摘要
工业网络环境极为复杂,涵盖多种协议、设备和系统,这些设备和系统的多样性导致漏洞表现形式各异,难以统一进行关联分析。此外,工业网络中产生的海量数据增加了检测难度,同时数据的准确性和完整性也参差不齐,进一步干扰了关联检测。传统方法仅通过特征相似度的计算来检测漏洞类型,无法正确识别其特征向量所对应的元路径,使得计算的特征相似度出现偏差,进而导致检测结果的准确度下降。因此,提出了基于多源异构图数据的工业网络漏洞关联检测方法,通过定义工业网络有向图的节点与边的映射关系,构建相应的星形异构图。对网络中不同来源的异构图数据分别进行切片处理,并采用以伯恩斯坦多项式为核心的编码器提取异构图的图特征。用提取得到的特征计算相似度,并引入一个损失函数对特征向量元路径对齐的过程进行约束,以此与已知漏洞库关联,得到漏洞检测结果。实验结果表明,该方法表现出的漏报率仅为3.72%、误报率仅为2.49%,检测结果有着较高的准确度,能够为工业网络的运维工作提供有效助力。
The industrial network environment is extremely complex,covering multiple different protocols,devices,and systems.In addition,the diversity of these devices and systems leads to various forms of vulnerability manifestations,making it difficult to conduct unified correlation analysis.The massive amount of data generated in industrial networks increases the difficulty of detection,and the accuracy and completeness of the data also vary,further interfering with correlation detection.Traditional methods only detect vulnerability types through the calculation of feature similarity,which cannot correctly identify the meta paths corresponding to their feature vectors,resulting in deviations in the calculated feature similarity and a decrease in the accuracy of the detection results.Therefore,a vulnerability correlation detection method for industrial networks based on multisource heterogeneous graph data is proposed.By defining the mapping relationship between nodes and edges in an industrial network directed graph,a corresponding star shaped heterogeneous graph is constructed.The heterogeneous graph data from different sources in the network is sliced separately,and an encoder with Bernstein polynomials as the core is adopted to extract the graph features of the heterogeneous graphs.The similarity of the extracted features is calculated,and a loss function is introduced to constrain the alignment process of fea-ture vector element paths,in order to associat with known vulnerability libraries to obtain vulnerability detection results.The experimental results show that the method exhibits a false alarm rate of only 3.72%and a false a-larm rate of only 2.49%.The detection results have high accuracy and can provide effective assistance for the operation and maintenance of industrial networks.
作者
王启蒙
龚亮华
陶松
徐华邵
WANG Qimeng;GONG Lianghua;TAO Song;XU Huashao(Fengtai Tehnology(Beijing)Co.,Ltd.,Beijing 100195,China)
出处
《测控技术》
2025年第9期61-67,共7页
Measurement & Control Technology
基金
国家重点研发计划项目(2023YFB3107300)。
关键词
漏洞检测
网络漏洞
工业网络
多源异构图数据
关联检测
vulnerability detection
network vulnerabilities
industrial network
multi-source heterogeneous graph data
correlation detection
