网络安全态势预测技术研究综述

doi:10.16180/j.cnki.issn1007-7820.2024.08.013

摘要/Abstract

摘要：

为进一步降低多种网络受到攻击的概率,不同类型的网络安全态势预测模型受到了国内外学者的广泛关注和深入研究。随着态势感知模型技术的快速发展,神经网络、时间序列和支持向量机等新颖技术策略被引入网络安全态势的预测模型中,深入优化改进了态势预测模型的原理和手段,进一步提高了态势预测模型的准确性。文中通过回顾和梳理网络安全态势预测技术的研究历史和发展进程,阐述态势预测模型的主要原理和发展现状,分析了当前技术方案存在的不足与缺陷,指出了网络安全态势预测模型技术未来的研究方向。

关键词: 网络安全, 信息安全, 态势预测, 入侵检测, 态势感知, 神经网络, 数据挖掘, 机器学习

Abstract:

In order to further reduce the probability of multiple networks being attacked, different types of network security situation prediction models have received widespread attention and in-depth research from scholars both domestically and internationally. With the rapid development of situational awareness modeling technology, various novel technical solutions such as neural networks, time series, and support vector machines have been introduced into the prediction model of network security situations, deeply optimizing and improving the means and methods of situational prediction models, thereby further improving the accuracy of situational prediction models. This study reviews and sorts out the research history and development process of network security situation prediction technology, elaborates on the main principles and current development status of situation prediction models, analyzes the shortcomings and deficiencies of current technical solutions, and points out the future research directions of network security situation prediction model technology.

Key words: network security, information security, situation prediction, intrusion detection, situational awareness, neural network, data mining, machine learning

中图分类号:

TP393.08

卢臻阳. 网络安全态势预测技术研究综述[J]. 电子科技, 2024, 37(8): 92-96.

LU Zhenyang. Overview of Research on Network Security Situation Prediction Technology[J]. Electronic Science and Technology, 2024, 37(8): 92-96.

参考文献 40

[1]	Ramaki A A, Atani R E. A survey of IT early warning systems:architectures,challenges,and solutions[J]. Security and Communication Networks, 2016, 9(17):4751-4776.
[2]	Kott A. Towards fundamental science of cyber security[J]. Advances in Information Security, 2014, 55(1):1-13.
[3]	Yang S J, Du H, Holsopple J, et al. Attack projection[J]. Cyber Defense and Situational Awareness, 2014, 62(1):239-261.
[4]	Ahmed A A, Zaman N. Attack intention recognition:A review[J]. International Journal of Network Security, 2017, 19(2):244-250.
[5]	Abdlhamed M, Kifayat K, Shi Q, et al. Intrusion prediction systems[M]. Berlin: Springer International Publishing, 2017:126-153.
[6]	Leau Y B, Manickam S. Network security situation prediction:A review and discussion[M]. Heidelberg: Springer Press, 2015:36-60.
[7]	Geib C W, Goldman R P. Plan recognition in intrusion detection systems[C]. Virginia: Proceedings of the DARPA Information Survivability Conference and Exposition,IEEE, 2002:569-577.
[8]	Hughes T, Sheyner O. Attack scenario graphs for computer network threat analysis and prediction[J]. Complexity, 2003, 9(2):15-18.
[9]	Qin X, Lee W. Attack plan recognition and prediction using causal networks[C]. Seattle: Computer Security Applications Conference,IEEE, 2004:1562-1568.
[10]	Li F, Guan X, Guo S, et al. Predicting the intrusion intentions by observing system call sequences[J]. Computers and Security, 2004, 23(3):241-252.
[11]	Peng L, Zhao H. Network security information fusion based security event analysis and prediction model[J]. Journal of Northeastern University, 2005, 26(3):228-231.
[12]	Ramasubramanian P, Kannan A. A genetic-algorithm based neural network short-term forecasting framework for database intrusion prediction system[J]. Soft Computing, 2006, 10(8):699-714.
[13]	Sindhu S, Geetha S, Sivanath S S, et al. A neuro-genetic ensemble short term forecasting framework for anomaly intrusion prediction[C]. Las Vegas: International Conference on Advanced Computing and Communications,IEEE, 2007:698-707.
[14]	Abraham A. Real time intrusion prediction,detection and prevention programs[C]. Las Vegas: IEEE International Conference on Intelligence and Security Informatics, 2008:1782-1788.
[15]	Ahmadi M R. An intrusion prediction technique based on Co-evolutionary immune system for network security:CoCo-IDP[J]. International Journal of Network Security, 2009, 9(3):290-300.
[16]	Tabia K, Leray P. Bayesian network-based approaches for severe attack prediction and handling IDSs' reliability[C]. Istanbul: The Thirteenth International Conference on Information Processing and Management of Uncertainty in Knowledge-Based Systems Applications, 2010:2020-2029.
[17]	Liu X, Fang C, Xiao D. Intrusion diagnosis and prediction with expert system[J]. Security and Communication Networks, 2011, 4(12):1483-1494.
[18]	Sendi A S, Dagenais M, Jabbarifar M, et al. Real time intrusion prediction based on optimized alerts with hidden Markov model[J]. Journal of Networks, 2012, 7(2):311-321.
[19]	Yi Y, Mclaughlin K, Sezer R, et al. Intrusion detection system for network security in synchrophasor systems[C]. Manchester: IET International Conference on Information and Communications Technologies, 2013:633-640.
[20]	Bou-Harb E, Debbabi M, Assi C. Cyber scanning:A comprehensive survey[J]. IEEE Communications Surveys and Tutorials, 2014, 16(3):1496-1519.
[21]	Lv S H, Jian W, Yang Y Q, et al. Intrusion prediction with system-call sequence-to-sequence model[J]. IEEE Access, 2018, 6(11):71413-71421.
[22]	Yadav A, Gupta H, Khatri S K. A security model for intrusion detection and prevention over wireless network[C]. Cairo: The fourth International Conference on Information Systems and Computer Networks, 2019:594-602.
[23]	Choudhary V, Taruna S. An intrusion detection technique using frequency analysis for wireless sensor network:[C]. Dubai: International Conference on Computing,Communication,and Intelligent Systems, 2021:892-899.
[24]	Guezzaz A, Benkirane S, Azrour M, et al. A reliable network intrusion detection approach using decision tree with enhanced data quality[J]. Security and Communication Networks, 2021, 1(3):1-8.
[25]	Yu J, Ye X, Li H. A high precision intrusion detection system for network security communication based on multi-scale convolutional neural network[J]. Future Generations Computer Systems, 2022, 129(1):399-406.
[26]	Attou H, Guezzaz A, Benkirane S, et al. Cloud-based intrusion detection approach using machine learning techniques[J]. Big Data Mining and Analytics, 2023, 6(3):311-320.
[27]	Park H, Jung S O D, Lee H, et al. Cyber weather forecasting:Forecasting unknown internet worms using randomness analysis[M]. Heidelberg: Springer Press, 2012:226-229.
[28]	Zhan Z, Xu M, Xu S. Characterizing honeypot-captured cyber attacks:Statistical framework and case study[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(11):1775-1789.
[29]	Silva A, Pontes E, Zhou F, et al. PRBS/EWMA based model for predicting burst attacks in computer networks[C]. Honolulu: The Ninth International Conference on Digital Information Management ICDIM, 2014:1526-1532.
[30]	Abdullah A B, Pillai T R, Cai L Z. Intrusion detection forecasting using time series for improving cyber defence[J]. International Journal of Intelligent Systems and Applications in Engineering, 2015, 3(1):28-33.
[31]	Pillai T R, Palaniappan S, Abdullah A, et al. Predictive modeling for intrusions in communication systems using GARMA and ARMA models[C]. Pittsburgh:National Symposium on Information Technology: Towards New Smart World,IEEE, 2015:435-443.
[32]	Werner G, Yang S, Mcconky K. Time series forecasting of cyber attack intensity[C]. Paris: Proceedings of the Twelfth Annual Conference on Cyber and Information Security Research, 2017:389-396.
[33]	Qi Y, Shang W, He X. A combined prediction method of industrial internet security situation based on time series[C]. Hohhot: The Ninth International Conference on Communication and Network Security, 2019:205-210.
[34]	Pavol S, Richard S, Andrej G, et al. Network security situation awareness forecasting based on statistical approach and neural networks[J]. Logic Journal of the IGPL, 2022, 31(2):352-374.
[35]	Zhang L, Liu X, Ma J, et al. The prediction algorithm of network security situation based on grey correlation entropy Kalman filtering[C]. Xi'an: IEEE Joint International Information Technology and Artificial Intelligence Conference, 2014:1715-1721.
[36]	Leau Y B, Manickam S. A novel adaptive grey verhulst model for network security situation prediction[J]. International Journal of Advanced Computer Science and Applications, 2016, 7(1):90-95.
[37]	Shen L, Wen Z. Network security situation prediction in the cloud environment based on grey neural network[J]. Journal of Computational Methods in Sciences and Engineering, 2019, 1(4):153-167.
[38]	Zhao G, Liu D, Wang J. Cloud security situation prediction method based on grey wolf optimization and BP neural network[J]. Journal of China University of Posts and Telecommunications(English Edition), 2020, 6(1):30-41.
[39]	Ge L. An improved grey neural network prediction[C]. Kuala Lumpur: Asia-Pacific Conference on Image Processing,Electronics and Computers,IEEE, 2021:1962-1970.
[40]	Ding C, Chen Y, Algarni A M, et al. Application of fractal neural network in network security situation awareness[J]. Fractals, 2022, 30(2):1-13.