CN110474904A - A kind of Situation Awareness method and system improving prediction - Google Patents

A kind of Situation Awareness method and system improving prediction Download PDF

Info

Publication number
CN110474904A
CN110474904A CN201910757459.9A CN201910757459A CN110474904A CN 110474904 A CN110474904 A CN 110474904A CN 201910757459 A CN201910757459 A CN 201910757459A CN 110474904 A CN110474904 A CN 110474904A
Authority
CN
China
Prior art keywords
situation
network
data
value
security postures
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910757459.9A
Other languages
Chinese (zh)
Other versions
CN110474904B (en
Inventor
段彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Sipuleng Technology Co Ltd
Original Assignee
Wuhan Sipuleng Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Sipuleng Technology Co Ltd filed Critical Wuhan Sipuleng Technology Co Ltd
Priority to CN201910757459.9A priority Critical patent/CN110474904B/en
Publication of CN110474904A publication Critical patent/CN110474904A/en
Application granted granted Critical
Publication of CN110474904B publication Critical patent/CN110474904B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/215Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Abstract

The present invention provides a kind of Situation Awareness method and system for improving prediction, acquire the data in different information sources, the data flow of unified format is obtained by pre-processing, element is extracted from the data flow, generate correlation rule, it is sent into Situation Assessment and carries out project evaluation chain, by from the fusion of different evaluation systems, and Fuzzy Processing Data Elements, obtain individual equipment, the situation value of localized network, it is formed in conjunction with the framework of whole network, obtain the situation value of whole system, the situation value of different levels is imported neural network model to predict, finally visualize prediction result, sufficiently assessment whole system and each individual equipment, by each equipment, association is established in each layering, prediction algorithm is introduced to predict quantitative Situation Awareness, so as to scientifically be predicted following system, it is provided with for user The reference proposition of value.

Description

A kind of Situation Awareness method and system improving prediction
Technical field
This application involves technical field of network security more particularly to a kind of Situation Awareness method and systems for improving prediction.
Background technique
Existing situational awareness techniques are understood using simple situation, so that it may obtain the security postures about whole system Assessment result can not quantitatively provide the report of Situation Assessment, and it is even more impossible to the results based on Situation Assessment to carry out security postures Prediction, utility value are very limited.It needs to introduce prediction algorithm to predict quantitative Situation Awareness.
The Situation Assessment for improving prediction not only algorithmically sufficiently assesses whole system and each individual equipment, but also It can be established and be associated with each equipment, each layering, so as to following system based on the situation value provided It is scientifically predicted, provides valuable reference proposition for user.This is the technical problem to be solved in the present invention.
Summary of the invention
The purpose of the present invention is to provide a kind of Situation Awareness method and systems for improving prediction, acquire different information sources Data, obtain the data flow of unified format by pre-processing, element extracted from the data flow, generate correlation rule, be sent into Situation Assessment carry out project evaluation chain, by from the fusion of different evaluation systems and Fuzzy Processing Data Elements, individually set Standby, localized network situation value forms in conjunction with the framework of whole network, the situation value of whole system is obtained, by different levels Situation value imports neural network model and is predicted, finally visualizes prediction result.
In a first aspect, the application provides a kind of Situation Awareness method for improving prediction, which comprises
Acquire the sensor of separate sources, the running state data of information platform, detecting devices;
After receiving acquisition data, clear data in redundancy according to the type in source be system by Data Format Transform One format is divided into corresponding field, is merged into data flow;
Element is extracted from the data flow after merging, finds the behavior act for including in element, access object, source person Location, instantaneous flow size information, generate corresponding correlation rule according to above- mentioned information, form the tree-shaped structure of frequent mode;
According to the tree-shaped structure of the frequent mode, the adjacent similar assets situation information in address, queried access object are inquired The assets situation information and query flows speed of affiliated same layer, the similar assets situation information of flow total amount;
Judge that single key equipment with the presence or absence of the identical security breaches of close assets adjacent with address, judges single crucial The concurrent thread of equipment, bandwidth, network topology, access frequency whether there is alarm identical with affiliated same layer assets, judge list Whether the influx growth rate of a key equipment, different agreement data packet distribution proportion, different size data packet distribution proportion are deposited In variation identical with flow speed, flow total amount similar property, the security postures value of single key equipment is calculated;
By several neighbouring single key equipments, or according to several the single key equipments for having service interaction, group At localized network, by the corresponding security breaches of each key equipment, concurrent thread, bandwidth, the network topology, visit in localized network Ask frequency, influx growth rate, different agreement data packet distribution proportion and different size data packet distribution proportion, it is excellent according to business First grade introduces the security postures value that Fuzzy Processing calculates localized network;
According to the topological relation of multiple localized networks, Fuzzy Processing calculates the security postures value of whole network;
The security postures value of single key equipment, localized network and whole network is imported into neural network model respectively, is led to Neural network model deduction is crossed, obtains prediction of the following a period of time about attacker source and firing area;
Wherein, prediction uses improved neural network model, comprising: using attraction propagation clustering AP algorithm to input Security postures value carries out partition clustering, to obtain the node in hidden layer of center and network;
Show that group difference degree, the zoom factor and intersection of adaptively changing differential evolution DE algorithm are general using AP cluster Rate optimizes the width and connection weight of neural network;
Chaos inquiry is carried out to the elite individual of every generation population and group difference degree center;
It determines final neural network model, inputs whole security postures values, the security postures for exporting the following certain time are pre- Measured value;
According to security postures predicted value, the source of attacker and the range of attack are judged;
By the security postures value of single key equipment, localized network and whole network, attacker source and firing area Prediction result is visualized.
With reference to first aspect, in a first possible implementation of that first aspect, the data flow after merging mentions Take element, comprising: according to the assessment models of previous historical data, correlation rule and index storehouse, from the respective field of data flow Extract element information.
With reference to first aspect, in a second possible implementation of that first aspect, it is described clear data in redundancy letter Data Format Transform is unified format according to the type in source by breath, is based at Map Reduce Distributed Parallel Computing Reason.
With reference to first aspect, in first aspect in the third possible implementation, the Fuzzy Processing calculating is to be based on The method that D-S theory is combined with fuzzy set calculates the probability that attack is supported.
Second aspect, the application provide a kind of Situation Awareness System for improving prediction, the system comprises:
Acquisition unit, for acquiring the sensor of separate sources, the running state data of information platform, detecting devices;
Pretreatment unit, after receiving acquisition data, clear data in redundancy will according to the type in source Data Format Transform is unified format, is divided into corresponding field, is merged into data flow;
Situation understands unit, for extracting element from the data flow after merging, finds the behavior act for including in element, visits Ask object, source person address, instantaneous flow size information, generate corresponding correlation rule according to above- mentioned information, composition is frequent Mode tree;
Situation Assessment unit, for inquiring the adjacent similar assets situation in address according to the tree-shaped structure of the frequent mode Information, the assets situation information and query flows speed of the affiliated same layer of queried access object, the similar assets state of flow total amount Gesture information;Judge that single key equipment with the presence or absence of the identical security breaches of close assets adjacent with address, judges single crucial The concurrent thread of equipment, bandwidth, network topology, access frequency whether there is alarm identical with affiliated same layer assets, judge list Whether the influx growth rate of a key equipment, different agreement data packet distribution proportion, different size data packet distribution proportion are deposited In variation identical with flow speed, flow total amount similar property, the security postures value of single key equipment is calculated;
By several neighbouring single key equipments, or according to several the single key equipments for having service interaction, group At localized network, by the corresponding security breaches of each key equipment, concurrent thread, bandwidth, the network topology, visit in localized network Ask frequency, influx growth rate, different agreement data packet distribution proportion and different size data packet distribution proportion, it is excellent according to business First grade introduces the security postures value that Fuzzy Processing calculates localized network;
According to the topological relation of multiple localized networks, Fuzzy Processing calculates the security postures value of whole network;
Tendency Prediction unit, for respectively leading the security postures value of single key equipment, localized network and whole network Enter neural network model, deduced by neural network model, obtains following a period of time about attacker source and firing area Prediction;
Wherein, prediction uses improved neural network model, comprising: using attraction propagation clustering AP algorithm to input Security postures value carries out partition clustering, to obtain the node in hidden layer of center and network;
Show that group difference degree, the zoom factor and intersection of adaptively changing differential evolution DE algorithm are general using AP cluster Rate optimizes the width and connection weight of neural network;
Chaos inquiry is carried out to the elite individual of every generation population and group difference degree center;
It determines final neural network model, inputs whole security postures values, the security postures for exporting the following certain time are pre- Measured value;
According to security postures predicted value, the source of attacker and the range of attack are judged;
Situation display unit, for by the security postures value of single key equipment, localized network and whole network, attacker The prediction result of source and firing area is visualized.
In conjunction with second aspect, in second aspect in the first possible implementation, the situation understands unit from merging Data flow afterwards extracts element, comprising: according to the assessment models of previous historical data, correlation rule and index storehouse, from data flow Respective field in extract element information.
In conjunction with second aspect, in second of second aspect possible implementation, the pretreatment unit clears data In redundancy according to the type in source be unified format by Data Format Transform, be distributed based on Map Reduce Parallel computation processing.
In conjunction with second aspect, in second aspect in the third possible implementation, the fuzzy place of the Situation Assessment unit It is the method combined based on D-S theory with fuzzy set that reason, which calculates, calculates the probability that attack is supported.
The present invention provides a kind of Situation Awareness method and system for improving prediction, acquires the data in different information sources, leads to Cross pretreatment and obtain the data flow of unified format, element is extracted from the data flow, generate correlation rule, be sent into Situation Assessment into Row project evaluation chain, by from the fusion of different evaluation systems and Fuzzy Processing Data Elements, obtain individual equipment, local area network The situation value of network forms in conjunction with the framework of whole network, obtains the situation value of whole system, the situation value of different levels is imported Neural network model is predicted, prediction result is finally visualized, and sufficiently assesses whole system and each individually sets It is standby, association is established into each equipment, each layering, prediction algorithm is introduced and quantitative Situation Awareness is predicted, thus Following system can scientifically be predicted, provide valuable reference proposition for user.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to needed in the embodiment Attached drawing is briefly described, it should be apparent that, for those of ordinary skills, before not making the creative labor It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow chart for the Situation Awareness method that the present invention improves prediction;
Fig. 2 is the architecture diagram for the Situation Awareness System that the present invention improves prediction.
Specific embodiment
The preferred embodiment of the present invention is described in detail with reference to the accompanying drawing, so that advantages and features of the invention energy It is easier to be readily appreciated by one skilled in the art, so as to make a clearer definition of the protection scope of the present invention.
Fig. 1 is the flow chart of the Situation Awareness method provided by the present application for improving prediction, which comprises
Acquire the sensor of separate sources, the running state data of information platform, detecting devices;
After receiving acquisition data, clear data in redundancy according to the type in source be system by Data Format Transform One format is divided into corresponding field, is merged into data flow;
Element is extracted from the data flow after merging, finds the behavior act for including in element, access object, source person Location, instantaneous flow size information, generate corresponding correlation rule according to above- mentioned information, form the tree-shaped structure of frequent mode;
According to the tree-shaped structure of the frequent mode, the adjacent similar assets situation information in address, queried access object are inquired The assets situation information and query flows speed of affiliated same layer, the similar assets situation information of flow total amount;
Judge that single key equipment with the presence or absence of the identical security breaches of close assets adjacent with address, judges single crucial The concurrent thread of equipment, bandwidth, network topology, access frequency whether there is alarm identical with affiliated same layer assets, judge list Whether the influx growth rate of a key equipment, different agreement data packet distribution proportion, different size data packet distribution proportion are deposited In variation identical with flow speed, flow total amount similar property, the security postures value of single key equipment is calculated;
By several neighbouring single key equipments, or according to several the single key equipments for having service interaction, group At localized network, by the corresponding security breaches of each key equipment, concurrent thread, bandwidth, the network topology, visit in localized network Ask frequency, influx growth rate, different agreement data packet distribution proportion and different size data packet distribution proportion, it is excellent according to business First grade introduces the security postures value that Fuzzy Processing calculates localized network;
According to the topological relation of multiple localized networks, Fuzzy Processing calculates the security postures value of whole network;
The security postures value of single key equipment, localized network and whole network is imported into neural network model respectively, is led to Neural network model deduction is crossed, obtains prediction of the following a period of time about attacker source and firing area;
Wherein, prediction uses improved neural network model, comprising: using attraction propagation clustering AP algorithm to input Security postures value carries out partition clustering, to obtain the node in hidden layer of center and network;
Show that group difference degree, the zoom factor and intersection of adaptively changing differential evolution DE algorithm are general using AP cluster Rate optimizes the width and connection weight of neural network;
Chaos inquiry is carried out to the elite individual of every generation population and group difference degree center;
It determines final neural network model, inputs whole security postures values, the security postures for exporting the following certain time are pre- Measured value;
According to security postures predicted value, the source of attacker and the range of attack are judged;
By the security postures value of single key equipment, localized network and whole network, attacker source and firing area Prediction result is visualized.
In some preferred embodiments, the data flow after merging extracts element, comprising: according to previous historical data Assessment models, correlation rule and index storehouse, extract element information from the respective field of data flow.
In some preferred embodiments, it is described clear data in redundancy, according to the type in source, by data format Unified format is converted to, is handled based on Map Reduce Distributed Parallel Computing.
In some preferred embodiments, the Fuzzy Processing calculating is the method combined based on D-S theory with fuzzy set, Calculate the probability that attack is supported.
Fig. 2 is the architecture diagram of the Situation Awareness System provided by the present application for improving prediction, the system comprises:
Acquisition unit, for acquiring the sensor of separate sources, the running state data of information platform, detecting devices;
Pretreatment unit, after receiving acquisition data, clear data in redundancy will according to the type in source Data Format Transform is unified format, is divided into corresponding field, is merged into data flow;
Situation understands unit, for extracting element from the data flow after merging, finds the behavior act for including in element, visits Ask object, source person address, instantaneous flow size information, generate corresponding correlation rule according to above- mentioned information, composition is frequent Mode tree;
Situation Assessment unit, for inquiring the adjacent similar assets situation in address according to the tree-shaped structure of the frequent mode Information, the assets situation information and query flows speed of the affiliated same layer of queried access object, the similar assets state of flow total amount Gesture information;Judge that single key equipment with the presence or absence of the identical security breaches of close assets adjacent with address, judges single crucial The concurrent thread of equipment, bandwidth, network topology, access frequency whether there is alarm identical with affiliated same layer assets, judge list Whether the influx growth rate of a key equipment, different agreement data packet distribution proportion, different size data packet distribution proportion are deposited In variation identical with flow speed, flow total amount similar property, the security postures value of single key equipment is calculated;
By several neighbouring single key equipments, or according to several the single key equipments for having service interaction, group At localized network, by the corresponding security breaches of each key equipment, concurrent thread, bandwidth, the network topology, visit in localized network Ask frequency, influx growth rate, different agreement data packet distribution proportion and different size data packet distribution proportion, it is excellent according to business First grade introduces the security postures value that Fuzzy Processing calculates localized network;
According to the topological relation of multiple localized networks, Fuzzy Processing calculates the security postures value of whole network;
Tendency Prediction unit, for respectively leading the security postures value of single key equipment, localized network and whole network Enter neural network model, deduced by neural network model, obtains following a period of time about attacker source and firing area Prediction;
Wherein, prediction uses improved neural network model, comprising: using attraction propagation clustering AP algorithm to input Security postures value carries out partition clustering, to obtain the node in hidden layer of center and network;
Show that group difference degree, the zoom factor and intersection of adaptively changing differential evolution DE algorithm are general using AP cluster Rate optimizes the width and connection weight of neural network;
Chaos inquiry is carried out to the elite individual of every generation population and group difference degree center;
It determines final neural network model, inputs whole security postures values, the security postures for exporting the following certain time are pre- Measured value;
According to security postures predicted value, the source of attacker and the range of attack are judged;
Situation display unit, for by the security postures value of single key equipment, localized network and whole network, attacker The prediction result of source and firing area is visualized.
In some preferred embodiments, the situation understands that unit extracts element from the data flow after merging, comprising: according to Assessment models, correlation rule and the index storehouse of previous historical data, extract element information from the respective field of data flow.
In some preferred embodiments, the pretreatment unit clear data in redundancy, according to the type in source, It is unified format by Data Format Transform, is handled based on Map Reduce Distributed Parallel Computing.
In some preferred embodiments, the Situation Assessment unit Fuzzy Processing calculating is based on D-S theory and fuzzy set The method combined calculates the probability that attack is supported.
In the specific implementation, the present invention also provides a kind of computer storage mediums, wherein the computer storage medium can deposit Program is contained, which may include step some or all of in each embodiment of the present invention when executing.The storage medium It can be magnetic disk, CD, read-only memory (referred to as: ROM) or random access memory (referred to as: RAM) etc..
It is required that those skilled in the art can be understood that the technology in the embodiment of the present invention can add by software The mode of general hardware platform realize.Based on this understanding, the technical solution in the embodiment of the present invention substantially or The part that contributes to existing technology can be embodied in the form of software products, which can store In storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions use is so that a computer equipment (can be Personal computer, server or network equipment etc.) it executes described in certain parts of each embodiment of the present invention or embodiment Method.
The same or similar parts between the embodiments can be referred to each other for this specification.For embodiment, Since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to the explanation in embodiment of the method .
Invention described above embodiment is not intended to limit the scope of the present invention..

Claims (8)

1. a kind of Situation Awareness method for improving prediction, which is characterized in that the described method includes:
Acquire the sensor of separate sources, the running state data of information platform, detecting devices;
After receiving acquisition data, clear data in redundancy according to the type in source be uniformly by Data Format Transform Format is divided into corresponding field, is merged into data flow;
Element is extracted from the data flow after merging, finds the behavior act for including in element, access object, source person address, wink When uninterrupted information, generate corresponding correlation rule according to above- mentioned information, form the tree-shaped structure of frequent mode;
According to the tree-shaped structure of the frequent mode, the adjacent similar assets situation information in address is inquired, belonging to queried access object The assets situation information and query flows speed of same layer, the similar assets situation information of flow total amount;
Judge that single key equipment with the presence or absence of the identical security breaches of close assets adjacent with address, judges single key equipment Concurrent thread, bandwidth, network topology, access frequency whether there is alarm identical with affiliated same layer assets, judge single close The influx growth rate of button apparatus, different agreement data packet distribution proportion, different size data packet distribution proportion whether there is with Flow speed, the identical variation of flow total amount similar property, calculate the security postures value of single key equipment;
By several neighbouring single key equipments, or according to several the single key equipments for having service interaction, composition office Portion's network, by the corresponding security breaches of each key equipment in localized network, concurrent thread, bandwidth, network topology, access frequency Rate, influx growth rate, different agreement data packet distribution proportion and different size data packet distribution proportion, according to service priority Introduce the security postures value that Fuzzy Processing calculates localized network;
According to the topological relation of multiple localized networks, Fuzzy Processing calculates the security postures value of whole network;
The security postures value of single key equipment, localized network and whole network is imported into neural network model respectively, passes through mind It is deduced through network model, obtains prediction of the following a period of time about attacker source and firing area;
Wherein, prediction uses improved neural network model, comprising: using attraction propagation clustering AP algorithm to the safety of input Situation value carries out partition clustering, to obtain the node in hidden layer of center and network;
Group difference degree is obtained using AP cluster, and the zoom factor and crossover probability of adaptively changing differential evolution DE algorithm are right The width and connection weight of neural network optimize;
Chaos inquiry is carried out to the elite individual of every generation population and group difference degree center;
It determines final neural network model, inputs whole security postures values, export the security postures predicted value of the following certain time;
According to security postures predicted value, the source of attacker and the range of attack are judged;
By the security postures value of single key equipment, localized network and whole network, the prediction in attacker source and firing area As a result it is visualized.
2. the method according to claim 1, wherein the data flow after merging extracts element, comprising: root Accordingly toward the assessment models of historical data, correlation rule and index storehouse, element information is extracted from the respective field of data flow.
3. -2 described in any item methods according to claim 1, which is characterized in that it is described clear data in redundancy, root According to the type in source, be unified format by Data Format Transform, handled based on Map Reduce Distributed Parallel Computing.
4. method according to claim 1-3, which is characterized in that the Fuzzy Processing calculating is managed based on D-S By the method combined with fuzzy set, the probability that attack is supported is calculated.
5. a kind of system for the Situation Awareness for improving prediction, which is characterized in that the system comprises:
Acquisition unit, for acquiring the sensor of separate sources, the running state data of information platform, detecting devices;
Pretreatment unit, for receive acquisition data after, clear data in redundancy, according to the type in source, by data Format is converted to unified format, is divided into corresponding field, is merged into data flow;
Situation understands unit, for extracting element from the data flow after merging, finds the behavior act for including in element, access pair As, source person address, the information of instantaneous flow size, corresponding correlation rule is generated according to above- mentioned information, forms frequent mode Tree;
Situation Assessment unit, for inquiring the adjacent similar assets situation information in address according to the tree-shaped structure of the frequent mode, The assets situation information and query flows speed of the affiliated same layer of queried access object, the similar assets situation letter of flow total amount Breath;Judge that single key equipment with the presence or absence of the identical security breaches of close assets adjacent with address, judges single key equipment Concurrent thread, bandwidth, network topology, access frequency whether there is alarm identical with affiliated same layer assets, judge single close The influx growth rate of button apparatus, different agreement data packet distribution proportion, different size data packet distribution proportion whether there is with Flow speed, the identical variation of flow total amount similar property, calculate the security postures value of single key equipment;
By several neighbouring single key equipments, or according to several the single key equipments for having service interaction, composition office Portion's network, by the corresponding security breaches of each key equipment in localized network, concurrent thread, bandwidth, network topology, access frequency Rate, influx growth rate, different agreement data packet distribution proportion and different size data packet distribution proportion, according to service priority Introduce the security postures value that Fuzzy Processing calculates localized network;
According to the topological relation of multiple localized networks, Fuzzy Processing calculates the security postures value of whole network;
Tendency Prediction unit, for the security postures value of single key equipment, localized network and whole network to be imported mind respectively It through network model, is deduced by neural network model, obtains following a period of time about the pre- of attacker source and firing area It surveys;
Wherein, prediction uses improved neural network model, comprising: using attraction propagation clustering AP algorithm to the safety of input Situation value carries out partition clustering, to obtain the node in hidden layer of center and network;
Group difference degree is obtained using AP cluster, and the zoom factor and crossover probability of adaptively changing differential evolution DE algorithm are right The width and connection weight of neural network optimize;
Chaos inquiry is carried out to the elite individual of every generation population and group difference degree center;
It determines final neural network model, inputs whole security postures values, export the security postures predicted value of the following certain time;
According to security postures predicted value, the source of attacker and the range of attack are judged;
Situation display unit, for by the security postures value of single key equipment, localized network and whole network, attacker source It is visualized with the prediction result of firing area.
6. system according to claim 5, which is characterized in that the situation understands that unit is extracted from the data flow after merging Element, comprising: according to the assessment models of previous historical data, correlation rule and index storehouse, mentioned from the respective field of data flow Take element information.
7. according to the described in any item systems of claim 5-6, which is characterized in that the pretreatment unit clear data in it is superfluous Data Format Transform is unified format, is based on Map Reduce distributed parallel by remaining information according to the type in source Calculate processing.
8. according to the described in any item systems of claim 5-7, which is characterized in that the Situation Assessment unit Fuzzy Processing calculates It is the method combined based on D-S theory with fuzzy set, calculates the probability that attack is supported.
CN201910757459.9A 2019-08-16 2019-08-16 Situation awareness method and system for improving prediction Active CN110474904B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910757459.9A CN110474904B (en) 2019-08-16 2019-08-16 Situation awareness method and system for improving prediction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910757459.9A CN110474904B (en) 2019-08-16 2019-08-16 Situation awareness method and system for improving prediction

Publications (2)

Publication Number Publication Date
CN110474904A true CN110474904A (en) 2019-11-19
CN110474904B CN110474904B (en) 2022-04-12

Family

ID=68511812

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910757459.9A Active CN110474904B (en) 2019-08-16 2019-08-16 Situation awareness method and system for improving prediction

Country Status (1)

Country Link
CN (1) CN110474904B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111625998A (en) * 2020-05-29 2020-09-04 华中科技大学 Method for optimizing structure of laminated solar cell
CN112380514A (en) * 2020-11-13 2021-02-19 支付宝(杭州)信息技术有限公司 Biological identification security situation prediction method and device and electronic equipment
CN112469102A (en) * 2020-11-10 2021-03-09 南京大学 Time-varying network-oriented active network topology construction method and system
CN114866290A (en) * 2022-04-14 2022-08-05 中国科学技术大学 Fuzzy behavior decision method and system based on expert system
CN116708208A (en) * 2023-08-07 2023-09-05 山东慧贝行信息技术有限公司 Network data transmission situation prediction method based on machine learning

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102263410A (en) * 2010-05-31 2011-11-30 河南省电力公司 Security risk assessment model, assessment method and assessment parameter determining method
CN102624696A (en) * 2011-12-27 2012-08-01 中国航天科工集团第二研究院七〇六所 Network security situation evaluation method
WO2016172514A1 (en) * 2015-04-24 2016-10-27 Siemens Aktiengesellschaft Improving control system resilience by highly coupling security functions with control
CN106411896A (en) * 2016-09-30 2017-02-15 重庆邮电大学 APDE-RBF neural network based network security situation prediction method
CN107404400A (en) * 2017-07-20 2017-11-28 中国电子科技集团公司第二十九研究所 A kind of network situation awareness implementation method and device
CN108494810A (en) * 2018-06-11 2018-09-04 中国人民解放军战略支援部队信息工程大学 Network security situation prediction method, apparatus and system towards attack
CN108769048A (en) * 2018-06-08 2018-11-06 武汉思普崚技术有限公司 A kind of secure visualization and Situation Awareness plateform system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102263410A (en) * 2010-05-31 2011-11-30 河南省电力公司 Security risk assessment model, assessment method and assessment parameter determining method
CN102624696A (en) * 2011-12-27 2012-08-01 中国航天科工集团第二研究院七〇六所 Network security situation evaluation method
WO2016172514A1 (en) * 2015-04-24 2016-10-27 Siemens Aktiengesellschaft Improving control system resilience by highly coupling security functions with control
CN106411896A (en) * 2016-09-30 2017-02-15 重庆邮电大学 APDE-RBF neural network based network security situation prediction method
CN107404400A (en) * 2017-07-20 2017-11-28 中国电子科技集团公司第二十九研究所 A kind of network situation awareness implementation method and device
CN108769048A (en) * 2018-06-08 2018-11-06 武汉思普崚技术有限公司 A kind of secure visualization and Situation Awareness plateform system
CN108494810A (en) * 2018-06-11 2018-09-04 中国人民解放军战略支援部队信息工程大学 Network security situation prediction method, apparatus and system towards attack

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘鹏等: "大规模网络安全态势感知及预测", 《计算机安全》 *
甘文道等: "基于RAN-RBF神经网络的网络安全态势预测模型 ", 《计算机科学》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111625998A (en) * 2020-05-29 2020-09-04 华中科技大学 Method for optimizing structure of laminated solar cell
CN112469102A (en) * 2020-11-10 2021-03-09 南京大学 Time-varying network-oriented active network topology construction method and system
CN112469102B (en) * 2020-11-10 2022-09-23 南京大学 Time-varying network-oriented active network topology construction method and system
CN112380514A (en) * 2020-11-13 2021-02-19 支付宝(杭州)信息技术有限公司 Biological identification security situation prediction method and device and electronic equipment
CN112380514B (en) * 2020-11-13 2022-11-22 支付宝(杭州)信息技术有限公司 Biological identification security situation prediction method and device and electronic equipment
CN114866290A (en) * 2022-04-14 2022-08-05 中国科学技术大学 Fuzzy behavior decision method and system based on expert system
CN116708208A (en) * 2023-08-07 2023-09-05 山东慧贝行信息技术有限公司 Network data transmission situation prediction method based on machine learning
CN116708208B (en) * 2023-08-07 2023-10-13 山东慧贝行信息技术有限公司 Network data transmission situation prediction method based on machine learning

Also Published As

Publication number Publication date
CN110474904B (en) 2022-04-12

Similar Documents

Publication Publication Date Title
CN110474904A (en) A kind of Situation Awareness method and system improving prediction
Blondel et al. A survey of results on mobile phone datasets analysis
CN110445801A (en) A kind of Situation Awareness method and system of Internet of Things
CN110460608A (en) A kind of Situation Awareness method and system comprising association analysis
Zhang et al. A reliable data-transmission mechanism using blockchain in edge computing scenarios
CN109840533A (en) A kind of applied topology figure recognition methods and device
Vu et al. Distributed adaptive model rules for mining big data streams
CN109389518A (en) Association analysis method and device
CN110493043B (en) Distributed situation awareness calling method and device
Razzaq et al. Hybrid auto-scaled service-cloud-based predictive workload modeling and analysis for smart campus system
CN110493044A (en) A kind of method and system of quantifiable Situation Awareness
Jiang et al. LBlockchainE: A lightweight blockchain for edge IoT-enabled maritime transportation systems
CN110493217A (en) A kind of distributed Situation Awareness method and system
Al Ridhawi et al. An intelligent blockchain-assisted cooperative framework for industry 4.0 service management
CN110493218B (en) Situation awareness virtualization method and device
CN110471975B (en) Internet of things situation awareness calling method and device
CN108829956B (en) Colored generalized stochastic Petri network-based IT architecture service reliability modeling method
Lin et al. ACO-BTM: a behavior trust model in cloud computing environment
CN112769620B (en) Network deployment method, equipment and computer readable storage medium
CN110460472A (en) A kind of Situation Awareness method and system of weight quantization
Ho et al. Discovering communities of users on social networks based on topic model combined with Kohonen network
Su et al. Detection ddos of attacks based on federated learning with digital twin network
Fornaia et al. Using AOP neural networks to infer user behaviours and interests
CN110474805A (en) A kind of method and apparatus for the Situation Awareness analysis called
Ivanushchak et al. Information technologies for analysis and modeling of computer network’s development

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant