基于PSO-TSA模型的网络安全态势要素识别研究
来源:用户上传
作者:张克君 郑炜 于新颖 王航宇 王志强
摘要:针对网络安全态势感知技术中态势要素提取的质量与效率较低的问题,提出了融合粒子群(Particle Swarm Optimization,PSO)和模拟退火(Simulated Annealing,SA)的态势要素识别模型PSO-TSA.在位置更新模块,利用Metropolis准则对PSO算法中的个体极值和全局极值进行退火优化,增加粒子的选择性,提高态势要素提取质量.在参数优化模块,利用Metropolis 准则优化PSO算法中的参数,并对参数优化过程和粒子适应度同时进行评价,避免算法陷入局部最优,提高态势要素识别效率.按照目前网络状态的实际需求,选择了37个网络安全数据字段,搭建了小型网络环境,以获取更加真实的网络安全数据集SDS-W.在开放网络安全数据集和获取的SDS-W数据集上分别进行态势要素识别实验,实验证明,PSO-TSA在时间成本保持不变甚至更少的基础上,态势要素识别的精确度平均提升了5%~7%.
关键词:网络安全态势感知;态势要素识别;粒子群算法;模拟退火算法
中图分类号:TN915.08文献标志码:A
Research on Recognition of Network Security Situation Elements Based on PSO-TSA Model
ZHANG Kejun ZHENG Wei YU Xinying WANG Hangyu WANG Zhiqiang1
(1. Department of Cyberspace Security,Beijing Electronic Science and Technology Institute,Beijing 10007 China;
2. College of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China)
Abstract:Given the low quality and efficiency of situation element extraction in network security situation awareness techniques,this paper proposes a situation element identification model incorporating particle swarm optimization and simulated annealing (PSO-TSA). In the position update module,the Metropolis criterion is utilized to optimize the individual and global extremum in the PSO algorithm to increase the selectivity of the particles and improve the quality of the situation elements extraction. In the parameter optimization module,the parameters in the PSO algorithm are optimized using the Metropolis criterion,and the parameter optimization process and particle fitness are evaluated simultaneously to rid the local optimum and improve the efficiency of the situation element recognition. Due to the actual needs of the current network state,this paper selects 37 network security data fields and establishes a small network environment to obtain a more realistic network security dataset SDS-W. This paper conducts experiments of the situation element recognition on the open cybersecurity dataset and the SDS-W,respectively. Experiments show that PSO-TSA improves the accuracy of situation element recognition by an average of 5% to 7% while the time cost remains the same or even less.
Key words:network security situation awareness;situation element recognition;Particle Swarm Optimization;Simulated Annealing
S着信息技术的不断发展,当前的网络规模具有多节点、多分支、多网段、大流量等特点,网络安全问题越来越严峻.传统的监测方法和防护手段已经无法满足新的安全需求.网络安全态势感知(Network Security Situation Awareness,NSSA)能在复杂的网络环境中实时感知网络的安全风险,安全分析人员能结合网络安全环境,快速、准确地做出判断,将风险和损失降到最低[1].网络安全态势要素识别是NSSA的基础,也是直接影响NSSA性能的关键因素之一.
nlc202208291654
转载注明来源:https://www.xzbu.com/4/view-15438667.htm