摘要
针对基于数据类别标记的监督式网络数据建模方式在评估网络威胁态势时存在计算成本高,效率低和耗时长的问题,该文提出一种基于无监督生成推理的网络安全威胁态势评估方法。首先,设计一种变分自动编码器-生成式对抗网络(VAE-GAN)模型,将只包含正常网络流量的训练数据集输入到由VAE-GAN组成的网络集合层进行训练,统计每层网络输出的重构误差,并使用输出层的3层变分自动编码器训练重构误差;然后使用包含异常网络流量的测试数据集进行分组威胁测试,统计每组测试的威胁发生概率;最后根据威胁发生概率确定网络安全威胁严重度,结合威胁影响度计算威胁态势值对网络安全威胁态势进行评估。仿真实验结果表明,与反向传播(BP)和径向基函数(RBF)方法相比,该方法能够更直观地评估网络威胁的整体态势,对网络威胁具有更好的表征效果。
Supervised network data modeling based on data category tags is computationally expensive,inefficient and requires long time for network threat assessments.This paper presents a network security threat assessment method based on unsupervised generation reasoning.A variant auto encoder-generative adversarial network(VAE-GAN)model is designed with training data set containing only normal network traffic input to the network collection layer of the VAE-GAN while monitoring the reconstruction error of each layer network output and a 3-layer variant auto encoder of the output layer is used to train the reconstruction error with a test data set used for group threat testing while monitoring the threat occurrence probability for each group of tests.Finally,the severities of the network security threats are determined based on the threat occurrence probability with a threat situation impact factor used to calculate the threat level to quantify the network security threat.Simulations show that this method more intuitively evaluates the overall network security threat than back propagation(BP)and radical basis function(RBF)methods and more effectively characterizes the network threat.
作者
杨宏宇
王峰岩
吕伟力
YANG Hongyu;WANG Fengyan;Lü Weili(School of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China;Pipeline Changchun Transmission and Oil Company,China National Petroleum Corporation,Changchun 130000,China)
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2020年第6期474-484,共11页
Journal of Tsinghua University(Science and Technology)
基金
国家自然科学基金民航联合研究项目(U1833107)。
