Network Security Situation Awareness Method Based on Fusion Model

doi:10.19678/j.issn.1000-3428.0069758

Abstract

Abstract:

Cybersecurity threats are becoming increasingly prevalent with the rapid advancement of Internet technologies. Cyberattacks exhibiting high complexity and diversity, are posing significant challenges to existing defense mechanisms. As an emerging concept, situation awareness technology offers new approaches to enhancing cybersecurity defense. However, the current cybersecurity situation awareness methods suffer from limited data feature extraction capabilities and inadequate handling of long-term sequential data. To address these issues, this study proposes a fusion model that integrates Stack Sparse Auto-Encoder (SSAE), Convolutional Neural Network (CNN), Bidirectional Gated Recurrent Unit (BiGRU), and Attention Mechanism (AM). By utilizing SSAE and CNN to extract data features and enhancing the focus on critical information through the AM in the BiGRU model, the proposed model aims to classify the attack categories of abnormal traffic. In conjunction with the network security situational quantification indicators proposed in this study, the network security situation is quantitatively evaluated and classified. The experimental results demonstrate that the proposed fusion model outperforms traditional deep learning models in various metrics, enabling an accurate perception of the network situation.

Key words: situation awareness, threat detection, Stack Sparse Auto-Encoder (SSAE), Convolutional Neural Network (CNN), Bidirectional Gated Recurrent Unit (BiGRU), Attention Mechanism(AM)

摘要：

伴随着网络技术的飞速发展, 网络安全面临的风险也日益增加, 网络攻击呈现复杂化、多样化的特征, 给现有网络攻击应对措施带来了巨大挑战。态势感知技术作为一种新兴概念, 为网络安全领域带来了新的思路。针对现有网络安全态势感知方法存在数据特征提取及较长时间序列数据处理能力不足的问题, 提出一种融合堆栈稀疏自编码器(SSAE)、卷积神经网络(CNN)、双向门控循环单元(BiGRU)和注意力机制(AM)的模型。通过SSAE和CNN提取数据特征, 利用AM强化BiGRU对关键信息的关注度, 实现对异常流量的攻击类别判定, 并结合网络安全态势量化指标, 对网络安全态势进行量化评分并划分等级。实验结果表明, 融合模型在各项指标上均优于传统深度学习模型, 能够准确感知网络态势。

关键词: 态势感知, 威胁检测, 堆叠稀疏自编码器, 卷积神经网络, 双向门控循环单元, 注意力机制

GUO Shangwei, LIU Shufeng, LI Ziming, OUYANG Deqiang, WANG Ning, XIANG Tao. Network Security Situation Awareness Method Based on Fusion Model[J]. Computer Engineering, 2024, 50(11): 1-9.

郭尚伟, 刘树峰, 李子铭, 欧阳德强, 王宁, 向涛. 基于融合模型的网络安全态势感知方法[J]. 计算机工程, 2024, 50(11): 1-9.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0069758

https://www.ecice06.com/EN/Y2024/V50/I11/1

Figures/Tables 12

Fig.1 Framework of network security situation awareness method

Fig.2 Parallel SSAE structure

Fig.3 Threat detection model structure

Fig.4 Network experimental environment

Fig.5 Network security situation awareness experimental results

References 26

1	周泽岩. 论网络空间安全与治理. 信息网络安全, 2020,(S1): 153- 155.
	ZHOU Z Y. On Cyberspace security and governance. Information Network Security, 2020,(S1): 153- 155.
2	孙珵珵. 网络安全治理对策研究. 信息网络安全, 2023, 23(6): 104- 110.
	SUN C C. Research on countermeasures for network security governance. Netinfo Security, 2023, 23(6): 104- 110.
3	CHEN C, YE L, YU X Z, et al. A survey of network security situational awareness technology. Berlin, Germany: Springer International Publishing, 2019.
4	胡庆爽, 李成海, 路艳丽, 等. 基于分级优化置信规则库的网络安全态势预测方法. 计算机工程, 2020, 46(12): 127- 133. doi: 10.19678/j.issn.1000-3428.0059022
	HU Q S, LI C H, LU Y L, et al. Network security situation prediction method based on hierarchical optimization of belief rule base. Computer Engineering, 2020, 46(12): 127- 133. doi: 10.19678/j.issn.1000-3428.0059022
5	李欣, 段詠程. 基于改进隐马尔可夫模型的网络安全态势评估方法. 计算机科学, 2020, 47(7): 287- 291.
	LI X, DUAN Y C. Network security situation assessment method based on improved hidden Markov model. Computer Science, 2020, 47(7): 287- 291.
6	丁华东, 许华虎, 段然, 等. 基于贝叶斯方法的网络安全态势感知模型. 计算机工程, 2020, 46(6): 130- 135. doi: 10.19678/j.issn.1000-3428.0055219
	DING H D, XU H H, DUAN R, et al. Network security situation awareness model based on Bayesian method. Computer Engineering, 2020, 46(6): 130- 135. doi: 10.19678/j.issn.1000-3428.0055219
7	ZHANG H B, YIN Y, ZHAO D M, et al. Network security situational awareness model based on threat intelligence[C]//Proceedings of International Conference on Mobile Multimedia Communications. Berlin, Germany: Springer, 2021: 526-536.
8	王金恒, 单志龙, 谭汉松, 等. 基于遗传优化PNN神经网络的网络安全态势评估. 计算机科学, 2021, 48(6): 338- 342.
	WANG J H, SHAN Z L, TAN H S, et al. Network security situation assessment based on genetic optimized PNN neural network. Computer Science, 2021, 48(6): 338- 342.
9	CHEN Z H. Research on Internet security situation awareness prediction technology based on improved RBF neural network algorithm. Journal of Computational and Cognitive Engineering, 2022, 1(3): 103- 108. doi: 10.47852/bonviewJCCE149145205514
10	杨宏宇, 曾仁韵. 一种深度学习的网络安全态势评估方法. 西安电子科技大学学报, 2021, 48(1): 183- 190.
	YANG H Y, ZENG R Y. A deep learning-based network security situation assessment method. Journal of Xidian University, 2021, 48(1): 183- 190.
11	陈解元. 基于LSTM的卷积神经网络异常流量检测方法. 信息技术与网络安全, 2021, 40(7): 42- 46.
	CHEN J Y. Network intrusion detection based on convolutional neural networks with LSTM. Information Technology and Network Security, 2021, 40(7): 42- 46.
12	杨宏宇, 张梓锌, 张良. 基于并行特征提取和改进BiGRU的网络安全态势评估. 清华大学学报(自然科学版), 2022, 62(5): 842- 848.
	YANG H Y, ZHANG Z X, ZHANG L. Network security situation assessments with parallel feature extraction and an improved BiGRU. Journal of Tsinghua University (Science and Technology), 2022, 62(5): 842- 848.
13	WANG J, JIANG X L, ZHU J. Security situation awareness algorithm of network information transmission based on intelligent computing[C]//Proceedings of the 2nd International Conference on Electronic Information Engineering and Computer Communication (EIECC 2022). Xi'an, China: SPIE, 2023: 564-570.
14	SOKOL P, STA AŇG A R, GAJDOŠ A, et al. Network security situation awareness forecasting based on statistical approach and neural networks. Logic Journal of the IGPL, 2023, 31(2): 352- 374.
15	LU Y, KUANG Y X, YANG Q F. Intelligent prediction of network security situations based on deep reinforcement learning algorithm. Scalable Computing: Practice and Experience, 2024, 25(1): 147- 155.
16	杨志鹏, 刘代东, 袁军翼, 等. 基于自注意力机制的网络局域安全态势融合方法研究. 信息网络安全, 2024, 24(3): 398- 410.
	YANG Z P, LIU D D, YUAN J Y, et al. Research on network local security situation fusion method based on self-attention mechanism. Netinfo Security, 2024, 24(3): 398- 410.
17	SHIN H C, ORTON M R, COLLINS D J, et al. Stacked autoencoders for unsupervised feature learning and multiple organ detection in a pilot study using 4D patient data. IEEE Transactions on Pattern Analysis and Machine Intelligence, 2013, 35(8): 1930- 1943.
18	CHO K, VAN MERRIËNBOER B, GULCEHRE C, et al. Learning phrase representations using RNN encoder-decoder for statistical machine translation[EB/OL]. [2024-03-17]. https://arxiv.org/abs/1406.1078.
19	LUONG M T, PHAM H, MANNING C D. Effective approaches to attention-based neural machine translation[EB/OL]. [2024-03-17]. http://arxiv.org/abs/1508.04025.
20	HU W, LI J, JIANG X. A hierarchical algorithm for cyberspace situational awareness based on analytic hierarchy process. High Technology Letters, 2007, 13(3): 291- 296.
21	刘效武, 王慧强, 吕宏武, 等. 网络安全态势认知融合感控模型. 软件学报, 2016, 27(8): 2099- 2114.
	LIU X W, WANG H Q, LÜ H W, et al. Fusion-based cognitive awareness-control model for network security situation. Journal of Software, 2016, 27(8): 2099- 2114.
22	Forum of Incident Response and Security Teams (FIRST). Common Vulnerability Scoring System (CVSS) specification document[EB/OL]. [2024-03-17]. https://www.first.org/cvss/v3.1/specification-document.
23	国务院. 国家突发公共事件总体应急预案. 北京: 中国法制出版社, 2006.
	The State Council. National emergency response plan for public emergencies. Beijing: China Legal Publishing House, 2006.
24	FERRAG M A, MAGLARAS L, MOSCHOYIANNIS S, et al. Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. Journal of Information Security and Applications, 2020, 50, 102419.
25	ROSAY A, CHEVAL E, CARLIER F, et al. Network intrusion detection: a comprehensive analysis of CIC-IDS2017[C]//Proceedings of the 8th International Conference on Information Systems Security and Privacy. [S. l. ]: Science and Technology Publications, 2022: 25-36.
26	JAVAID A, NIYAZ Q, SUN W Q, et al. A deep learning approach for network intrusion detection system[C]//Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS). New York, USA: ACM Press, 2016: 21-26.

[1]	Huanyu LU, Yonghong ZHANG, Guangyi MA, Donglin XIE, Wei TIAN. Semi-Supervised Adversarial Learning-Based Water Body Extraction from Remote Sensing Images [J]. Computer Engineering, 2024, 50(7): 251-263.
[2]	LI Shuo, ZHAO Chaoyang, QU Yinxuan, LUO Yaping. Application of Deep Learning in Fingerprint Recognition [J]. Computer Engineering, 2024, 50(12): 33-47.
[3]	Shui HU. Intelligent Wargame Deduction Decision Method Based on Deep Reinforcement Learning [J]. Computer Engineering, 2023, 49(9): 303-312.
[4]	RU Niuniu, YU Jinwei, YANG Weihua, BIAN Wei. Video Interpolation Based on Compression and Refined Deep Voxel Flow Model [J]. Computer Engineering, 2022, 48(9): 248-253.
[5]	ZHANG Weicheng, WEI Hongquan, LIU Shuxin, WANG Gengrun. Behavior-based User Anomaly Detection Scheme for 5G MEC [J]. Computer Engineering, 2022, 48(5): 27-34.
[6]	WU Qiyuan, WANG Xiaodong, ZHANG Lianjun, GAO Hailing, ZHAO Shenhao. Crowd Counting Network with Attention Mechanism and Contextual Density Map [J]. Computer Engineering, 2022, 48(5): 235-241,250.
[7]	XIAO Yamin, ZHANG Jiachen, FENG Tie. Single Image Super-Resolution Reconstruction Based on Multi-Windows Residual Network [J]. Computer Engineering, 2021, 47(2): 293-299,306.
[8]	DING Huadong, XU Huahu, DUAN Ran, CHEN Fan. Network Security Situation Awareness Model Based on Bayesian Method [J]. Computer Engineering, 2020, 46(6): 130-135.
[9]	LI Li, SONG Song, LI Bingke. Weight Search and Alarm Selection Method Based on User Preference [J]. Computer Engineering, 2020, 46(4): 107-114.
[10]	LIU Yue, ZHAI Donghai, REN Qingning. News Text Classification Based on CNLSTM Model with Attention Mechanism [J]. Computer Engineering, 2019, 45(7): 303-308,314.
[11]	WANG Pan,CHEN Xuejiao. SAE-based Encrypted Traffic Identification Method [J]. Computer Engineering, 2018, 44(11): 140-147,153.
[12]	GAI Wei-lin, XIN Dan, WANG Lu, LIU Xin, HU Jian-bin. Review of Date Fusion and Decision-making Methods in Situation Awareness [J]. Computer Engineering, 2014, 40(5): 21-25,30.
[13]	CU Yong, WANG Yan, LI Qian-Mu. Network Security Risk Assessment Model and Method Based on Situation Awareness [J]. Computer Engineering, 2013, 39(4): 158-164.
[14]	LIU Yu, LEI Zhi-Gang, LIU Bao-Xu. Loose Coupling Network Security Situation Awareness Model [J]. Computer Engineering, 2012, 38(14): 8-12.
[15]	HE Ying-jie; WANG Hui-qiang; ZHOU Ren-jie. Real-time Network Topology Discovery for Network Situation Awareness [J]. Computer Engineering, 2009, 35(24): 127-129.

Please choose a citation manager

Content to export