摘要
网络安全态势估计和预测是态势感知的重要过程。在告警信息聚合基础上,以典型攻击模式作为关联依据,结合网络资产的脆弱性识别网络实体所处受攻击阶段并将其转化威胁等级。以威胁等级作为观测值,基于隐Markov模型通过状态估计实现态势评估,并利用神经网络和支持向量机的组合模型实现态势预测。DARPA2000测试数据集上的相关实验表明,本文方法能更加准确地评估和预测网络态势。
Cybersecurity situation evaluation and prediction is the vital issue of situation awareness. Following the aggregation of alert information,attack affairs are associated according to the attack pattern with four phases. The attack phase is identified and the threat level is obtained based on the vulnerabilities of cyber entities. Taking the threat level as the observation variables of HMM,the situation value is successively figured out according to the estimation of HMM. The situation prediction is ultimately performed via the composition of the neural-network-based predictor and support-vectormachine-based predictor. Experimental results based on DARPA2000 dataset indicate that the proposed method is able to achieve higher cybersecurity situation evaluation and prediction performance.
作者
吴建台
乔翌峰
朱赛凡
刘光杰
WU Jian-tai;QIAO Yi-feng;ZHU Sai-fan;LIU Guang-jie(School of Automation, Nanjing University of Science and Technology, Nanjing 210094;Nanjing Institute of Information and Technology, Nanjing 210036)
出处
《导航与控制》
2018年第2期10-17,31,共9页
Navigation and Control
基金
国家自然科学基金(编号:61472188
61602247
61702235
U1636117)
江苏省自然科学基金(编号:BK20150472
BK20160840)
国家科技支撑计划(编号:2014BAH41B01)
关键词
关联分析
隐MARKOV模型
网络安全态势评估
网络安全态势预测
association analysis
hidden Markov model(HMM)
cybersecurity situation evaluation
cybersecurity situation prediction
