Multi-source Heterogeneous Security Data Aggregation Based On Ontology

Security data describes data security-related. Lots of distributed and heterogeneous security data with each other is in existence in information domain, which is known as multi-source heterogeneous security data. With the improvement of network dependence and the expansion of information shares and data changes, it is becoming a kind of important method and means for data analyzing and processing to use data aggregation with semantic analysis and processing. So, how the security data with sensitive information to be aggregated in structure, syntax and semantics in network security situation awareness and how to abstract compact, accurate, trusted security awareness factors with clear semantics is a new subject and challenge.Network security situation awareness is one of research hotspots in domain of network security at present. It is new technology to realize network security supervision and evaluation.The background of this thesis is network security situation awareness. Its theory basis is ontology etc.. The processing objects are factors which affect network security awareness. The Bayes network classification and security policy etc. is improved. By the means of ontology description, ontology construction and ontology reasoning, the related technologies aimed at multi-source heterogeneous security data aggregation are researched.The main contents are organized as follows.Data aggregation framework in network security situation awareness is basis and premises of researching. The framework construction rules and methods are established firstly. A multi-source heterogeneous security data aggregation framework based on ontology is proposed. The framework is described fully and be analyzed by using PEPA formalization language. It provides a integrated method for multi-source heterogeneous security data aggregation based on ontology.Aimed at hierarchical multi-source heterogeneous features of network security situation, The shortages of current classification methods are analyzed. A Bayes network classification method faced with aggregation with semantic feature relations is proposed. The processing objects in framework of security data aggregation of network security situation awareness are defined detailedly. The rules of object semantic feature abstraction and network node change are provided. The choosing of training samples and parameters learning faced with aggregation is improved. The experimental result shows that the proposed method is adapted for semantic classification faced with multi-source heterogeneous security data aggregation.In order to describe ontology in framework of security data aggregation of network security situation awareness and security data classification, the current ontology description languages are analyzed and description method based on ontology faced with aggregation. The basic forms are given and ontology behavior feature profile description is set for classification data with semantic relation. It shows effectively structured and half structured document semantics of XML etc. of factors of security situation awareness by hierarchical partition and node aggregation. The experimental results show that the semantic description method can improve power effectively in analyzing data in network security situation awareness and provide reference for evaluating situation accurately.In the process of multi-source heterogeneous security data, the problems exist in when main process often processes multi-grade objects and itself security guarantee of aggregation framework can not solved neatly by current security strategy. The aggregation process can not evaluate factors fully affected by network security situation. A weight-value-extended multi-layer security strategy faced with data aggregation of network security situation awareness is proposed. The integrated definition and access rules are given. It is added into framework by associating ontology description. It realizing more flexible main body access mechanism at the same time when protects aggregation safety. The experiment shows that better security situation evaluation is achieved.