基于免疫的网络安全态势感知关键技术研究

为了改变目前网络安全防御主要依靠防火墙、漏洞扫描、入侵检测等传统网络安全工具进行被动防御的局面,将人工免疫技术应用于网络安全态势感知技术,提出并实现了一种基于免疫的网络安全态势感知技术.该技术采用基于免疫的入侵检测模型实现对网络中已知和未知入侵行为的检测;依据生物免疫系统抗体浓度的变化与病原体入侵强度的对应关系,建立网络风险实时定量评估模型.在对网络安全状况的趋势预测中,采用基于时间序列的ARMA模型对网络当前安全状况及未来变化趋势进行实时、定量的分析、预测,从而有效地缓解网络攻击造成的危害,提高网络信息系统的应急保障能力.实验结果表明该系统能及时有效调整网络安全策略,提供更全面的安全保障,是网络安全保障的一个较好解决方案.

Research on Network Security Situation Awareness Based on Artificial Immunity System

In order to change the current passive network security defense situation depending on traditional network security tools, such as firewall, network vulnerability scanning and intrusion detection etc, the artificial immune technology is applied to network security situation awareness.This technology adopts intrusion detection model based on immune to realize the detection of known and unknown intrusion behaviors, and establishes real-time and quantitative network risk evaluation model based on the corresponding relationship between the antibody concentration variation of biological immune system and the intrusion rate of pathogen. During the trend forecast of network security situation, ARMA model based on time series is adopted to make real time and quantitative analysis and forecast on network security situation and its future trend, in this way, it can reduce the risk of network attack effectively and improve the emergency logistic support ability of network information system. The experiment result shows that this system can adjust network security strategy timely and efficiently, provide overall security guarantee for the system and is a good solution to active network security defense.