| The development of the Internet brings people great convenience,but also leads to a variety of security incidents occur frequently.The network security has become a global challenge,and improving the technology level of network security is of great significance to the social and personal.However,traditional security methods cannot meet the requirement of network security.There is an urgent need for new techniques to detect network attacks and abnormal behavior.Network security situational awareness technology based on data fusion comprehensively use of security elements from all aspects,grasp the overall status of network security in real time,and forecast and alert the development trend of network security.The theory of data fusion technology in network security situation awareness is analyzed.Based on the three levels of data fusion,explore effective fusion models,the corresponding fusion algorithms and application on different fusion level.The basic theory and applications in network security of feature level fusion and decision level fusion are mainly studied in this paper.A series of new ideas and methods have been put forward1)In feature level fusion,an improved alerts aggregation method based on grey correlation and attribute similarity method was presented.Firstly,we used grey correlation to ascertain the importance of alert attributes in network security,and considered it as the weight of attributes.Then we combined with the attribute similarity method and calculated the overall feature similarity in order to complete alert aggregation.Results showed that this method can effectively reduce similar and redundancy alerts generated by similar attacks.The experiment used the DARPA1999 dataset which replayed by Snort to get alerts information.The simulation results proved that the fused data are effective and much more reliable.2)In decision level fusion,the structure of HMM-DS fusion classification decision model is constructed.In order to encounter the limitation of pure HMM classifier,the results of HMM are integrated into the DS framework,and HMM provides state probabilities for DS.The output of each hidden Markov model is used as a body of evidence.At the same time,a new method of evidence fusion based on entropy weight is proposed to effectively achieve the target of network attack classification and recognition and improve classification accuracy of the system.The experiment using KDD CUP99 dataset and results show that this approach can effectively complete the network attack classification.The idea of hierarchical data fusion is to deal with the information from the bottom layer to the upper layer.In the feature layer,alerts are correlated and fused with features.After the aggregation,it can effectively remove the interference data to provide more accurate data for the decision making layer,and greatly improve the accuracy of decision making.In the decision layer,decisions are made by fusing multi feature space.Results proved that can improve the accuracy and speed of classification and recognition. |
PDF Full Text Request