摘要
传统的层次化网络安全态势评估模型,仅利用大量的IDS(intrusion detection system)报警信息基于统计的基础上对服务、主机,网络系统进行评估计算,忽略了报警要素之间的关联性,导致评估结果不够准确、客观。为解决上述问题,提出一种改进的层次化网络安全态势评估模型。模型首先利用警报验证过程结合网络环境信息对报警成功率进行衡量。然后对报警三要素:报警频率、报警严重性、报警成功率,建立适当的模糊规则,运用模糊推理实现三者之间复杂的非线性映射关系,得到一个综合警报值。最后,计算服务、主机以及整个网络系统的态势值。基于Honeynet数据集的实验分析表明,上述评估模型有效消除了虚假报警信息的影响,获得的评估结果较传统的方法更为准确。
The traditional hierarchical network security situation evaluation model calculates and evaluates services, hosts, and network systems by utilizing a large number of intrusion detection system(IDS) alert information, ignoring the correlation between the alert elements. This model leads to inaccurate and less objective evaluation results. For this reason, this paper proposed an improved model for hierarchical network security situation evaluation. First we used the alert verification process combined with the network environment information to measure the success rate of the alert;then, established appropriate fuzzy rules for three elements of the alert: alert frequency, alert severity, and alert success rate. Fuzzy reasoning was used to achieve the complex nonlinear mapping relationship between the three with getting a comprehensive alert value. Finally, the situation values of the service, the host, and the entire network system were calculated. The experimental analysis based on the Honeynet dataset shows that this evaluation model effectively eliminates the effects of false alert information and the obtained evaluation results are more accurate than the traditional methods.
作者
崔明辉
封化民
刘飚
王琳
CUI Ming-hui;FENG Hua-min;LIU Biao;WANG Lin(College of Telecommunication Engineering,Xidian University,Xi'an Shanxi 710071,China;Beijing Electronic Science&Technology Institution,Beijing 100070,China)
出处
《计算机仿真》
北大核心
2019年第11期284-289,369,共7页
Computer Simulation
基金
“国家重点研发计划”课题(2018YFB0803601)
关键词
模糊推理
层次化
态势评估
报警验证
Fuzzy reasoning
Hierarchical
Situation evaluation
Alertverification