| With the development of network applications and the increase strategic position of cyberspace,the Internet has become a new battleground for national or regional security field,and the network security are becoming more and more complicated.However,traditional defense and assessment techniques can't keep up with the needs of the ages.The current risk assessment system still has some issues,for example,false positive rate and false negative rate in the security defense system,mainly based on static assessment and excessive reliance on expert knowledge.The existence of these problems makes the present risk assessment technology difficult to adapt to the complex network at the current stage,and increases the difficulty of real-time and dynamic evaluation,which can not provide a safe and reliable environment for defensive cyber-attacks.Based on the current research status of network security risk assessment at home and abroad,this paper further studies the network security risk assessment technology based on multi-class security events.The main work is divided into the following points:(1)Aiming at the problem of high false negative rate of some network security devices,a two-level feature selection method based on mRMR and information gain is proposed to classify and collect security events.Network equipment(such as IDS,firewall,etc.)is a commonly used security factor collection tool,and its test results will be used as the basis for network security assessment.However,they have high false negative rate.If the problem isn't improved,it will have a certain impact on the evaluation results.In this paper,the feature selection algorithm is improved to increase the detection rate.The feature selection process is mainly performed on the security information such as the traffic flowing through the IDS,and the data dimension of the security element can be reduced after the processing operation,the interference of the redundant feature on the result is removed,and the detection rate of the device is improved.Compared with the traditional feature selection method,the feature subsets screened by this method have better classification performance,our method effectively improved the accuracy rate,reduced the false negative rate,and made the data more authentic.(2)Aiming at the problem that the attack graph is complicated and uncertain,this paper proposes an evaluation method that combines the hidden Markov model(HMM)and the attack graph model,using the situation value of each path as the measurement standard to determine the attacker's optimal choice path and speculating the attacker's attack intention.In the attack graph,each node represents the security state of the host.Therefore,each node is used as a state variable,and the vulnerability information and atomic attack behavior utilized in the attack process are taken as observation variables.After obtaining the attack graph,calculate the required parameter values and establish the corresponding HMM model,and find the situation value of each path,then select the attack path corresponding to the highest situation value as the attacker's best choice path,that is,the intention of the attacker.(3)Aiming at the shortcomings of passive defense of network equipment and static evaluation of attack graphs,a network security risk assessment prototype system based on multi-class security events is proposed,which is used to realize real-time and dynamic assessment of network security.By combining the collection of security elements and network security assessment,the attack behaviors in the attack graph are merged with the security evidence extracted from the logs,and real-time calculations are performed according to the fusion results to achieve dynamic evaluation.The system can observe the situation in general and develop corresponding security reinforcement measures based on the results.Since the fusion of security events will cause the changes of previous evaluation results constantly,the parameters are recalculated and dynamic situation changes are obtained during the fusion. |
PDF Full Text Request