基于信息融合的网络安全态势评估模型

针对分布式拒绝服务(DDoS)攻击评估不准确和网络安全态势评估不全面的问题,提出了一种基于信息融合的网络安全态势评估模型。首先,提出了以数据包信息为原始数据的DDoS攻击威胁评估方法,提高了评估的准确性;然后,对原有的通用弱点评价体系(CVSS)进行改进并对漏洞脆弱性进行评估,使得评估更加全面;其次,结合客观权重和主观权重,并以序列二次规划(SQP)算法对组合权重进行寻优,降低了融合的不确定性;最后,将三者进行融合得到网络的安全态势。通过搭建入侵检测平台,利用不同的规则库,针对相同DDoS 攻击的报警数会相差3 个数量级,与依赖报警数评估方法相比,以数据包信息评估DDoS 攻击的方法可得到准确的DDoS攻击威胁态势。仿真对比结果表明,提出的模型和方法能够提高评估结果准确度。

Network security situational awareness model based on information fusion

Since the evaluation of Distributed Denial of Service (DDoS) is inaccurate and network security situational evaluation is not comprehensive, a new network security situational awareness model based on information fusion was proposed. Firstly, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed; Secondly, the original Common Vulnerability Scoring System (CVSS) was improved and the leak vulnerability was evaluated to make the assessment more comprehensive; Then, according to the combination of objective weight and subjective weight, the method of calculating the combined weights and optimizing the results by Sequence Quadratic Program (SQP) algorithm was raised to reduce the uncertainty of fusion; Finally, the network security situation was got by fusing three aspects evaluation. To verify the original evaluation of DDoS was inaccurate, a testing platform was built and the alarm of the same DDoS differed by 3 orders of magnitude. Compared to the original method based on alarm, the steady and accurate result of evaluation was obtained based on data packet. The experimental results show that the proposed method can improve the accuracy of evaluation results.