ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2014, Vol. 51 ›› Issue (8): 1681-1694.doi: 10.7544/issn1000-1239.2014.20121050

• 信息安全 • 上一篇    下一篇

基于时空维度分析的网络安全态势预测方法

刘玉岭1,2,3,冯登国1,2,连一峰1,2,3,陈 恺3,吴 迪1,2   

  1. 1(中国科学院软件研究所可信计算与信息保障实验室 北京 100190);2(中国科学院大学 北京 100049);3(信息安全共性技术国家工程研究中心 北京 100190) (ylliu@tca.iscas.ac.cn)
  • 出版日期: 2014-08-15
  • 基金资助: 
    基金项目:国家“八六三”高技术研究发展计划基金项目(SQ2013GX02D01211,2011AA01A203);国家自然科学基金项目(61100226,60970028);北京市自然科学基金项目(4122085);国家科技支撑计划“十二五”项目-IT产品信息安全认证关键技术研究项目(2012BAK26B01)

Network Situation Prediction Method Based on Spatial-Time Dimension Analysis

Liu Yuling1,2,3, Feng Dengguo1,2, Lian Yifeng1,2,3, Chen Kai3, Wu Di1,2   

  1. 1(Laboratory of Trusted Computing and Information Assurance, Institute of Software, Chinese Academy of Sciences, Beijing 100190);2(University of Chinese Academy of Sciences, Beijing 100049);3(National Engineering Research Center for Information Security, Beijing 100190)
  • Online: 2014-08-15

摘要: 现有网络安全态势预测方法无法准确反映未来安全态势要素值变化对未来安全态势的影响,且不能很好地处理各安全要素间的相互影响关系对未来网络安全态势的影响,提出了基于时空维度分析的网络安全态势预测方法.首先从攻击方、防护方和网络环境3方面提取网络安全态势评估要素,然后在时间维度上预测分析未来各时段内的安全态势要素集,最后在空间维度上分析各安全态势要素集及其相互影响关系对网络安全态势的影响,从而得出网络的安全态势.通过对公用数据集网络的测评分析表明,该方法符合实际应用环境,且相比现有方法提高了安全态势感知的准确性.

关键词: 网络安全, 安全态势预测, 安全态势要素, 空间数据发掘, 时空维度

Abstract: Network security situation prediction methods can make the security administrator better understand the network security situation and the network situation trend. However, the existing security situational prediction methods can not precisely reflect the variation of network future security situation caused by security elements' change and do not handle the impact of the interaction relationship between the various security elements of future network security situation. In view of this situation, a network situation prediction method based on spatial-time dimension analysis is presented. The proposed method extracts security elements from attacker, defender and network environment. We predict and analyze these elements from the time dimension in order to provide data for the situation calculation method. Using the predicted elements, the impact value caused by neighbor node's security situation elements is computed based on spatial data mining theory. In combination with node's degree of importance, the security situation value is obtained. To evaluate our methods, MIT Lincoln Lab's public dataset is used to conduct our experiments. The experiments results indicate that our method is suitable for a real network environment. Besides, our method is much more accurate than the ARMA model method.

Key words: network security, security situation prediction, security situation element, spatial data mining, spatial-time dimension

中图分类号: