基于知识发现的网络安全态势感知系统

由于网络安全告警数据的复杂性和多样性,使得难以精确地分析和评估网络安全态势。通过总结网络安全态势感知的最新研究进展和现存问题,提出了一种基于知识发现的网络安全态势建模与生成框架,在该框架的基础上设计并实现了网络安全态势感知系统Net-SSA。该系统主要由安全态势建模和安全态势生成两部分组成。安全态势建模就是基于D-S证据理论构建适应于度量网络安全态势的形式模型,用于支持态势传感器的安全事件融合和关联分析。安全态势生成就是通过知识发现方法,挖掘网络安全态势数据集中的频繁模式和序列模式,并且将其转化成安全态势的关联规则,从而支持网络安全态势图的自动生成。通过相应的实验过程和结果分析,表明该系统能够支持网络安全态势的准确建模和高效生成。

Network Security Situation Awareness System Based on Knowledge Discovery

Network security administrators need to obtain and analyze network security situation for management,maintenance, and planning purposes. The complexities and diversities of security alert data on modern networks, however,make the precise analysis and evaluation of network security situation extremely difficult We summarized the research progress and existing problems of network security situation awareness, and proposed a network security situation modeling and generation framework based on knowledge discovery. Then,we designed and implemented the network security situation awareness system(Net SSA) based on this framework. Net SSA consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the IBS evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The network security situation is generated by extracting the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery methods and transforming these patterns to the correlation rules of network security situalion, and finally automatically constructing the network security situation graph. The experimental results show that the system supports the accurate modeling and effective generation of network security situation.