摘要
针对传统设备监控网络安全态势识别方法存在的识别时间长以及识别准确性较低的问题,提出了基于数据挖掘技术的设备监控网络安全态势识别方法。利用IDMEF模型规范化与融合处理多源报警信息,以融合结果为基础,利用数据挖掘技术中的Apriori算法挖掘多步攻击序列集合,结合DS证据理论进行设备监控网络安全态势判定,从而实现设备监控网络安全态势识别。实验结果显示,提出方法的多步攻击序列集合挖掘时间以及网络安全态势识别时间更短,网络安全态势识别准确性更高,充分证实了该方法具备更好的应用性能,适合大力推广与使用。
Aiming at the problems of long recognition time and low recognition accuracy existing in traditional methods of equipment monitoring network security situation recognition,this paper proposes a method of equipment monitoring network security situation recognition based on data mining technology.This paper uses IDMEF model to normalize and fuse multi-source alarm information.Based on the fusion results,Apriori algorithm in data mining technology is used to mine multi-step attack sequence set,and DS evidence theory is used to determine the security situation of equipment monitoring network,so as to realize the security situation identification of equipment monitoring network.The experimental results show that the mining time of multi-step attack sequence and the time of network security situation recognition are shorter,and the accuracy of network security situation recognition is higher.It is fully proved that the method has better application performance and is suitable for popularization and use.
作者
王刚
WANG Gang(Shanxi Police College,Xi’an 710021,China)
出处
《自动化与仪器仪表》
2021年第8期31-34,39,共5页
Automation & Instrumentation
基金
陕西省教育厅2018年度专项科学研究计划资助:虚拟现实技术在犯罪现场重现中的应用研究(No.18JK0961)。
关键词
数据挖掘技术
设备监控网络
网络安全态势
识别
data mining technology
equipment monitoring network
network security situation
identification
