作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (4): 107-114. doi: 10.19678/j.issn.1000-3428.0053782

• 网络空间安全 • 上一篇    下一篇

基于用户偏好的权重搜索及告警选择方法

李莉, 宋嵩, 李冰珂   

  1. 东北林业大学 信息与计算机工程学院, 哈尔滨 150040
  • 收稿日期:2019-01-22 修回日期:2019-03-19 出版日期:2020-04-15 发布日期:2019-04-11
  • 作者简介:李莉(1977-),女,副教授、博士,主研方向为网络安全、智能计算;宋嵩(通信作者),硕士研究生;李冰珂,硕士研究生。
  • 基金资助:
    国家自然科学基金青年科学基金项目(61601110)。

Weight Search and Alarm Selection Method Based on User Preference

LI Li, SONG Song, LI Bingke   

  1. School of Information and Computer Engineering, Northeast Forestry University, Harbin 150040, China
  • Received:2019-01-22 Revised:2019-03-19 Online:2020-04-15 Published:2019-04-11

摘要: 用户在现有交互方式下选择最为严重的告警时完全依据其个人偏好,而未考虑处理不同告警所需成本的差异性问题。为此,提出一种基于用户偏好的权重搜索及告警选择方法。挖掘用户对不同严重程度告警的偏好值,针对问题的复杂性建立评估函数,并给出偏好权重的选择策略。对不同告警及其对应的用户偏好权重建立效用函数,确定需优先解决的告警,并在成本约束下完成基于用户偏好的告警选择,提高告警处理效率。实验结果表明,该方法能够合理有效地做出告警选择,与基于背包式和设定阈值的方法相比,其告警选择的表现更优。

关键词: 网络安全, 态势感知, 态势评估, 用户偏好, 随机阈值

Abstract: When the user selects the most serious alarm in the existing interaction mode,it is completely based on his personal preferences,without considering the difference in the cost of processing different alarms.To this end,this paper proposes a weight search and alarm selection method based on user preference.In this method,the preference value of user's priority for alarm processing is explored,an evaluation function for the complexity of the problem is constructed and the selection strategy of preference weight is given.Then,the utility function is established for different alarms and their corresponding user preference weights,and the random threshold is set.Accordingly,the alarm selection scheme that needs to be solved first is determined.Under the constraint of cost,the selection is made based on the user's preference and the efficiency of alarm processing is optimized.Experimental results show that the method can reasonably and efficiently make alarm selection,and its performance of alarm selection is better than that of the backpack-based and threshold-based alarm selection method.

Key words: network security, situation awareness, situation assessment, user preference, random threshold

中图分类号: