数据采集与处理2025,Vol.40Issue(3):832-844,13.DOI:10.16337/j.1004-9037.2025.03.021
基于攻击流量和漏洞驱动的态势感知评估方法
Situation Awareness Assessment Approach Based on Attack Traffic and System Vulnerabilities
摘要
Abstract
Network security situation assessment plays an important role in the design and implementation of network defense strategies.The existing situation assessment methods gather the information of both attack and defense to construct an assessment model,which is extremely sensitive to the accuracy of attack detection and the relationship between attack and vulnerability exploitation.To deal with the above challenges and improve the accuracy of assessment,this paper proposes a situation assessment method combining attack and vulnerability.Firstly,various attack data sets are used to train attack detection models,and the attack detection results of different models are fused by the idea of ensemble learning.Secondly,with the help of the open source security model,the exploitation knowledge between different attack types and security vulnerabilities is extracted.Finally,the security situation assessment results are obtained by integrating the degree of attack damage and the probability of vulnerability exploitation calculated using the extracted exploitation knowledge.The results show that the proposed method improves the performance of attack detection,and the average F1-score reaches 96.24.Furthermore,combined with the attack detection results,a situation assessment application case is given to show the effectiveness of the proposed method.关键词
态势评估/攻击检测/安全漏洞/大安全模型Key words
situation assessment/attack detection/security vulnerability/large security model分类
信息技术与安全科学引用本文复制引用
李岩,王梓莹,冒佳明,顾智敏,姜海涛..基于攻击流量和漏洞驱动的态势感知评估方法[J].数据采集与处理,2025,40(3):832-844,13.基金项目
国网江苏省电力有限公司科技项目(J2023180). (J2023180)
