基于拓扑漏洞分析的网络安全态势感知模型
|
摘要
针对网络安全态势感知研究存在缺乏有效的网络安全态势数据采集和要素提取方法,网络安全态势的理解和分析计算难以进行的现状,建立基于拓扑漏洞分析的网络安全态势感知模型。首先,采用扩展有限状态机描述网络中当前状态和可能发生的状态,确定网络的所有状态;其次,计算威胁存在概率、威胁状态概率、状态转移概率和威胁损失等态势组成值,综合得到网络安全态势;最后,通过数值对比,明确网络的安全状态。实验结果表明:建立的网络安全态势感知模型与实际网络安全态势相比,均方差为1. 2%;与层次分析模型和神经网络模型相比,均方差降低1. 5%~2. 1%。
In view of network security situational awareness research, there is a lack of effective data collection and element extraction methods, and it is difficult to understand, analyze and calculate network security situation. Therefore, a network security situational awareness model based on topology vulnerability analysis was established. Firstly, the extended finite state machine was used to describe the current state and possible states of the networks, thus determining all the states of the network. Secondly, the probability of threat, the probability of threat status, the state transition probability and the threat loss were calculated, and then the network security situation was obtained synthetically. Finally, the security state of the network was determined by numerical comparison. The experimental results show that, the mean square error of the network security situational awareness model is 1. 2%, compared with the actual network security situation; compared with the analytic hierarchy process and the neural network model, the mean square error decreased by 1. 5% to 2. 1%.
In view of network security situational awareness research, there is a lack of effective data collection and element extraction methods, and it is difficult to understand, analyze and calculate network security situation. Therefore, a network security situational awareness model based on topology vulnerability analysis was established. Firstly, the extended finite state machine was used to describe the current state and possible states of the networks, thus determining all the states of the network. Secondly, the probability of threat, the probability of threat status, the state transition probability and the threat loss were calculated, and then the network security situation was obtained synthetically. Finally, the security state of the network was determined by numerical comparison. The experimental results show that, the mean square error of the network security situational awareness model is 1. 2%, compared with the actual network security situation; compared with the analytic hierarchy process and the neural network model, the mean square error decreased by 1. 5% to 2. 1%.
引文
[1] BASS T. Multisensor data fusion for next generation distributed intrusion detection systems[C]//Proceedings of the 1999 Iris National Symposium on Sensor&Data Fusion. Laurel:[s. n.], 1999:24-27.
[2] PATSOS D, MITROPOULOS S, DOULIGERIS C. Expanding topological vulnerability analysis to intrusion detection through the incident response intelligence system[J]. Information Management and Computer Security, 2010, 18(4):291-309.
[3]陈秀真,郑庆华,管晓宏,等.层次化网络安全威胁态势量化评估方法[J].软件学报, 2006,17(4):885-897.
[4]张勇,谭小彬,崔孝林,等.基于Markov博弈模型的网络安全态势感知方法[J].软件学报, 2011,22(3):495-508.
[5] JAJODIA S, NOEL S. Topological vulnerability analysis:a powerful new approach for network attack prevention, detection, and response[C]//Statistical Science and Interdisciplinary Research:Volume3:Algorithms, Architectures and Information Systems Security.[S.l.]:World Scientific, 2008:285-305.
[6]谢丽霞,王亚超,于巾博.基于神经网络的网络安全态势感知[J].清华大学学报(自然科学版),2013,53(12):1750-1760.
[7] SWARUP V, JAJODIA S, PAMULA J. Rule-based topological vulnerability analysis[C]//Proceedings of the 3rd International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, LNCS 3685. Berlin:Springer, 2005:23-37.
[8]唐成华,唐申生,强保华. DS融合知识的网络安全态势评估及验证[J].计算机科学,2014,41(4):107-110.
[9]刘效武,王慧强,吕宏武,等.网络安全态势认知融合感控模型[J].软件学报,2016,27(8):2099-2114.
[10]叶云,徐锡山,齐治昌,等.大规模网络中攻击图自动构建算法研究[J].计算机研究与发展,2013,50(10):2133-2139.
[11]陈靖,王冬海,彭武.基于动态攻击图的网络安全实时评估[J].计算机科学,2013,40(2):133-138.
[12]李庆朋,王布宏,王晓东,等.基于安全状态约简的攻击图生成方法[J].计算机工程与设计,2013,34(5):1589-1593.
[13]谢丽霞,王亚超.网络安全态势感知新方法[J].北京邮电大学学报,2014,37(5):31-35.
[14]蒋宗礼,姜守旭.形式语言与自动机理论[M].北京:清华大学出版社,2007:12-43.
[15]古天龙.软件开发的形式化方法[M].北京:高等教育出版社,2005:67-91.
[16] University of CAlifornia, Irvine. KDD Cup 1999 Data[EB/OL].[2018-01-10]. http://www. ics. edu/~kdd/databases/kddcup99.
[17]张新有,曾华燊,贾磊.入侵检测数据集KDD CUP 99研究[J].计算机工程与设计,2010,31(22):4809-4813.
[2] PATSOS D, MITROPOULOS S, DOULIGERIS C. Expanding topological vulnerability analysis to intrusion detection through the incident response intelligence system[J]. Information Management and Computer Security, 2010, 18(4):291-309.
[3]陈秀真,郑庆华,管晓宏,等.层次化网络安全威胁态势量化评估方法[J].软件学报, 2006,17(4):885-897.
[4]张勇,谭小彬,崔孝林,等.基于Markov博弈模型的网络安全态势感知方法[J].软件学报, 2011,22(3):495-508.
[5] JAJODIA S, NOEL S. Topological vulnerability analysis:a powerful new approach for network attack prevention, detection, and response[C]//Statistical Science and Interdisciplinary Research:Volume3:Algorithms, Architectures and Information Systems Security.[S.l.]:World Scientific, 2008:285-305.
[6]谢丽霞,王亚超,于巾博.基于神经网络的网络安全态势感知[J].清华大学学报(自然科学版),2013,53(12):1750-1760.
[7] SWARUP V, JAJODIA S, PAMULA J. Rule-based topological vulnerability analysis[C]//Proceedings of the 3rd International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security, LNCS 3685. Berlin:Springer, 2005:23-37.
[8]唐成华,唐申生,强保华. DS融合知识的网络安全态势评估及验证[J].计算机科学,2014,41(4):107-110.
[9]刘效武,王慧强,吕宏武,等.网络安全态势认知融合感控模型[J].软件学报,2016,27(8):2099-2114.
[10]叶云,徐锡山,齐治昌,等.大规模网络中攻击图自动构建算法研究[J].计算机研究与发展,2013,50(10):2133-2139.
[11]陈靖,王冬海,彭武.基于动态攻击图的网络安全实时评估[J].计算机科学,2013,40(2):133-138.
[12]李庆朋,王布宏,王晓东,等.基于安全状态约简的攻击图生成方法[J].计算机工程与设计,2013,34(5):1589-1593.
[13]谢丽霞,王亚超.网络安全态势感知新方法[J].北京邮电大学学报,2014,37(5):31-35.
[14]蒋宗礼,姜守旭.形式语言与自动机理论[M].北京:清华大学出版社,2007:12-43.
[15]古天龙.软件开发的形式化方法[M].北京:高等教育出版社,2005:67-91.
[16] University of CAlifornia, Irvine. KDD Cup 1999 Data[EB/OL].[2018-01-10]. http://www. ics. edu/~kdd/databases/kddcup99.
[17]张新有,曾华燊,贾磊.入侵检测数据集KDD CUP 99研究[J].计算机工程与设计,2010,31(22):4809-4813.