CN102694800A - Gaussian process regression method for predicting network security situation - Google Patents

Gaussian process regression method for predicting network security situation Download PDF

Info

Publication number
CN102694800A
CN102694800A CN2012101574447A CN201210157444A CN102694800A CN 102694800 A CN102694800 A CN 102694800A CN 2012101574447 A CN2012101574447 A CN 2012101574447A CN 201210157444 A CN201210157444 A CN 201210157444A CN 102694800 A CN102694800 A CN 102694800A
Authority
CN
China
Prior art keywords
network security
msub
security situation
gaussian process
mrow
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2012101574447A
Other languages
Chinese (zh)
Inventor
李元诚
王宇飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
North China Electric Power University
Original Assignee
North China Electric Power University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by North China Electric Power University filed Critical North China Electric Power University
Priority to CN2012101574447A priority Critical patent/CN102694800A/en
Publication of CN102694800A publication Critical patent/CN102694800A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a gaussian process regression method for predicting a network security situation in the technical field of network information security. According to the invnetion, a hierarchical network security situation evaluation index system is structured by using an analytic hierarchy process; the damage degree of various network security threats to the network security situation is analyzed by the system so as to calculate a network security situation value of each time monitoring point and structure a time sequence and then structure into a training sample set; the training sample set is subjected to iterative training by utilizing gaussian process regression so as to obtain a prediction model meeting an error requirement; an optimal training parameter of the gaussian process regression is dynamically searched by utilizing an particle swarm optimization in the training process so as to reduce a prediction error, and finally the prediction of the network security situation value of the time monitoring point in the future is finished by utilizing the prediction mode. The gaussian process regression method provided by the invnetion has the beneficial effects of better adaptability and lower prediction error in the respect of reducing the prediction error of the network security situation.

Description

Gaussian process regression method for network security situation prediction
Technical Field
The invention belongs to the technical field of network information security, and particularly relates to a Gaussian process regression method for network security situation prediction.
Background
The popularity and technological innovation of the Internet has profoundly changed human lives and also brought about serious network security problems. Various network security problems emerge endlessly at present, various network attacks gradually show development trends of distribution, scale, complication, indirection and the like, and current network security equipment has no relatively perfect security alarm mechanism, so that the network security equipment has very important theoretical significance and practical significance for accurate alarm of future network security trends. At present, the mainstream method is to predict the network security situation value of a target network node in the future time so as to realize network security early warning. The prediction means of the network security situation value mainly abstracts a target problem into a regression problem by using an artificial intelligence algorithm, and solves the network security situation value of a future time node by constructing a regression model.
The construction of the network security situation evaluation index system requires the calculation of the influence factors, namely the weights, of various network attacks on the network security situation values. The construction method of the evaluation index system directly determines whether the network security situation value can accurately reflect the actual situation of the current network.
The calculation of the network security situation value requires that the times of various network attacks occurring at a certain time node are multiplied by the weights of the various network attacks, and then the sum is obtained, so that the network security situation value of the time node is obtained.
The current prediction method of the network security situation value is mainly based on methods such as an artificial neural network, a support vector machine and a Bayesian network, but the problems of large prediction errors are generally found in practical application.
Disclosure of Invention
The invention discloses a Gaussian process regression method for predicting network security situation aiming at the defects. The invention introduces an Analytic Hierarchy Process (AHP) so as to obtain an evaluation index system capable of accurately reflecting the current network security condition.
The Gaussian process regression method for predicting the network security situation comprises the following steps:
1) constructing a hierarchical network security situation evaluation index system T by using an analytic hierarchy process, and calculating to obtain a total sequencing weight matrix omega of the network security situation evaluation index system T;
2) sequentially inputting historical intrusion detection results of the network security equipment into a network security situation evaluation index system T according to the time sequence to obtain a network security situation value V at the 1 st moment1Network security situation value V to the m-th momentm
3) Using sliding window method to convert V1~VmIs configured to time-series S, S ═ V1…Vm};
Then, the time sequence S is randomly divided according to a fixed proportion to obtain GaussReadable training sample set S in program regression methodtrainAnd a test sample set Stest(ii) a Guarantee training sample set StrainAnd a test sample set StestThe data format required by the Gaussian process regression method is met;
4) training sample set S by using Gaussian process regression methodtrainPerforming iterative training to obtain a temporary prediction model H, and performing error correction on the temporary prediction model H by using a particle swarm algorithm to obtain a prediction model H meeting error expectation;
5) and (4) completing the prediction of the network security situation value at the future moment by using the prediction model H.
The structure of the network security situation evaluation index system T is as follows: the network security situation evaluation index system T is divided into three layers, wherein the upper layer is a target layer, and the content of the target layer is a network security situation value; the middle layer is a criterion layer, the contents of which are strong hazard degree, medium hazard degree and weak hazard degree, and the strong hazard degree, the medium hazard degree and the weak hazard degree are divided according to the hazard degree of the network security threat; the lower layer is an index layer with the content of the 1 st network security threat x1To nth network security threat xn
The calculation process of the total ranking weight matrix ω is as follows: first, threat x to type 1 network security1To nth network security threat xnThen, according to the analytic hierarchy process, respectively calculating the network security threat x in the ithiFor the influence coefficients of the strong hazard degree, the medium hazard degree and the weak hazard degree, i is 1 to n; and calculating final influence coefficients of the strong hazard degree, the medium hazard degree and the weak hazard degree on the network security situation value respectively, and finally obtaining a total sequencing weight matrix omega of the network security situation evaluation index system T.
The step 2) comprises the following steps:
21) counting the intrusion detection result r of the network security equipment at the j momentjJ is 1 to m; r isjIs a matrix of 1 x n, and the matrix is,wherein,
Figure BDA00001657628700032
toRespectively indicate that: at time j, 1 st cyber-security threat x1To nth network security threat xnThe number of occurrences;
22) will r isjMultiplying the total sorting weight matrix omega of the network security situation evaluation index system T to obtain the network security situation value V at the j momentj
The fixed ratio is 3: 2.
The step 4) specifically comprises the following steps:
41) in the particle swarm algorithm, the following parameters are set: maximum iteration number of 100, population size of 10, initial inertial weight omega1=0.8, terminating the inertial weight ωT=0.1, 2 for both learning factors 1 and 2, and a particle velocity interval of [0, 0.5%];
42) Setting a kernel function type of a Gaussian process regression method;
43) normalized training sample set StrainAnd a test sample set Stest
44) The particle swarm algorithm transfers the initial training parameters to a Gaussian process regression method which is implemented by carrying out regression on a training sample set StrainObtaining a temporary prediction model h by training; the initial training parameters refer to random training parameters initially generated by a particle swarm algorithm;
45) by testing the sample set StestCalculating a training error epsilon of the temporary prediction model h;
46) if the training error epsilon of the temporary prediction model h meets the preset periodThe final prediction model H is obtained when the value theta is observed, otherwise, new training parameters are iteratively generated by a Gaussian process regression method according to the particle swarm optimization, and the new training parameters are obtained by carrying out the iteration on a training sample set StrainThereby updating the temporary prediction model h;
47) when one of the following two conditions is satisfied, executing step 48), otherwise, returning to execute step 45); the first condition is: the iteration times of the Gaussian process regression method reach the maximum iteration times of 100; the second condition is: the temporary prediction model h meets a preset expected value;
48) and outputting the final prediction model H.
The preset desired value θ is 85%.
In the new training parameters iteratively generated by the Gaussian process regression method according to the particle swarm algorithm, the iterative process of the particle swarm algorithm is as follows:
the Particle Swarm Optimization (PSO) is initialized, an initial population consisting of 10 particles is randomly constructed, and the b-th particle in the initial population is assigned with an initial position
Figure BDA00001657628700051
And initial velocityb, taking 1 to 10; calculating a fitness function F (b) of each particle in the initial population, if the minimum value min (F (b)) of the fitness functions F (b) of all the particles in the initial population is less than or equal to theta, taking the particle corresponding to min (F (b)) as the optimal solution of the problem to be solved, otherwise, updating the speed and the position of the particle according to the following three formulas, namely performing population iteration;
<math> <mrow> <msubsup> <mi>V</mi> <mi>b</mi> <mrow> <mi>k</mi> <mo>+</mo> <mn>1</mn> </mrow> </msubsup> <mo>=</mo> <msub> <mi>&omega;</mi> <mi>b</mi> </msub> <msubsup> <mi>V</mi> <mi>b</mi> <mi>k</mi> </msubsup> <mo>+</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>&CenterDot;</mo> <msub> <mi>r</mi> <mn>1</mn> </msub> <mo>&CenterDot;</mo> <mrow> <mo>(</mo> <msub> <mi>p</mi> <mi>best</mi> </msub> <mo>-</mo> <msubsup> <mi>X</mi> <mi>b</mi> <mi>k</mi> </msubsup> <mo>)</mo> </mrow> <mo>+</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>&CenterDot;</mo> <msub> <mi>r</mi> <mn>2</mn> </msub> <mo>&CenterDot;</mo> <mrow> <mo>(</mo> <msub> <mi>g</mi> <mi>best</mi> </msub> <mo>-</mo> <msubsup> <mi>X</mi> <mi>b</mi> <mi>k</mi> </msubsup> <mo>)</mo> </mrow> </mrow> </math>
X b k + 1 = X b k + V b k + 1
<math> <mrow> <msub> <mi>&omega;</mi> <mi>b</mi> </msub> <mo>=</mo> <msub> <mi>&omega;</mi> <mn>1</mn> </msub> <mo>-</mo> <mfrac> <mrow> <msub> <mi>&omega;</mi> <mn>1</mn> </msub> <mo>-</mo> <msub> <mi>&omega;</mi> <mrow> <mi>b</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </mrow> <mi>k</mi> </mfrac> </mrow> </math>
wherein; pbestRefers to the individual optimal positions through which all particles pass; gbestbThe optimal position through which the population passes; k is the number of iterations, r1And r2Is [0,1 ]]A random number in between; c1And C21 st learning factor and 2 nd learning factor respectively;
Figure BDA00001657628700056
and
Figure BDA00001657628700057
respectively indicate that: the iteration times are k-1 times and the position of the b-th particle when k times;and
Figure BDA00001657628700059
respectively indicate that: the speed of the b-th particle when the iteration times are k-1 times and k times; omega0And ω1Is the initial inertial weight, ω2To omegabThe (b) th inertia weight is the 2 nd inertia weight value; omega01=0.8。
The invention has the beneficial effects that: the method and the device for predicting the network security situation not only overcome the defects of the prior situation prediction technology, but also improve the accuracy of prediction.
Drawings
FIG. 1 is a flow chart of a method for predicting network security posture;
FIG. 2 is a flow chart of a process for generating an evaluation index system of network security situation based on an analytic hierarchy process;
FIG. 3 is a schematic diagram of a sliding window method;
FIG. 4 is a flow chart of Gaussian process regression algorithm training;
Detailed Description
The preferred embodiments will be described in detail below with reference to the accompanying drawings. It should be emphasized that the following description is merely exemplary in nature and is not intended to limit the scope of the invention or its application.
The establishment of a network security situation evaluation index system and the calculation of situation values are the premise of network security situation prediction. Therefore, the method introduces an analytic hierarchy process to analyze original various network security threats so as to obtain a hierarchical evaluation index system; after a hierarchical evaluation index system is obtained, a network security situation value can be calculated, and a discrete time sequence is constructed into a training sample set and a test sample set according to a sliding window method; inputting the training sample set into a Gaussian process regression algorithm, training the training sample set by the Gaussian process regression algorithm to obtain a temporary prediction model, and performing error detection on the temporary prediction model by using the test sample set to obtain a final prediction model meeting error requirements; and finally, the final prediction model is used for completing the prediction of the network security situation value. Therefore, from local to overall, the Gaussian process regression algorithm can be suitable for the more general network security situation prediction problem.
Fig. 1 is a flowchart of a network security situation prediction method based on gaussian process regression according to the present invention.
The Gaussian process regression method for predicting the network security situation comprises the following steps of:
1) constructing a hierarchical network security situation evaluation index system T by using an analytic hierarchy process, and calculating to obtain a total sequencing weight matrix omega of the network security situation evaluation index system T; to analyze the 1 st cyber-security threat x1To nth network security threat xnThe degree of harm to the network security situation; n is a network security threat speciesThe sum of classes;
AHP (analytic hierarchy process) is to quantify the qualitative problem which is difficult to quantify through strict mathematical operation, and to integrate the complex decision problem which originally mixes the quantification and the qualitative into a unified whole, and then to make comprehensive analysis and evaluation. The AHP solving process is as follows: firstly, decomposing the problem to be decided into different layers according to the sequence of a target layer, a criterion layer and a specific scheme, and establishing a hierarchical structure and pairwise judgment matrixes; then solving the characteristic vector of the judgment matrix to obtain the priority weight of each element of each layer relative to the element of the previous layer; and finally, carrying out hierarchical merging on the final weight of each scheme to the target layer by using a weighted summation method, wherein the scheme with the maximum final weight value is the optimal scheme. The AHP solving process can be summarized as "decomposition- > judgment- > synthesis". AHP is applicable to evaluation and decision problems that have hierarchical structures and are difficult to describe quantitatively.
As shown in fig. 2, the structure of the network security situation evaluation index system T is as follows: the network security situation evaluation index system T is divided into three layers, wherein the upper layer is a target layer, and the content of the target layer is a network security situation value; the middle layer is a criterion layer, the contents of which are strong hazard degree, medium hazard degree and weak hazard degree, and the strong hazard degree, the medium hazard degree and the weak hazard degree are divided according to the hazard degree of the network security threat; the lower layer is an index layer with the content of the 1 st network security threat x1To nth network security threat xn
The calculation process of the total ranking weight matrix ω is as follows: first, threat x to type 1 network security1To nth network security threat xnThen, according to the analytic hierarchy process, respectively calculating the network security threat x in the ithiFor the influence coefficients of the strong hazard degree, the medium hazard degree and the weak hazard degree, i is 1 to n; and calculating final influence coefficients of the strong hazard degree, the medium hazard degree and the weak hazard degree on the network security situation value respectively, and finally obtaining a total sequencing weight matrix omega of the network security situation evaluation index system T.
The step 1) is specifically described as follows:
firstly, the network attack weight is assigned
And (3) giving 1-5 measures by experts in the related field according to the hazard degrees of various network attacks, namely giving weights to the network attacks, wherein the hazard degree of 5 is the highest, the hazard degree of 1 is the lowest, and finally, the average weights of various network threats are calculated by combining a Delphi method.
The second step is that: and determining final weight distribution of an evaluation system by using AHP, wherein the detailed process is as follows:
(1) two-by-two comparison matrix a is calculated, for the element i and the element j under the same criterion, which is more important than the criterion, the two elements need to be quantized, using the scales of tables 1-5 below,
TABLE 1 judge matrix Scale and its meanings
Figure BDA00001657628700081
(2) Calculating the relative weight of each element under a certain criterion, and passing AX = lambdamaxX calculates the eigenvector X, lambda of the matrix AmaxThe characteristic value with the maximum index value is obtained, and ω X is unitized and used as the weight of each element under the criterion;
(3) obtaining a total sorting weight matrix of a calculation index system through matrix multiplication;
(4) and (5) matrix consistency checking. Let the consistency index of the matrix be CI, CI = (lambda)max-n)/(n-1), where n is the judgment matrix dimension; RI is an average consistency index, and specific values are shown in Table 2; CR is the random consistency ratio of the judgment matrix, CR = CI/RI, and when CR is less than or equal to 0.1, the matrix satisfies consistency.
TABLE 2 average consistency index values
Figure BDA00001657628700091
2) Sequentially inputting historical intrusion detection results of the network security equipment into a network security situation evaluation index system T according to the time sequence to obtain a network security situation value V at the 1 st moment1Network security situation value V to m-th timem(ii) a The 1 st time to the mth time are arranged according to the time sequence;
the step 2) comprises the following steps:
21) counting the intrusion detection result r of the network security equipment at the j momentjJ is 1 to m; r isjIs a matrix of 1 x n, and the matrix is,wherein,
Figure BDA00001657628700093
to
Figure BDA00001657628700094
Respectively indicate that: at time j, 1 st cyber-security threat x1To nth network security threat xnThe number of occurrences;
22) will r isjMultiplying the total ordering weight matrix omega of the network security situation evaluation index system T, wherein omega is an n multiplied by 1 matrix, thereby obtaining the network security situation value V at the j momentj
3) Using sliding window method to convert V1~VmIs configured to time-series S, S ═ V1…Vm}; if the sliding window size is set to be 4 and the sliding step length is set to be 1, S1={V1,V2,V3,V4};S2={V2,V3,V4,V5},S3={V3,V4,V5,V6And so on, as shown in FIG. 3, as at S1In the middle, the network security situation value V at the 1 st moment1And the network security situation value V at the 2 nd moment2And the network security situation value V at the 3 rd moment3And a network security situation value V at the 4 th moment4To predict the network security situation value V at the 5 th moment5Then, by analogy, a time series S is obtained.
Then, the time sequence S is randomly divided according to a fixed proportion to obtain a training sample set S readable in a Gaussian Process Regression (GPR) methodtrainAnd a test sample set Stest(ii) a Guarantee training sample set StrainAnd a test sample set StestThe data format required by the Gaussian process regression method is met; the fixed ratio is 3: 2.
4) Training sample set S by using Gaussian process regression methodtrainPerforming iterative training to obtain a temporary prediction model H, and performing error correction on the temporary prediction model H by using a Particle Swarm Optimization (PSO) to obtain a prediction model H meeting error expectation;
the step 4) specifically comprises the following steps:
41) in the particle swarm algorithm, the following parameters are set: maximum iteration number of 100, population size of 10, initial inertial weight omega1=0.8, terminating the inertial weight ωT=0.1, 2 for both learning factors 1 and 2, and a particle velocity interval of [0, 0.5%];
42) Setting a kernel function type of a Gaussian process regression method;
43) normalized training sample set StrainAnd a test sample set Stest
44) The particle swarm algorithm transfers the initial training parameters to a Gaussian process regression method which is implemented by carrying out regression on a training sample set StrainObtaining a temporary prediction model h by training; the initial training parameters refer to random training parameters initially generated by a particle swarm algorithm; when the kernel function is Gaussian kernel function, the initial training parameter is kernel wide parameterThe number "and the" penalty factor ".
45) By testing the sample set StestCalculating a training error epsilon of the temporary prediction model h;
46) if the training error epsilon of the temporary prediction model H meets the preset expected value theta, the temporary prediction model H is the final prediction model H, otherwise, the Gaussian process regression method iteratively generates new training parameters according to the particle swarm algorithm by aiming at the training sample set StrainThereby updating the temporary prediction model h;
47) when one of the following two conditions is satisfied, executing step 48), otherwise, returning to execute step 45); the first condition is: the iteration times of the Gaussian process regression method reach the maximum iteration times of 100; the second condition is: the temporary prediction model h meets a preset expected value;
48) and outputting the final prediction model H.
The gaussian process regression method is one of the most common stochastic process models in engineering problems. In the field of machine learning, a Gaussian process regression method is a machine learning method developed on the basis of a Gaussian random process and a Bayesian learning theory, has a strict statistical learning theory basis, and has good adaptability to processing complex problems such as high dimension, small samples, nonlinearity and the like. Under the condition of not sacrificing performance, compared with an artificial neural network, the Gaussian process has the characteristic of easy realization; the method has flexible nonparametric inference capability, namely, algorithm parameters of a Gaussian process can be obtained in a self-adaptive manner in the model construction process; meanwhile, the Gaussian process is a nuclear learning machine with probability significance, probability explanation can be made on the prediction output, and a modeler can evaluate the uncertainty of the model prediction output through a confidence interval. Therefore, the gaussian process has been the focus of research in the field of machine learning and has been successfully applied in many fields. FIG. 4 is a training process of the Gaussian process regression method.
Of particular note is the particle swarm optimization algorithm mentioned in step 4, which searches the optimal training parameters of the gaussian process regression, so as to reduce the training error of the gaussian process regression, and the process is as follows:
the Particle Swarm Optimization (PSO) is initialized, an initial population consisting of 10 particles is randomly constructed, and the b-th particle in the initial population is assigned with an initial position
Figure BDA00001657628700121
And initial velocity
Figure BDA00001657628700122
b, taking 1 to 10; calculating a fitness function F (b) of each particle in the initial population, if the minimum value min (F (b)) of the fitness functions F (b) of all the particles in the initial population is less than or equal to theta, taking the particle corresponding to min (F (b)) as the optimal solution of the problem to be solved, otherwise, updating the speed and the position of the particle according to the following three formulas, namely performing population iteration;
<math> <mrow> <msubsup> <mi>V</mi> <mi>b</mi> <mrow> <mi>k</mi> <mo>+</mo> <mn>1</mn> </mrow> </msubsup> <mo>=</mo> <msub> <mi>&omega;</mi> <mi>b</mi> </msub> <msubsup> <mi>V</mi> <mi>b</mi> <mi>k</mi> </msubsup> <mo>+</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>&CenterDot;</mo> <msub> <mi>r</mi> <mn>1</mn> </msub> <mo>&CenterDot;</mo> <mrow> <mo>(</mo> <msub> <mi>p</mi> <mi>best</mi> </msub> <mo>-</mo> <msubsup> <mi>X</mi> <mi>b</mi> <mi>k</mi> </msubsup> <mo>)</mo> </mrow> <mo>+</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>&CenterDot;</mo> <msub> <mi>r</mi> <mn>2</mn> </msub> <mo>&CenterDot;</mo> <mrow> <mo>(</mo> <msub> <mi>g</mi> <mi>best</mi> </msub> <mo>-</mo> <msubsup> <mi>X</mi> <mi>b</mi> <mi>k</mi> </msubsup> <mo>)</mo> </mrow> </mrow> </math>
X b k + 1 = X b k + V b k + 1
<math> <mrow> <msub> <mi>&omega;</mi> <mi>b</mi> </msub> <mo>=</mo> <msub> <mi>&omega;</mi> <mn>1</mn> </msub> <mo>-</mo> <mfrac> <mrow> <msub> <mi>&omega;</mi> <mn>1</mn> </msub> <mo>-</mo> <msub> <mi>&omega;</mi> <mrow> <mi>b</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </mrow> <mi>k</mi> </mfrac> </mrow> </math>
wherein; pbestRefers to the individual optimal positions through which all particles pass; gbestbThe optimal position through which the population passes; k is the number of iterations, r1And r2Is [0,1 ]]A random number in between; c1And C21 st learning factor and 2 nd learning factor respectively;
Figure BDA00001657628700126
and
Figure BDA00001657628700127
respectively indicate that: the number of iterations is k-1 and kThe position of the next b-th particle;
Figure BDA00001657628700128
and
Figure BDA00001657628700129
respectively indicate that: the speed of the b-th particle when the iteration times are k-1 times and k times; omega0And ω1Is the initial inertial weight, ω2To omegabThe (b) th inertia weight is the 2 nd inertia weight value; omega0=ω1=0.8。
ωbDetermining the optimizing convergence capability of the particle swarm algorithm when the omega isbWhen the total convergence is larger, the total convergence is stronger, when omega is largerbSmaller, stronger local convergence, sobThe updating formula can ensure that the particle swarm algorithm has strong global convergence capability in the early stage and strong local convergence capability in the later stage. When min (F (i) ≦ θ in a certain iteration occurs or the number of iterations reaches T, the algorithm terminates.
5) And (4) completing the prediction of the network security situation value at the future moment by using the prediction model H.
After the training and learning of the 5 steps, a network security situation value prediction model based on Gaussian process regression is formed, and therefore accurate prediction of situation values of future time monitoring points is achieved.
Compared with the traditional method, the method has better prediction precision in the aspect of predicting the network security situation value, and improves the practicability of network security situation prediction.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (8)

1. The Gaussian process regression method for predicting the network security situation is characterized by comprising the following steps of:
1) constructing a hierarchical network security situation evaluation index system T by using an analytic hierarchy process, and calculating to obtain a total sequencing weight matrix omega of the network security situation evaluation index system T;
2) sequentially inputting historical intrusion detection results of the network security equipment into a network security situation evaluation index system T according to the time sequence to obtain a network security situation value V at the 1 st moment1Network security state by mth momentPotential value Vm
3) Using sliding window method to convert V1~VmIs configured to time-series S, S ═ V1…Vm}; then, the time sequence S is randomly divided according to a fixed proportion to obtain a readable training sample set S in a Gaussian process regression methodtrainAnd a test sample set Stest(ii) a Guarantee training sample set StrainAnd a test sample set StestThe data format required by the Gaussian process regression method is met;
4) training sample set S by using Gaussian process regression methodtrainPerforming iterative training to obtain a temporary prediction model H, and performing error correction on the temporary prediction model H by using a particle swarm algorithm to obtain a prediction model H meeting error expectation;
5) and (4) completing the prediction of the network security situation value at the future moment by using the prediction model H.
2. The Gaussian process regression method for network security situation prediction according to claim 1, wherein the structure of the network security situation evaluation index system T is as follows: the network security situation evaluation index system T is divided into three layers, wherein the upper layer is a target layer, and the content of the target layer is a network security situation value; the middle layer is a criterion layer, the contents of which are strong hazard degree, medium hazard degree and weak hazard degree, and the strong hazard degree, the medium hazard degree and the weak hazard degree are divided according to the hazard degree of the network security threat; the lower layer is an index layer with the content of the 1 st network security threat x1To nth network security threat xn
3. The method of claim 1, wherein the total ranking weight matrix ω is calculated as follows: first, threat x to type 1 network security1To nth network security threat xnThen, according to the analytic hierarchy process, respectively calculating the network security threat x in the ithiFor the influence coefficients of strong hazard degree, medium hazard degree and weak hazard degree, i is 1 ton; and calculating final influence coefficients of the strong hazard degree, the medium hazard degree and the weak hazard degree on the network security situation value respectively, and finally obtaining a total sequencing weight matrix omega of the network security situation evaluation index system T.
4. The Gaussian process regression method for network security situation prediction according to claim 1, wherein the step 2) comprises the following steps:
21) counting the intrusion detection result r of the network security equipment at the j momentjJ is 1 to m; r isjIs a matrix of 1 x n, and the matrix is,
Figure FDA00001657628600021
wherein,
Figure FDA00001657628600022
to
Figure FDA00001657628600023
Respectively indicate that: at time j, 1 st cyber-security threat x1To nth network security threat xnThe number of occurrences;
22) will r isjMultiplying the total sorting weight matrix omega of the network security situation evaluation index system T to obtain the network security situation value V at the j momentj
5. The method of Gaussian process regression for network security situation prediction according to claim 1, wherein the fixed ratio is 3: 2.
6. The method for gaussian process regression for network security situation prediction according to claim 1, wherein the step 4) specifically comprises the following steps:
41) in the particle swarm algorithm, the following parameters are set: maximum iteration number of 100, population size of 10, initial inertial weight omega1=0.8, terminating the inertial weight ωT=0.1, 1 st learning factorAnd 2 nd learning factor are both 2, the particle velocity interval is [0, 0.5 ]];
42) Setting a kernel function type of a Gaussian process regression method;
43) normalized training sample set StrainAnd a test sample set Stest
44) The particle swarm algorithm transfers the initial training parameters to a Gaussian process regression method which is implemented by carrying out regression on a training sample set StrainObtaining a temporary prediction model h by training; the initial training parameters refer to random training parameters initially generated by a particle swarm algorithm;
45) by testing the sample set StestCalculating a training error epsilon of the temporary prediction model h;
46) if the training error epsilon of the temporary prediction model H meets the preset expected value theta, the temporary prediction model H is the final prediction model H, otherwise, the Gaussian process regression method iteratively generates new training parameters according to the particle swarm algorithm by aiming at the training sample set StrainThereby updating the temporary prediction model h;
47) when one of the following two conditions is satisfied, executing step 48), otherwise, returning to execute step 45); the first condition is: the iteration times of the Gaussian process regression method reach the maximum iteration times of 100; the second condition is: the temporary prediction model h meets a preset expected value;
48) and outputting the final prediction model H.
7. The method of claim 6, wherein the predetermined expected value θ is 85%.
8. The Gaussian process regression method for network security situation prediction according to claim 6, wherein in the new training parameters iteratively generated by the Gaussian process regression method according to the particle swarm optimization, the process of iteration performed by the particle swarm optimization is as follows:
the Particle Swarm Optimization (PSO) is initialized first, and an initial population consisting of 1O particles is randomly constructedAnd assigning an initial position to the b-th particle in the initial populationAnd initial velocity
Figure FDA00001657628600042
b, taking 1 to 10; calculating a fitness function F (b) of each particle in the initial population, if the minimum value min (F (b)) of the fitness functions F (b) of all the particles in the initial population is less than or equal to theta, taking the particle corresponding to min (F (b)) as the optimal solution of the problem to be solved, otherwise, updating the speed and the position of the particle according to the following three formulas, namely performing population iteration;
<math> <mrow> <msubsup> <mi>V</mi> <mi>b</mi> <mrow> <mi>k</mi> <mo>+</mo> <mn>1</mn> </mrow> </msubsup> <mo>=</mo> <msub> <mi>&omega;</mi> <mi>b</mi> </msub> <msubsup> <mi>V</mi> <mi>b</mi> <mi>k</mi> </msubsup> <mo>+</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>&CenterDot;</mo> <msub> <mi>r</mi> <mn>1</mn> </msub> <mo>&CenterDot;</mo> <mrow> <mo>(</mo> <msub> <mi>p</mi> <mi>best</mi> </msub> <mo>-</mo> <msubsup> <mi>X</mi> <mi>b</mi> <mi>k</mi> </msubsup> <mo>)</mo> </mrow> <mo>+</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>&CenterDot;</mo> <msub> <mi>r</mi> <mn>2</mn> </msub> <mo>&CenterDot;</mo> <mrow> <mo>(</mo> <msub> <mi>g</mi> <mi>best</mi> </msub> <mo>-</mo> <msubsup> <mi>X</mi> <mi>b</mi> <mi>k</mi> </msubsup> <mo>)</mo> </mrow> </mrow> </math>
X b k + 1 = X b k + V b k + 1
<math> <mrow> <msub> <mi>&omega;</mi> <mi>b</mi> </msub> <mo>=</mo> <msub> <mi>&omega;</mi> <mn>1</mn> </msub> <mo>-</mo> <mfrac> <mrow> <msub> <mi>&omega;</mi> <mn>1</mn> </msub> <mo>-</mo> <msub> <mi>&omega;</mi> <mrow> <mi>b</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </mrow> <mi>k</mi> </mfrac> </mrow> </math>
wherein; pbestRefers to the individual optimal positions through which all particles pass; gbestbThe optimal position through which the population passes; k is the number of iterations, r1And r2Is [ O, 1 ]]A random number in between; c1And C21 st learning factor and 2 nd learning factor respectively;
Figure FDA00001657628600046
and
Figure FDA00001657628600047
respectively indicate that: the iteration times are k-1 times and the position of the b-th particle when k times;and
Figure FDA00001657628600049
respectively indicate that: the speed of the b-th particle when the iteration times are k-1 times and k times; omega0And ω1Is the initial inertial weight, ω2To omegabThe (b) th inertia weight is the 2 nd inertia weight value; omega0=ω1=0.8。
CN2012101574447A 2012-05-18 2012-05-18 Gaussian process regression method for predicting network security situation Pending CN102694800A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2012101574447A CN102694800A (en) 2012-05-18 2012-05-18 Gaussian process regression method for predicting network security situation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2012101574447A CN102694800A (en) 2012-05-18 2012-05-18 Gaussian process regression method for predicting network security situation

Publications (1)

Publication Number Publication Date
CN102694800A true CN102694800A (en) 2012-09-26

Family

ID=46860087

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2012101574447A Pending CN102694800A (en) 2012-05-18 2012-05-18 Gaussian process regression method for predicting network security situation

Country Status (1)

Country Link
CN (1) CN102694800A (en)

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103345661A (en) * 2013-07-10 2013-10-09 大连海事大学 Ship grid reconstruction method based on ring topology gauss dynamic particle swarm optimization algorithm
CN104794534A (en) * 2015-04-16 2015-07-22 国网山东省电力公司临沂供电公司 Power grid security situation predicting method based on improved deep learning model
WO2015143873A1 (en) * 2014-03-25 2015-10-01 Tencent Technology (Shenzhen) Company Limited Method and apparatus for acquiring training parameters for a model
CN105844425A (en) * 2016-04-11 2016-08-10 全球能源互联网研究院 Comprehensive assessing method for security threat situations in electric cyber physical system
CN106203627A (en) * 2016-07-08 2016-12-07 中国电子科技集团公司电子科学研究院 A kind of method that network target range is evaluated
CN106372799A (en) * 2016-08-31 2017-02-01 全球能源互联网研究院 Power grid security risk prediction method
CN106506485A (en) * 2016-10-26 2017-03-15 中国电子产品可靠性与环境试验研究所 Cyberspace security postures perception analysis method and system
CN106953862A (en) * 2017-03-23 2017-07-14 国家电网公司 The cognitive method and device and sensor model training method and device of network safety situation
CN107347064A (en) * 2017-06-29 2017-11-14 厦门日华科技股份有限公司 Cloud computing platform Tendency Prediction method based on neural network algorithm
CN108614778A (en) * 2018-05-10 2018-10-02 天津大学 Prediction technique is changed based on the Android App program evolutions that Gaussian process returns
CN108830405A (en) * 2018-05-29 2018-11-16 东北电力大学 Real-time electric power load prediction system and method based on multi objective Dynamic Matching
CN108881250A (en) * 2018-06-28 2018-11-23 广东电网有限责任公司 Powerline network security postures prediction technique, device, equipment and storage medium
CN109034905A (en) * 2018-08-03 2018-12-18 四川长虹电器股份有限公司 The method for promoting sales volume prediction result robustness
CN109298351A (en) * 2018-09-30 2019-02-01 清华大学深圳研究生院 A kind of new energy on-vehicle battery remaining life estimation method based on model learning
CN109299555A (en) * 2018-09-30 2019-02-01 上海机电工程研究所 Infrared Imaging Seeker anti-jamming performance evaluation method and system
CN109379334A (en) * 2018-09-12 2019-02-22 中国人民解放军战略支援部队信息工程大学 The adaptive construction method of network security risk evaluation index weights and device
CN110650040A (en) * 2019-09-17 2020-01-03 中国民航大学 Information system security situation evaluation method based on correction matrix-entropy weight membership cloud
CN110954105A (en) * 2019-11-26 2020-04-03 东软集团股份有限公司 Vehicle position prediction method, vehicle position prediction device, storage medium and electronic equipment
CN111917785A (en) * 2020-08-06 2020-11-10 重庆邮电大学 Industrial internet security situation prediction method based on DE-GWO-SVR
CN112424715A (en) * 2018-08-23 2021-02-26 三菱动力株式会社 Prediction device, prediction method, and program
CN114037145A (en) * 2021-11-05 2022-02-11 河北师范大学 Network security situation prediction method and system
CN115051827A (en) * 2022-04-17 2022-09-13 昆明理工大学 Network security situation prediction method combining twin architecture and multi-source information fusion

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098180A (en) * 2011-02-17 2011-06-15 华北电力大学 Network security situational awareness method
CN102185735A (en) * 2011-04-26 2011-09-14 华北电力大学 Network security situation prediction method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098180A (en) * 2011-02-17 2011-06-15 华北电力大学 Network security situational awareness method
CN102185735A (en) * 2011-04-26 2011-09-14 华北电力大学 Network security situation prediction method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
高昆仑等: "基于支持向量机和粒子群算法的信息网络安全态势复合预测模型", 《电网技术》 *

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103345661A (en) * 2013-07-10 2013-10-09 大连海事大学 Ship grid reconstruction method based on ring topology gauss dynamic particle swarm optimization algorithm
WO2015143873A1 (en) * 2014-03-25 2015-10-01 Tencent Technology (Shenzhen) Company Limited Method and apparatus for acquiring training parameters for a model
US9892368B2 (en) 2014-03-25 2018-02-13 Tencent Technology (Shenzhen) Company Limited Method and apparatus for acquiring training parameters to calibrate a model
CN104794534A (en) * 2015-04-16 2015-07-22 国网山东省电力公司临沂供电公司 Power grid security situation predicting method based on improved deep learning model
CN104794534B (en) * 2015-04-16 2017-12-15 国网山东省电力公司临沂供电公司 A kind of power grid security Tendency Prediction method based on improvement deep learning model
CN105844425A (en) * 2016-04-11 2016-08-10 全球能源互联网研究院 Comprehensive assessing method for security threat situations in electric cyber physical system
CN106203627A (en) * 2016-07-08 2016-12-07 中国电子科技集团公司电子科学研究院 A kind of method that network target range is evaluated
CN106372799B (en) * 2016-08-31 2021-10-29 全球能源互联网研究院 Power grid security risk prediction method
CN106372799A (en) * 2016-08-31 2017-02-01 全球能源互联网研究院 Power grid security risk prediction method
CN106506485A (en) * 2016-10-26 2017-03-15 中国电子产品可靠性与环境试验研究所 Cyberspace security postures perception analysis method and system
CN106953862A (en) * 2017-03-23 2017-07-14 国家电网公司 The cognitive method and device and sensor model training method and device of network safety situation
CN107347064A (en) * 2017-06-29 2017-11-14 厦门日华科技股份有限公司 Cloud computing platform Tendency Prediction method based on neural network algorithm
CN107347064B (en) * 2017-06-29 2020-12-08 厦门日华科技股份有限公司 Cloud computing platform situation prediction method based on neural network algorithm
CN108614778A (en) * 2018-05-10 2018-10-02 天津大学 Prediction technique is changed based on the Android App program evolutions that Gaussian process returns
CN108830405A (en) * 2018-05-29 2018-11-16 东北电力大学 Real-time electric power load prediction system and method based on multi objective Dynamic Matching
CN108830405B (en) * 2018-05-29 2021-11-30 东北电力大学 Real-time power load prediction system and method based on multi-index dynamic matching
CN108881250A (en) * 2018-06-28 2018-11-23 广东电网有限责任公司 Powerline network security postures prediction technique, device, equipment and storage medium
CN109034905A (en) * 2018-08-03 2018-12-18 四川长虹电器股份有限公司 The method for promoting sales volume prediction result robustness
CN112424715A (en) * 2018-08-23 2021-02-26 三菱动力株式会社 Prediction device, prediction method, and program
CN109379334B (en) * 2018-09-12 2021-05-07 中国人民解放军战略支援部队信息工程大学 Network security risk assessment index weight self-adaptive construction method and device
CN109379334A (en) * 2018-09-12 2019-02-22 中国人民解放军战略支援部队信息工程大学 The adaptive construction method of network security risk evaluation index weights and device
CN109298351A (en) * 2018-09-30 2019-02-01 清华大学深圳研究生院 A kind of new energy on-vehicle battery remaining life estimation method based on model learning
CN109299555B (en) * 2018-09-30 2020-02-04 上海机电工程研究所 Anti-interference performance evaluation method and system for infrared imaging seeker
CN109299555A (en) * 2018-09-30 2019-02-01 上海机电工程研究所 Infrared Imaging Seeker anti-jamming performance evaluation method and system
CN110650040B (en) * 2019-09-17 2022-03-11 中国民航大学 Information system security situation evaluation method based on correction matrix-entropy weight membership cloud
CN110650040A (en) * 2019-09-17 2020-01-03 中国民航大学 Information system security situation evaluation method based on correction matrix-entropy weight membership cloud
CN110954105B (en) * 2019-11-26 2021-11-19 东软集团股份有限公司 Vehicle position prediction method, vehicle position prediction device, storage medium and electronic equipment
CN110954105A (en) * 2019-11-26 2020-04-03 东软集团股份有限公司 Vehicle position prediction method, vehicle position prediction device, storage medium and electronic equipment
CN111917785A (en) * 2020-08-06 2020-11-10 重庆邮电大学 Industrial internet security situation prediction method based on DE-GWO-SVR
CN111917785B (en) * 2020-08-06 2022-07-15 重庆邮电大学 Industrial internet security situation prediction method based on DE-GWO-SVR
CN114037145A (en) * 2021-11-05 2022-02-11 河北师范大学 Network security situation prediction method and system
CN115051827A (en) * 2022-04-17 2022-09-13 昆明理工大学 Network security situation prediction method combining twin architecture and multi-source information fusion
CN115051827B (en) * 2022-04-17 2024-03-05 昆明理工大学 Network security situation prediction method combining twin architecture and multi-source information fusion

Similar Documents

Publication Publication Date Title
CN102694800A (en) Gaussian process regression method for predicting network security situation
US11301755B2 (en) Methods, computing devices, and storage media for predicting traffic matrix
Zhang et al. Residual compensation extreme learning machine for regression
Guimaraes et al. An innovative adaptive sparse response surface method for structural reliability analysis
Binu et al. Rider-deep-LSTM network for hybrid distance score-based fault prediction in analog circuits
Sun et al. Probabilistic updating of building models using incomplete modal data
CN105389980B (en) Short-time Traffic Flow Forecasting Methods based on long short-term memory recurrent neural network
Bučar et al. A neural network approach to describing the scatter of S–N curves
Boulkaibet et al. Finite element model updating using Hamiltonian Monte Carlo techniques
Peng et al. A new Bayesian finite element model updating method based on information fusion of multi-source Markov chains
CN105279692A (en) Financial information technology system performance prediction method and apparatus
Liu et al. Dynamic material parameter inversion of high arch dam under discharge excitation based on the modal parameters and Bayesian optimised deep learning
Wu et al. Multi-objective robust design optimization of fatigue life for a welded box girder
Potluri et al. Deep learning based efficient anomaly detection for securing process control systems against injection attacks
CN111291481A (en) Bayesian model-based structure early warning analysis method
Sun et al. Pseudo-Lyapunov exponents and predictability of Hodgkin-Huxley neuronal network dynamics
Rai et al. Fast parameter estimation of generalized extreme value distribution using neural networks
CN104217296A (en) Listed company performance comprehensive evaluation method
Khadka et al. A Combinatorial Approach to Hyperparameter Optimization
Li et al. FAST-AlertNet: Early warning fire-induced collapse of large-span steel truss structures
He et al. Uncertainty quantification in multiaxial fatigue life prediction using Bayesian neural networks
Chen et al. Interpretable Uncertainty Quantification in AI for HEP
Feng et al. Ddos attack real-time defense mechanism using deep Q-learning network
Pouchard et al. A rigorous uncertainty-aware quantification framework is essential for reproducible and replicable machine learning workflows
Li et al. A comprehensive framework for model validation and reliability assessment of container crane structures

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20120926