基于无监督多源数据特征解析的网络威胁态势评估

doi:10.11959/j.issn.1000-436x.2020015

Abstract

Abstract:

Aiming at the limitations of supervised neural network in the network threat testing task relying on data category tagging,a network threat situation evaluation method based on unsupervised multi-source data feature analysis was proposed.Firstly,a variant auto encoder-generative adversarial network (V-G) for security threat assessment was designed.The training data set containing only normal network traffic was input to the network collection layer of V-G to perform the model training,and the reconstruction error of the network output of each layer was calculated.Then,the reconstruction error learning was performed by the three-layer variation automatic encoder of the output layer,and the training abnormal threshold was obtained.The packet threat was tested by using the test data set containing the abnormal network traffic,and the probability of occurrence of the threat of each group of tests was counted.Finally,the severity of the network security threat was determined according to the probability of threat occurrence,and the threat situation value was calculated according to the threat impact to obtain the network threat situation.The simulation results show that the proposed method has strong characterization ability for network threats,and can effectively and intuitively evaluate the overall situation of network threat.

Key words: unsupervised, multi-source data feature analysis, V-G, threat probability, threat situation assessment

CLC Number:

TP309

Hongyu YANG,Fengyan WANG. Network threat situation assessment based on unsupervised multi-source data feature analysis[J]. Journal on Communications, 2020, 41(2): 143-154.

Figures/Tables 20

References 12

[1]	YANG M , JIANG R , GAO T L ,et al. Research on cloud computing security risk assessment based on information entropy and Markov chain[J]. International Journal of Network Security, 2018,20(4): 664-673.
[2]	WANG H , CHEN Z , FENG X ,et al. Research on network security situation assessment and quantification method based on analytic hierarchy process[J]. Wireless Personal Communications, 2018,102(2): 1401-1420.
[3]	SALLAM H . Cyber security risk assessment using multi fuzzy inference system[J]. International Journal of Engineering and Innovative Technology, 2015,4(8): 13-19.
[4]	文志诚, 陈志刚, 唐军 . 基于信息融合的网络安全态势量化评估方法[J]. 北京航空航天大学学报, 2016,42(8): 1593-1602.
	WEN Z C , CHEN Z G , TANG J . Network security situation quantitative evaluation method based on information fusion[J]. Journal of Beijing University of Aeronautics and Astronautics, 2016,42(8): 1593-1602.
[5]	FENG W , WU Y , FAN Y . A new method for the prediction of network security situations based on recurrent neural network with gated recurrent unit[J]. International Journal of Intelligent Computing and Cybernetics, 2018,11(4): 511-525.
[6]	HE F , ZHANG Y , LIU D ,et al. Mixed wavelet-based neural network model for cyber security situation prediction using modwt and hurst exponent analysis[C]// International Conference on Network and System Security. Springer-Verlag, 2017: 99-111.
[7]	DOERSCH C . Tutorial on variational autoencoders[J]. arXiv Preprint arXiv:1606.05908, 2016.
[8]	GOODFELLOW I J , POUGET-ABADIE J , MIRZA M .et al. Generative adversarial nets[C]// The 27th International Conference on Neural Information Processing Systems. MIT Press, 2014: 1-9.
[9]	LAENG E , MORPURGO C . An uncertainty inequality involving L1 norms[J]. Proceedings of the American Mathematical Society, 1999,127(12): 3565-3572.
[10]	MELL P , SCARFONE K , ROMANOSKY S . Common vulnerability scoring system[J]. IEEE Security and Privacy Magazine, 2012,4(6): 85-89.
[11]	唐成华, 余顺争 . 一种基于似然 BP 的网络安全态势预测方法[J]. 计算机科学, 2009,36(11): 97-100.
	TANG C H , YU S Z . A network security situation prediction method based on likelihood BP[J]. Computer Science, 2009,36(11): 97-100.
[12]	赖智全 . 基于混合优化RBF神经网络的网络安全态势预测模型[D]. 兰州:兰州大学, 2017.
	LAI Z Q . Network security situation prediction model based on hybrid optimization RBF neural network[D]. Lanzhou:Lanzhou University, 2017.

Metrics

Recommended 0

No Suggested Reading articles found!

无监督网络模型	优点	缺点
VAE	与AE和GAN相比，VAE在编码过程中通过对原始样本添加高斯噪声，使编码器能够更好地学习数据的先验分布，样本生成多样性更好	在度量生成样本与原始样本的相似度时，只能通过误差函数对数据元素间的相似度误差进行粗略计算，可能导致样本匹配的准确度降低
GAN	GAN 对生成样本与原始样本进行误差度量时，重构误差由参数化后的GAN 的判别器决定，由于判别器为神经网络，其进行误差度量时是特征（语义）层面的，而不是简单的数据元素相似度误差计算，而 VAE进行误差度量时，直接计算两者数据元素之间的KL散度和损失函数值，较简单，相比而言GAN的判别标准更高	生成器对真实样本分布的拟合不易收敛到一个较好的结果，且容易导致生成样本的多样性减少或者陷入模式坍塌（MC,model collapse）

数据集	数据量/条	类别/种	流量数据来源
HTTP CSIC 2010	61 000	16	Web应用程序
ADFA-LD	5 925	6	Linux主机异常
ISOT	1 675 424	19	混合僵尸网络
UNSW-NB15	257 673	10	DDoS匿名攻击

攻击类型	编号	态势指标
	1	文件泄露
Web攻击	2	XSS漏洞
	3	参数篡改
	4	拒绝用户访问
DDoS匿名流量攻击	5	渗透攻击
	6	非法系统访问
	7	暴力破解
主机异常检测流量	8	后门攻击
	9	服务器攻击
	10	传输的数据分组数量
混合僵尸网络流量	11	平均有效载荷长度
	12	连接持续时间

威胁严重度	概率区间	说明
安全	0.00～0.20	网络运行稳定正常，没有超出正常认知的恶意行为或具有严重威胁的安全漏洞被发现
低危	0.21～0.40	网络运行受到轻微影响，有少量威胁的安全漏洞被发现
中危	0.41～0.60	网络运行受到一定影响，有较高威胁级别的安全漏洞被发现
高危	0.61～0.80	网络运行受到较大影响，Web 攻击、非法访问等活动增加，多种威胁类型被发现
超危	0.81～1.00	网络运行受到严重影响，有大量异常攻击行为和威胁级别很高的安全漏洞被发现

影响度	概率区间		影响指标
影响度	概率区间	机密性（C）	完整性（I）	可用性（A）
无影响	0.00～0.40	0	0	0
低影响	0.41～0.80	0.22	0.22	0.22
高影响	0.80～1.00	0.56	0.56	0.56

Network threat situation assessment based on unsupervised multi-source data feature analysis

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 20

References 12

Related Articles 8

Metrics

Recommended 0

优化算法	迭代次数/次	时间/s	RMSE
GD	220	348	0.35
NM	210	366	0.37
GN	200	323	0.32
LM	240	341	0.08

编号	威胁概率	威胁严重度	威胁影响度
1	0.187	安全	无影响
2	0.275	低危	无影响
3	0.238	低危	无影响
4	0.426	中危	低影响
5	0.557	中危	低影响
6	0.262	低危	无影响
7	0.358	低危	无影响
8	0.685	高危	高影响
9	0.504	中危	低影响
10	0.281	低危	无影响

[1]	Yuling LIU, Cuilin WANG, Zhangjie FU. Generative text steganography method based on emotional expression in semantic space [J]. Journal on Communications, 2023, 44(4): 176-186.
[2]	Qiqi KOU, Ji HUANG, Deqiang CHENG, Yunlong LI, Jianying ZHANG. Person re-identification with intra-domain similarity grouping based on semantic fusion [J]. Journal on Communications, 2022, 43(7): 153-162.
[3]	Wenlin ZHANG, Xuepeng LIU, Tong NIU, Qi CHEN, Dan QU. Self-supervised speech representation learning based on positive sample comparison and masking reconstruction [J]. Journal on Communications, 2022, 43(7): 163-171.
[4]	Zeyu WANG, Shuhui BU, Wei HUANG, Yuanpan ZHENG, Qinggang WU, Huawen CHANG, Xu ZHANG. Unsupervised domain adaptation multi-level adversarial network for semantic segmentation based on multi-modal features [J]. Journal on Communications, 2022, 43(12): 157-171.
[5]	Wei LIU, Cheng CHEN, Rui JIANG, Tao LU. Four-path unsupervised learning-based image defogging network [J]. Journal on Communications, 2022, 43(10): 210-222.
[6]	Jie LAI, Xiaodan WANG, Qian XIANG, Yafei SONG, Wen QUAN. Review on autoencoder and its application [J]. Journal on Communications, 2021, 42(9): 218-230.
[7]	Chunxiang GU,Weisen WU,Ya’nan SHI,Guangsong LI. Method of unknown protocol classification based on autoencoder [J]. Journal on Communications, 2020, 41(6): 88-97.
[8]	Ya-jian ZHOU,CHEN XU,Ji-guo LI. Unsupervised anomaly detection method based on improved CURE clustering algorithm [J]. Journal on Communications, 2010, 31(7): 18-23.