网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (2): 39-47.doi: 10.11959/j.issn.2096-109x.2022022

• 专栏:网络攻击与防御技术 • 上一篇    下一篇

基于证据理论物联网安全态势感知方法研究

李剑1, 董廷鲁1, 李劼2   

  1. 1 北京邮电大学人工智能学院,北京 100876
    2 北京邮电大学计算机学院(国家示范性软件学院),北京 100876
  • 修回日期:2022-01-08 出版日期:2022-04-15 发布日期:2022-04-01
  • 作者简介:李剑(1976− ),男,陕西西安人,北京邮电大学教授、博士生导师,主要研究方向为智能网络安全和量子密码学
    董廷鲁(1996− ),男,山东齐河人,北京邮电大学硕士生,主要研究方向为大数据与网络信息处理
    李劼(1977− ),男,北京人,北京邮电大学讲师,主要研究方向为知识图谱和强化学习
  • 基金资助:
    国家自然科学基金(61472048)

Research on IoT security situation awareness method based on evidence theory

Jian LI1, Tinglu DONG1, Jie LI2   

  1. 1 School of Artificial Intelligence, Beijing University of Posts and Telecommunications, Beijing 100876, China
    2 School of Computer Science(National Pilot Software Engineering School), Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Revised:2022-01-08 Online:2022-04-15 Published:2022-04-01
  • Supported by:
    The National Natural Science Foundation of China(61472048)

摘要:

社会物联网技术迅速发展,安全问题日益严重,对简便易用的物联网安全态势感知方法进行了研究。针对当前物联网安全态势感知系统缺乏通用性、过分依赖专家知识的缺点,提出了一种基于改进D-S证据理论的物联网安全态势感知方法。利用模糊高斯隶属函数计算漏洞信息隶属度矩阵,归一化后作为证据分布矩阵;利用改进Topsis方法衡量证据可信度,聚合两两证据间的局部可信度,根据态势评估场景改进期望正负解向量,充分抑制冲突性证据可信度,提高相互支持证据间可信度,利用加权平均方法进行漏洞信息融合得到态势评估结果;基于时间因子折扣和高危漏洞比例折扣证据理论融合形成态势感知结果,利用时间因子聚合多个态势评估数据,根据时间尺度对不同时刻的态势评估证据进行折扣,越接近当前时刻的证据折扣度越小,反之越大。同时,综合考虑不同时刻物联网漏洞信息,利用高危漏洞比例信息进行自适应动态加权,把不同时刻的高危信息折扣入识别框架,系统的危险变化信息集中体现在证据融合过程中。经过实验表明,在不同数量证据体融合和4种常见冲突证据融合中,改进Topsis方法对可信命题的融合概率更高;在态势评估方面,准确评估当前系统危险程度;在态势感知方面,折扣理论可以充分预测高风险和紧急风险概率,比传统D-S证据理论更加有效。根据所提理论设计了一种物联网安全态势感知方法流程用于指导工程实践,未来在漏洞信息利用方面,可以考虑漏洞间的关联关系,提炼漏洞间更丰富的态势信息,使态势评估的结果更加准确合理,也可以借鉴博弈论的思想在攻击者、防御者动态博弈过程中进行态势感知。

关键词: D-S证据理论, 态势感知, 物联网安全, 时间演化, 通用漏洞评分系统

Abstract:

The security problem of IoT became more and more serious with its rapid development.Considering that the current IoT security situation awareness system lacks generality and excessively relies on expert knowledge, a IoT security situation awareness method based on improved D-S evidence theory was proposed in this paper.Fuzzy Gaussian membership function was used to calculate the vulnerability information membership matrix, which was normalized as evidence distribution matrix.The improved Topsis method was used to measure the evidence credibility.In order to fully restrain the credibility of conflicting evidence and improve the credibility of mutually supporting evidence, local credibility between two evidence was aggregated and the expected positive and negative solution vectors were improved according to the situation assessment scenario.And the weighted average method was used for vulnerability information fusion, to obtain the result of situational assessment.The result of situational awareness was fused with the time discount and high-risk vulnerability information discount evidence theory.At the same time, the IoT vulnerability information at different moments was considered comprehensively, the evidence was adaptively and dynamically weighted with the ratio information of high-risk vulnerability.The experimental results show that in the fusion of different numbers of evidence bodies and four common conflicting evidence, the improved Topsis method has higher fusion probability on credible proposition.In the aspect of situation assessment, the risk degree of current system is accurately assessed.And in the aspect of situational awareness, this discount evidence theory can predict the probability of high risk and critical risk, which is more effective than the traditional D-S evidence theory.According to this theory, a IoT security situational awareness method process was proposed, which would be used to guide engineering practice.In the future, the relationship between vulnerabilities can be considered and richer information between vulnerabilities can be extracted for vulnerability exploiting, so that the result of situation assessment is more accurate and reasonable.On the other hand, for situational awareness, game theory can be adopted in the process of dynamic game between the attacker and defender.

Key words: D-S evidence theory, situation awareness, IoT security, time evolution, CVSS

中图分类号: 

No Suggested Reading articles found!