| With the fast development of communication technology,the advantage of the Internet have become increasingly prominent,which has greatly accelerated the development of the social economy.The Internet has be an important part of human life.Although the Internet has brought many conveniences,it also introduces new risks and challenges to people.Various attacks emerge one after another,which seriously endangering social development and personal property security.Single point detection is a common method used to detect network attacks,however,it has the disadvantage of single data source and lack of effective coordination mechanism between each other,so it cannot effectively deal with intelligent and complex network attacks.NSSA(Network security situational assessment)has attracted the attention of scholars due to the advantage that it can analyze multi-source data comprehensively.So far,some research achievements have been obtained,but some key technologies still need to be further studied.This dissertation will study the NSSA based on multi-source heterogeneous data fusion,and the algorithm of multi-source fusion as well as the strategy of situation assessment are discussed in detail.The main work and innovation are as follows:Firstly,a network security situation assessment architecture based on multi-source heterogeneous data fusion is constructed.After deeply analyzing the mechanism of NSSA and organically combining threat detection,multi-source fusion,and hierarchical situation assessment,we elaborate a network security situation assessment architecture based on multi-source heterogeneous data fusion,which is made up of traffic analysis module,attribute extraction module,decision engine module,multi-source fusion module and situation assessment module.The function of the traffic analysis module is to analyze flow comprehensively by a variety of detectors;The function of the attribute extraction module is to effectively refine the core attributes,which be beneficial to enhance the effect of identifying network attacks;The function of decision engine module is to train the mapping from the core attributes to attacks scientifically using network characteristic data;The function of multi-source fusion module is to integrate the output of various decision engines organically to improve performance in identifying attack types;The function of situation assessment module is to show the state of the network intuitively in light of the result of multi-source fusion.Secondly,a two-dimensional fusion strategy is proposed,which is composed of multi-evidence fusion and attack probability fusion.In multi-evidence fusion,aiming at the problem that conflict evidences can not be fusion effectively,the probabilities(evidences)output by multiple decision engines are modified based on credibility and incredibility,while credibility is measured by similarity and incredibility is measured by difference.Then,the modified evidences are fused with the exponentially weighted D-S evidence theory.In attack probability fusion,aiming at the problem that directly choosing the attack type corresponding to the maximum probability value as the decision result will seriously affect the accuracy while the probability is similar,attack probability fusion builds a mapping from attack probability generated by multi-evidence fusion to attack type.It can make more scientific decisions.Thirdly,the quantification method of attack and the setting way of weight in the hierarchical assessment method is optimized.In the quantification process of attack,in order to qualitatively analyze the threat,we come up with the classification principle of attack severity level,which references the attack level classification from Snort.Then the weight coefficient method is used to calculate the threat value of network attack.In the process of setting weight,the factors affecting the weight are effectively integrated by the multiplication fusion method.The advantage of this method is that the weights can be adjusted according to the running condition of the network. |
PDF Full Text Request