【作者】 胡明明；

【导师】 王慧强；

【作者基本信息】 哈尔滨工程大学 ， 计算机应用技术， 2008， 硕士

【摘要】 网络安全态势感知系统是实现网络安全监控的一种新技术,也是目前信息安全的研究热点之一。网络安全态势感知要求从全面、整体的角度审视大规模网络的安全状况,强调对网络系统中潜在的或已经出现的异常做到及时监测,并能对未来一段时间内网络的安全状况做出合理准确的预测。其中心思想是充分利用一种或几种数学方法,融合处理网络环境下的多源异构安全状态数据,生成易于理解的网络安全态势。本文首先对网络安全态势感知在网络安全领域的应用进行了较全面研究,涵盖了网络安全态势感知的概念描述、研究现状等,并建立了分层化网络安全态势感知模型,该模型自底向上分为态势提取、态势生成和态势预测三个层面。其次,针对态势提取层,提出了一种分布式数据融合模型,该模型采用多个分类器分类网络信息,根据各个分类器的可信度对得到的结果进行融合处理,生成网络安全态势要素。并通过实验验证了该方法的有效性。然后,态势评估层采用层次化网络安全态势评估模型,使用统计方法对网络系统中的服务级、主机级和系统级的安全态势指数进行定量计算,从而得到不同层次相对应的安全态势值。最后,针对态势预测层,提出了一种基于遗传算法优化BP神经网络的态势预测方法,利用遗传算法全局搜索BP神经网络的权值,并利用优化后的BP神经网络建立模型对网络安全态势进行预测。实验测试表明,该方法能够应用于网络安全态势值的预测,辅助网络管理者了解网络的变化趋势。更多还原

【Abstract】 Network security situational awareness system (NSSAS) is a new technology to monitor network security, and it is one of the hot research domains in information security. A new perspective to observe the network security status is demanded in NSSA, it emphasizes timely detection of potential or arisen anomalies in network system, and also can forecast network security status in some time later. The main idea of NSSA is to make full use of one or several kinds of mathematical methods to fuse the multi-source heterogeneous data in the network system, and then easily understandable network security situation will be generated from a cognitive perspective.Firstly, NSSA in network security are researched comprehensively in this thesis, including the concept description, research state, and developing direction of NSSA, and then the model of NSSA is formed primarily. The model includes three models: data fusion model, realization model of network security situation, predict model.Secondly, the thesis presents a distributed data fusion model, it uses three classifiers to label network data, and fuses the results to get the network security situational factors depending on the rate of every classifiers differentiation. and experiment is done to check the validity of the method.Thirdly, layered realization model of network security situation is constructed, this model makes use of statistical method for the quantitative calculation of security situation index of service level, host level and network level in networked system. Then we can get the different level security situation.Finally, the thesis presents a method based on GA-BPNN (Genetic Algorithm-Back Propagation Neural Network) to predict the network security situation. The model makes use of GA to modify the power value of network to construct anagenesis model, then we can use the model to predict the network security situation. Experiment results show that this method can achieve perfect prediction, helping administrator to understand the current situation.更多还原