Font Size: a A A

Study On Network Security Situation Awareness Based On Belief Rule Base

Posted on:2017-05-08Degree:DoctorType:Dissertation
Country:ChinaCandidate:G Y HuFull Text:PDF
GTID:1108330485480243Subject:Computer application technology
Abstract/Summary:PDF Full Text Request
Network security situations are quantified values that can reflect the macro security state of a network system. Network security situation awareness includes: extraction and identification of safety factors, security situation assessment and security situation prediction. The managers can make the corresponding preventive measures prior by judging the current situation of network system, and predicting the future trend of the network security status visually and exactly through the network security situation awareness, which has a very important significance for complex network systems, especially for the industrial control network systems of strong safety requirement. To realize all sections of network security situation awareness, it is necessary to establish the model of network system by using various types of network information and related knowledge effectively. The network system can be seen as complex nonlinear system. Therefore, the research of network security situation awareness is essentially the structure and parameters identification of complex nonlinear systems. Compared with the linear system identification, nonlinear system identification is a hotspot and difficulty of the current academic research, and has not yet formed a perfect and mature theory. Therefore, the research of this paper has important theoretical and practical values.Considering the above problems, to improve the security and the ability of active defense of complex network systems, the modeling methods of complex systems based on Belief Rule Base (BRB) are researched in depth in this paper. The theoretical research results are applied in the each section of network security situation awareness. BRB is one of the most advanced techniques in the area of complex system modeling. It can effectively use the semi-quantitative information which includes both quantitative data and qualitative expert knowledge, and can describe a variety of uncertain knowledge which includes both fuzzy uncertainty and probabilistic uncertainty. In addition, the inference process of BRB is visible and participable, and the reasoning results are also explicable and traceable by using the evidential reasoning rule (ER). Therefore, the application of BRB in the field of network security situation awareness can fully excavate the information hidden behind the massive network data. It provides a new network defense tool for the managers. The research contents of this paper are mainly focused on the following aspects.Firstly, considering the identification and classification of network security factors, a combined belief rule base classification model based on directed acyclic graph structure (DAG-BRB) is proposed using the expert qualitative knowledge and pretreated network data. A number of BRB classifiers are combined together through directed acyclic graph structure in DAG-BRB, and each of them identify two types of attack data. Each BRB classifier is trained by the corresponding training data set. The final results can be obtained layer-by-layer trough trained BRB classifiers. Although the original BRB model can be also used to solve the multi classification problem, the identification of too many types is not conducive to the establishment and inference of belief rules. DAG-BRB can decompose the complex classification problem, which reduces the complexity of BRB model, and improves the classification accuracy. Further more, to optimize the parameters of DAG-BRB model, a constraint covariance matrix adaptation evolution strategy algorithm based on multi objective method (M-CMA-ES) is proposed, where each constraint is transformed to an unconstraint objective function that is independently optimized by the CMA-ES. The experimental results show that the optimized DAG-BRB model can well identify the types of network attack data, and has better classification accuracy compared with other classification models.Considering the problem of network security situation assessment, a network security situation assessment model based on BRB by analysing the factors of network security is proposed, which can effective use the network quantitative data and expert knowledge. The BRB can fuse more abundant uncertain information, and provide more practical knowledge representation because of using the ER rule. The experimental results show that the BRB assessment model can effectively reflect the security situation of the network systems, and provide more actual assessment results than other assessment models.Considering the problem of network security situation prediction, a new forecasting model known as cloud hidden belief rule base (CHBRB) model is proposed by combining the cloud model. The network security situation is regarded as hidden behavior in CHBRB model which utilizes the cloud model to describe the referential point of belief rule, and provides more accurate and reasonable expression ability. In order to optimize the parameters of CHBRB model, a constraint covariance matrix adaptation evolution strategy algorithm based on leaky bucket mechanism (L-CMA-ES) is proposed, where the solutions are modified in each iteration. The experimental results show that the optimized CHBRB model can forecast the future network security situation effectively, and has a better prediction accuracy compared with other forecasting models.Considering the problem of the local ignorance in the network security situation prediction of some special network systems, a new hidden BRB forecasting model named PHBRB, in which the hidden behaviour is described on the frame of discernment of the power set is proposed, and is used in the complex industrial control network systems. The prediction accuracy is improved because the extended frame of discernment can describe the knowledge which includes both the local and global ignorance. In order to optimize the parameters of PHBRB model, a constraint covariance matrix adaptation evolution strategy algorithm based on projection operation (P-CMA-ES) is proposed, where the unsatisfied solutions are projected to the feasible region. The experimental results show that the optimized PHBRB algorithm can predict the network security situation effectively in the industrial control network systems, which provides an important method for protecting the network systems.
Keywords/Search Tags:network security situation, belief rule base, evidential reasoning rule, hidden behavior prediction, security assessment
PDF Full Text Request
Related items