摘要
为解决网络安全态势评估中数据源单一及数据源彼此缺乏关联的问题,提出一种多源事件融合的网络安全态势评估方法。对多源数据进行预处理,统一格式;鉴于网络中存在大量误报及冗余事件,采用属性相似度算法结合DS证据理论对事件进行关联、融合;针对层次分析法(analytic hierarchy process,AHP)无法解决标度工作量大的问题,采用模糊综合评价法并结合AHP确定权值系数,依据攻击、漏洞信息加权融合各层态势,得到网络安全态势图。通过对DARPA2000数据集进行仿真实验验证了该模型的可靠性及适用性。
To solve the problem of singleness of source data and the problem that the data source lacks association with each other in the network security situation assessment,an evaluation method of network security situation based on multi-source event fusion was proposed.Multi-source data were preprocessed into the unified format.In view of the large number of false positives and redundancy in network,events were fused using algorithms of attribute similarity with DS evidence theory.Aiming at the problem that analytic hierarchy process(AHP)can not solve the large scale workload,weight was calculated using fuzzy comprehensive evaluation with AHP.The security situation graph of network was obtained by fusing the situation of every layer according to attack and vulnerability information.The reliability and applicability of the model was validated by simulating the DARPA 2000 data set.
出处
《计算机工程与设计》
北大核心
2016年第6期1440-1444,共5页
Computer Engineering and Design
基金
国家自然科学基金项目(61272450)
天津市科技创新专项基金项目(10FDZDGX00400
11ZCKFGX00900)
天津理工大学教改基金项目(YB12-34)
关键词
网络安全态势评估
DS证据理论
属性相似度
AHP层次分析法
模糊综合评价法
network security situation assessment
DS evidence theory
attribute similarity
analytic hierarchy process
fuzzy comprehensive evaluation
