基于DS证据理论的多源网络安全数据融合模型OACSTPCD
Multi-source network security data fusion model based on DS evidence theory
网络安全态势感知涉及大量的多源数据,其信息抽取难度高,是当前急需解决的问题.文中结合现有的网络安全实践,针对流量传感器产生的数据,研究了基于DS证据理论的多源网络安全数据融合方法.该方法通过设计有效的融合模型,降低数据冗余性,实现关联性分析,并从时间、空间和事件等维度分析网络安全事件之间的关联性,形成关联后的融合数据,提高网络安全态势数据的有效性.提出的融合模型不仅有效提取了关键信息,增强了网络安全态势数据的有效性,为网络安全监管提供了有力支持,而且在网络事件可能存在误报或漏报的情况下依然能够保持较高的有效性,具有重大的实际应用价值和推广意义.
Network security situation awareness involves a large amount of multi-source data,and its information extraction is difficult,which is an urgent problem to be solved at present.In combination with the existing network security practices,a multi-source network security data fusion method based on the Dempster-Shafer(DS)evidence theory is studied specifically for data generated by flow sensors.By designing an effective fusion model,this method reduces data redundancy,implement correlation analysis,and analyze the correlation between network security events from the dimensions of time,space and events,so as to form fused data with correlations,and thereby enhance the effectiveness of network security situation data.The proposed fusion model effectively extracts key information,enhances the validity of network security situation data,and provides strong support for network security regulation.Furthermore,it maintains a high level of effectiveness even in the presence of possible false positives or missed detections,so it demonstrates its significant practical application value and promotional significance.
黄智勇;林仁明;刘宏;朱举异;李嘉坤
电子科技大学 信息与软件工程学院,四川 成都 610054||四川省市场监督管理局 信息中心,四川 成都 610017四川省市场监督管理局 信息中心,四川 成都 610017电子科技大学 信息与软件工程学院,四川 成都 610054
电子信息工程
网络安全多源数据融合信息抽取流量传感器证据理论态势感知
network securitymulti-source data fusioninformation extractionflow sensorevidence theorysituational awareness
《现代电子技术》 2024 (007)
115-121 / 7
四川省科技计划项目(2021YFS0391);四川省重大科技专项(22DZX0046);国家自然科学基金重点项目(61133016)
评论