一种深度学习的网络安全态势评估方法

doi:10.19665/j.issn1001-2400.2021.01.021

Abstract

Abstract:

The traditional methods for assessment of network security situation rely on manual label and evaluation.When faced with a large amount of data,there appearsome problems such as low efficiency and poor flexibility.First,we propose a Deep Autoencoder-Deep Neural Network (DAEDNN) model to identify all kinds of attacks on the network.Then,the Under-Over Sampling Weighted (UOSW) algorithm is designed to improve the detection rate of the model on categories with a few training samples.Finally,we conduct model testing and calculate the attack probability.Besides,we determine the impact score of each type of attack and calculate the network security situation value.Experimental results show that the precision and recall of the proposed model are better than those of the compared models,and that the proposed model has a better performance in accuracy and efficiency.

Key words: network security situation assessment, network attacks, deep learning, deep autoencoder, data resampling

CLC Number:

TP309

YANG Hongyu,ZENG Renyun. Method for assessment of network security situation with deep learning[J].Journal of Xidian University, 2021, 48(1): 183-190.

Figures/Tables 8

References 15

[1]	国家互联网应急中心.2019年上半年我国互联网网络安全态势[EB/OL].[ 2020- 07- 16]. http://www.cac.gov.cn/2019-08/13/c_1124871484.htm.
[2]	YAO J Y, FAN X N, CAO N. Survey of Network Security Situational Awareness [C]//Lecture Notes in Computer Science:11982.Heidelberg:Springer, 2019: 34-44.
[3]	ZHAO X L, XU H, WANG T, et al. Research on Multidimensional System Security Assessment Based on AHP and Gray Correlation [C]// Communications in Computer and Information Science:1149.Heidelberg:Springer Verlag, 2019: 177-192.
[4]	ALALI M, ALMOGREN A, HASSAN M M, et al. Improving Risk Assessment Model of Cyber Security Using Fuzzy Logic Inference System[J]. Computers and Security, 2018,74:323-339.
[5]	DONG G S, LI W C, WANG S W, et al. The Assessment Method of Network Security Situation Based on Improved BP Neural Network [C]//Advances in Intelligent Systems and Computing:905.Heidelberg:Springer Verlag, 2020: 67-76.
[6]	文志诚, 曹春丽, 周浩. 基于朴素贝叶斯分类器的网络安全态势评估方法[J]. 计算机应用, 2015,35(8):2164-2168.
	WEN Zhicheng, CAO Chunli, ZHOU Hao. Network Security Situation Assessment Method Based on Naive Bayes Classifier[J]. Journal of Computer Applications, 2015,35(8):2164-2168.
[7]	HU J J, MA D Y, LIU C, et al. Network Security Situation Prediction Based on MR-SVM[J]. IEEE Access, 2019,7:130937-130945.
[8]	HODO E, BELLEKENS X, HAMILTON A, et al. Shallow and Deep Networks Intrusion Detection System:a Taxonomy and Survey[J/OL].[2020-11-01].https://arxiv.org/pdf/1701.02145.pdf.
[9]	ALTHUBITI S A, JONES E M, ROY K. LSTM for Anomaly-based Network Intrusion Detection [C]//Proceedings of the 2018 28th International Telecommunication Networks and Applications Conference.Piscataway:IEEE, 2018: 8615300.
[10]	NIYAZ Q, SUN W Q, JAVAID A Y, et al. A Deep Learning Approach for Network Intrusion Detection System [C]//Proceedings of the 2015 EAI International Conference on Bio-inspired Information and Communications Technologies.Heidelberg:Springer, 2015: 21-26.
[11]	HINTON G E, SALAKHUTDINOV R R. Reducing the dimensionality of data with neural networks[J]. Science, 2006,313(5786):504-507. doi: 10.1126/science.1127647 pmid: 16873662
[12]	BALA R, NAGPAL R. A Review on KDD Cup99 and NSL-KDD Dataset[J]. International Journal of Advanced Research in Computer Science. 2019,10(2):64-67.
[13]	CHAWLA N V, BOWYER K W, HALL L O, et al. SMOTE:Synthetic Minority Over-sampling Technique[J]. Journal of Artificial Intelligence Research, 2002,16(1):321-357.
[14]	CVSS.Common Vulnerability Scoring System version 3.1:Specification Document CVSS Version 3.1 Release[S/OL].[2020-07-20].https://www.first.org/cvss/specification-document.
[15]	国务院. 国家突发公共事件总体应急预案[M]. 北京: 中国法制出版社, 2006.

数据集	Normal	DoS	Probe	R2L	U2R	Total
KDDTrain+	67 343	45 927	11 656	995	52	125 973
KDDTest+	9 710	7 456	2 421	2 754	202	22 543

攻击类型	描述
拒绝服务(Denial of Service ,DoS)	这种攻击会使计算机或网络停止服务,使其目标用户无法访问。DoS攻击通过向目标发送大量流量或信息来实现这一点
获取权限(User to Root,U2R)	这种攻击通过非法手段,尝试获取根账户的权限
远程入侵(Remote to Local,R2L)	这种攻击使入侵者能够访问原本没有账户的本地计算机
探测攻击(Probe)	这种攻击收集网络信息,这些信息是发起其他攻击之前所必需的
正常流量(Normal)	正常的网络流量

指标	影响程度	影响值
机密性(C)	无(N)/低(L)/高(H)	0/0.22/0.56
完整性(I)	无(N)/低(L)/高(H)	0/0.22/0.56
可用性(A)	无(N)/低(L)/高(H)	0/0.22/0.56

Method for assessment of network security situation with deep learning

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 15

Related Articles 15

Metrics

Comments

Recommended 10

[1]	WANG Yong,JIN Weizhao,FENG Wei,QUAN Yinghui. Improved violent behavior detection method for the R(2+1)D network [J]. Journal of Xidian University, 2022, 49(2): 155-163.
[2]	GAO Jie,HUO Zhiyong. Algorithmfor image inpainting in generative adversarial networks based on gated convolution [J]. Journal of Xidian University, 2022, 49(1): 216-224.
[3]	ZHANG Yan,WANG Xiangyu,ZHANG Zhongwei,SUN Yemei,LIU Shudong. Boundary-aware network for building extraction from remote sensing images [J]. Journal of Xidian University, 2022, 49(1): 236-244.
[4]	LIU Jiawei,ZHANG Wenhui,KOU Xiaoli,LI Yanni. Harnessing adversarial examples via input denoising and hidden information restoring [J]. Journal of Xidian University, 2021, 48(6): 23-31.
[5]	SONG Jianfeng,MIAO Qiguang,WANG Chongxiao,XU Hao,YANG Jin. Multi-scale single object tracking based on the attention mechanism [J]. Journal of Xidian University, 2021, 48(5): 110-116.
[6]	LI Peng,FENG Cunqian,XU Xuguang,TANG Zixiang. Ballistic target fretting classification network based on Bayesian optimization [J]. Journal of Xidian University, 2021, 48(5): 139-148.
[7]	ZHANG Yuhao,CHENG Peitao,ZHANG Shuhao,WANG Xiumei. Lightweight image super-resolution with the adaptive weight learning network [J]. Journal of Xidian University, 2021, 48(5): 15-22.
[8]	YAN Jia,CAO Yudong,REN Jiaxing,CHEN Donghao,LI Xiaohui. Deep asymmetric compression Hashing algorithm [J]. Journal of Xidian University, 2021, 48(5): 212-221.
[9]	NING Yang,DU Jianchao,HAN Shuo,YANG Chuankai. Fire segmentation based on the improved DeeplabV3+ and the analytical method for fire development [J]. Journal of Xidian University, 2021, 48(5): 38-46.
[10]	ZHOU Peng,YANG Jun. Semantic segmentation of remote sensing images based on neural architecture search [J]. Journal of Xidian University, 2021, 48(5): 47-57.
[11]	QI Yanjun,KONG Yueping,WANG Jiajing,ZHU Xudong. Gait recognition method combining LSTM and CNN [J]. Journal of Xidian University, 2021, 48(5): 78-85.
[12]	HUI Haisheng,ZHANG Xueying,WU Zelin,LI Fenglian. Method for stroke lesion segmentation using the primary-auxiliary path attention compensation network [J]. Journal of Xidian University, 2021, 48(4): 200-208.
[13]	SUN Haojie,LI Miaoyu,ZHANG Panpan,XU Pengfei. Self-supervised facial asymmetry learning for automatic evaluation of facial paralysis [J]. Journal of Xidian University, 2021, 48(3): 115-122.
[14]	ZHANG Hua,GAO Haoran,YANG Xingguo,LI Wenmin,GAO Fei,WEN Qiaoyan. TargetedFool:an algorithm for achieving targeted attacks [J]. Journal of Xidian University, 2021, 48(1): 149-159.
[15]	ZHANG Lu,SUN Rong,LIU Jingwei. Cloned piggybacking framework for distributed storage [J]. Journal of Xidian University, 2020, 47(6): 139-147.