第16卷第1期 智能系统学报 Vol.16 No.1 2021年1月 CAAI Transactions on Intelligent Systems Jan.2021 D0L:10.11992tis.202006053 基于多源异构数据融合的网络安全态势评估体系 常利伟2,田晓雄,张宇青,钱宇华,胡治国 (1.山西财经大学信息学院,山西太原030006:2.山西大学大数据科学与产业研究院,山西太原030006) 摘要:针对基于单点网络数据很难准确地检测网络恶意活动且无法有效地分析网络状况的问题,本文通过引 入多源异构数据融合策略,借鉴层次化网络分析思想,构建出包含流量探测模块、属性提炼模块、决策引擎模 块、多源融合模块、态势评估模块等五大模块的网络安全态势评估体系。评估体系以BP神经网络为决策引擎 分析各数据源的数据,使用指数加权D-S证据理论融合各决策引擎的输出结果,并基于层次化网络威胁评估方 法评估网络威胁状况。实验结果表明:不同探测器探测到的数据对于识别不同类型攻击的优势不同:多源融合 技术进一步将识别攻击类型的准确率提升到88.7%;层次化网络威胁评估方法能够有效地评估网络威胁状况。 关键词:网络安全:网络安全态势评估:数据融合:层次化分析方法;网络攻击:威胁量化:检测评估 中图分类号:TP393文献标志码:A文章编号:1673-4785(2021)01-0038-10 中文引用格式:常利伟,田晓雄,张宇青,等.基于多源异构数据融合的网络安全态势评估体系J,智能系统学报,2021, 16(1):38-47. 英文引用格式:CHANGLiwei,TIAN Xiaoxiong,ZHANG Yuqing,etal.Network security situation assessment architecture based on multi-source heterogeneous data fusionJ CAAI transactions on intelligent systems,2021,16(1):38-47. Network security situation assessment architecture based on multi-source heterogeneous data fusion CHANG Liwei,TIAN Xiaoxiong',ZHANG Yuqing',QIAN Yuhua',HU Zhiguo (1.College of Information,Shanxi University of Finance and Economics,Taiyuan 030006,China;2.Institute of Big Data Science and Industry,Shanxi University,Taiyuan 030006,China) Abstract:Because it is difficult to detect malicious network activity precisely and analyze the network situation effect- ively based only on the single point network data,in this paper,we propose a network security situation assessment ar- chitecture consisting of five modules:a traffic detection module,attribute extraction module,decision engine module, multi-source fusion module,and situation assessment module based on the strategy of multi-source heterogeneous data fusion and the idea of hierarchical network security assessment.In this assessment architecture,a BP neural network is used as the decision engine to analyze the multi-source heterogeneous data,the exponential weighting D-S evidence the- ory is used to merge the output of multiple decision engines,and the threat status of the network is exhibited by refer- ring to the hierarchical network security threat assessment method.The experimental results demonstrate that first,the data from different detectors have different advantages for identifying different types of attacks;second,the multi- source fusion technology can further improve the accuracy of identifying attacks,which is up to 88.7%;and third,the hierarchical network analysis method can exactly exhibit the threat status of network effectivity. Keywords:network security;network security situation assessment;data fusion;hierarchical analysis method;network attacks;threat quantification;detection and evaluation 收稿日期:2020-06-30. 基金项目:山西省自然科学基金项目(201801D221159):山西省 没有网络安全就没有国家安全,网络安全已 高等学校科技创新项目(2019L0470):山西省重点研 成为信息时代国家安全的基石。然而随着网络规 发项目(201903D421003). 通信作者:常利伟.E-mail:changliwei0(02@163.com 模的日益扩大以及网络恶意行为的复杂化与智能DOI: 10.11992/tis.202006053 基于多源异构数据融合的网络安全态势评估体系 常利伟1,2,田晓雄1 ,张宇青1 ,钱宇华2 ,胡治国2 (1. 山西财经大学 信息学院,山西 太原 030006; 2. 山西大学 大数据科学与产业研究院,山西 太原 030006) 摘 要:针对基于单点网络数据很难准确地检测网络恶意活动且无法有效地分析网络状况的问题,本文通过引 入多源异构数据融合策略,借鉴层次化网络分析思想,构建出包含流量探测模块、属性提炼模块、决策引擎模 块、多源融合模块、态势评估模块等五大模块的网络安全态势评估体系。评估体系以 BP 神经网络为决策引擎 分析各数据源的数据,使用指数加权 D-S 证据理论融合各决策引擎的输出结果,并基于层次化网络威胁评估方 法评估网络威胁状况。实验结果表明:不同探测器探测到的数据对于识别不同类型攻击的优势不同;多源融合 技术进一步将识别攻击类型的准确率提升到 88.7%;层次化网络威胁评估方法能够有效地评估网络威胁状况。 关键词:网络安全;网络安全态势评估;数据融合;层次化分析方法;网络攻击;威胁量化;检测评估 中图分类号:TP393 文献标志码:A 文章编号:1673−4785(2021)01−0038−10 中文引用格式:常利伟, 田晓雄, 张宇青, 等. 基于多源异构数据融合的网络安全态势评估体系 [J]. 智能系统学报, 2021, 16(1): 38–47. 英文引用格式:CHANG Liwei, TIAN Xiaoxiong, ZHANG Yuqing, et al. Network security situation assessment architecture based on multi-source heterogeneous data fusion[J]. CAAI transactions on intelligent systems, 2021, 16(1): 38–47. Network security situation assessment architecture based on multi-source heterogeneous data fusion CHANG Liwei1,2 ,TIAN Xiaoxiong1 ,ZHANG Yuqing1 ,QIAN Yuhua2 ,HU Zhiguo2 (1. College of Information, Shanxi University of Finance and Economics, Taiyuan 030006, China; 2. Institute of Big Data Science and Industry, Shanxi University, Taiyuan 030006, China) Abstract: Because it is difficult to detect malicious network activity precisely and analyze the network situation effectively based only on the single point network data, in this paper, we propose a network security situation assessment architecture consisting of five modules: a traffic detection module, attribute extraction module, decision engine module, multi-source fusion module, and situation assessment module based on the strategy of multi-source heterogeneous data fusion and the idea of hierarchical network security assessment. In this assessment architecture, a BP neural network is used as the decision engine to analyze the multi-source heterogeneous data, the exponential weighting D-S evidence theory is used to merge the output of multiple decision engines, and the threat status of the network is exhibited by referring to the hierarchical network security threat assessment method. The experimental results demonstrate that first, the data from different detectors have different advantages for identifying different types of attacks; second, the multisource fusion technology can further improve the accuracy of identifying attacks, which is up to 88.7%; and third, the hierarchical network analysis method can exactly exhibit the threat status of network effectivity. Keywords: network security; network security situation assessment; data fusion; hierarchical analysis method; network attacks; threat quantification; detection and evaluation 没有网络安全就没有国家安全,网络安全已 成为信息时代国家安全的基石。然而随着网络规 模的日益扩大以及网络恶意行为的复杂化与智能 收稿日期:2020−06−30. 基金项目:山西省自然科学基金项目 (201801D221159);山西省 高等学校科技创新项目 (2019L0470);山西省重点研 发项目 (201903D421003). 通信作者:常利伟. E-mail:changliwei002@163.com. 第 16 卷第 1 期 智 能 系 统 学 报 Vol.16 No.1 2021 年 1 月 CAAI Transactions on Intelligent Systems Jan. 2021