查找异常组件

3.5 安全态势感知算法

1) for every situation factor xi do

2)

3)

4) constructing five sections SSi for this factor

5) end do

6) constructing general cube (A,H) according to the definition 1 and definition 2

1) discretizing the monitored n×m data

2) the discretization n×m data are aggregated into the general cube (A,H)

3) for i=0 to 4 do

4) in j1, j2，···， or jm

5)

6)

7) gaining a part of the component’s situation SAc,that the value is Lc

8) end do

9) for the three category situation factors,repeating from 3) to 8)

10) gaining the situation of this component SAc=(runnabilityc,vulnerabilityc,threatc)

1) for j=1 to 3

2) for i=0 to 4 do

3)

4) end do

5)

6) gaining a part of the network’s situation SAn,that the value is Ln.

7) end do

8) gaining the situation of network SAn=(runnability,vulnerability,threat).

4 仿真实验

 图 4 组件异常情况采样 Fig. 4 Component anomalies sample

 图 5 广义立方体中样本聚集 Fig. 5 Generalized cube samples gathered

 图 6 组件安全态势对比 Fig. 6 Components security situation contrast

 图 7 组件和网络安全态势感知 Fig. 7 Components and network security situational awareness

5 结 束 语

 [1] Bass T.Multi-sensor data fusion for next generation distributed intrusion detection systems[C]//Proceedings of the’99 IRIS National Symposium on Sensor and Data Fusion.Piscataway, NJ:IEEE Press, 1999:24-27. Click to display the text [2] Mazur J, Kaderali L.The importance and challenges of bayesian parameter learning in systems biology[J].Model Based Parameter Estimation Contributions in Mathematical and Computational Sciences, 2013, 4:145-156. Click to display the text [3] 黄同庆, 庄毅.一种实时网络安全态势预测方法[J].小型微型计算机系统, 2014, 35(2):303-306. Huang T Q, Zhuang Y.An approach to real-time network security situation prediction[J].Journal of Chinese Computer Systems, 2014, 35(2):303-306(in Chinese). Cited By in Cnki [4] Blasch E P, Plano S.JDL level 5 fusion model “user refinement” issues and applications in group tracking[C]//Proceedings of the Signal Processing, Sensor Fusion, and Target Recognition XI, Spie.Bellingham, WA:SPIE, 2002:270-279. Click to display the text [5] 龚正虎, 卓莹.网络态势感知研究[J].软件学报, 2010, 21(7):1605-1619. Gong Z H, Zhuo Y.Research on cyberspace situational awareness[J].Journal of Software, 2010, 21(7):1605-1619(in Chinese). Cited By in Cnki [6] Bradshaw J M, Carvalho M, Bunch L, et al.Sol:An agent-based framework for cyber situation awareness[J].KI-Künstliche Intelligenz, 2012, 26(1):127-140. Click to display the text [7] Digioia G, Foglietta C, Oliva G, et al.Aware online interdependency modeling via evidence theory[J].International Journal of Critical Infrastructures, 2013, 6893:74-92. Click to display the text [8] Bazan J G, Bazan-Socha S, Buregwa-Czuma S, et al.Classifiers based on data sets and domain knowledge:A rough set approach[J].Intelligent Systems Reference Library, 2013, 43:93-136. Click to display the text [9] Sample C, Schaffer K.An overview of anomaly detection[J].IT Professional, 2013, 15(1):8-11. Click to display the text [10] 王宏, 龚正虎.一种基于信息熵的关键流量矩阵发现算法[J].软件学报, 2009, 20(5):1377-1383. Wang H, Gong Z H.Algorithm based on entropy for finding critical traffic matrices[J].Journal of Software, 2009, 20(5):1377-1383(in Chinese). Cited By in Cnki [11] 陈秀真, 郑庆华, 管晓宏, 等.层次化网络安全威胁态势量化评估方法[J].软件学报, 2006, 17(4):885-897. Chen X Z, Zheng Q H, Guan X H, et al.Quantitative hierarchical threat evaluation model for network security[J].Journal of Software, 2006, 17(4):885-897(in Chinese). Cited By in Cnki [12] GÖrnitz N, Kloft M, Rieck K, et al.Toward supervised anomaly detection[J].Journal of Artificial Intelligence Research, 2013, 46:235-262. Click to display the text. [13] Erbachera R F, Frinckeb D A, Wongb P C, et al.A multi-phase network situational awareness cognitive task analysis[J].Information Visualization, 2010, 9(3):204-219. Click to display the text [14] 韦勇, 连一峰, 冯登国.基于信息融合的网络安全态势评估模型[J].计算机研究与发展, 2009, 46(3):353-362. Wei Y, Lian Y F, Feng D G.A network security situational awareness model based on information fusion[J].Journal of Computer Research and Development, 2009, 46(3):353-362(in Chinese). Cited By in Cnki [15] 张勇, 谭小彬, 崔孝林, 等.基于Markov博弈模型的网络安全态势感知方法[J].软件学报, 2011, 22(3):495-508. Zhang Y, Tan X B, Cui X L, et al.Network security situation awareness approach based on Markov game model[J].Journal of Software, 2011, 22(3):495-508(in Chinese). Cited By in Cnki [16] 谢丽霞, 王亚超, 于巾博.基于神经网络的网络安全态势感知[J].清华大学学报:自然科学版, 2013, 53(12):1750-1760. Xie L X, Wang Y C, Yu J B.Network security situation awareness based on neural networks[J].Journal of Tsinghua University:Science & Technology, 2013, 53(12):1750-1760(in Chinese). Cited By in Cnki

#### 文章信息

WEN Zhicheng, Chen Zhigang

Constructing general cube to be aware of network security situation

Journal of Beijing University of Aeronautics and Astronsutics, 2015, 41(10): 1966-1974.
http://dx.doi.org/10.13700/j.bh.1001-5965.2015.0010