Attack occurrence confidence-based network security situation assessment method and system

A situation assessment and network security technology, applied in the transmission system, digital transmission system, data exchange network, etc., can solve the problems of increasing research difficulty in the network environment, affecting the accuracy of the quantitative evaluation system, and unreliable data sources.

Inactive Publication Date: 2018-07-20
XIDIAN UNIV
View PDF0 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to the complexity and concealment of attack methods, the boundary between normal behavior and attack is often blurred, and simple divisions based on thresholds will result in false negatives and false negatives
[0003] In summary, the problems in the prior art are: The proliferation of false negatives and false negatives makes the data source of security situational awareness unreliable, affecting the accuracy of the entire quantitative evaluation system
The continuous evolution of network attacks and the complexity of the network environment have increased the difficulty of research in this field

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack occurrence confidence-based network security situation assessment method and system
  • Attack occurrence confidence-based network security situation assessment method and system
  • Attack occurrence confidence-based network security situation assessment method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0110] Use the present invention to detect the DARPA 99 evaluation data set provided by MIT Lincoln Laboratory. DARPA’s evaluation data in 1999 included 58 typical attack methods in 4 categories including Probe (surveillance and probing), Dos (denial of service), U2R (user to root), R2L (remote to local) / Data, etc. A widely used benchmark dataset.

[0111] Feature extraction takes network connection or host session as the statistical unit, including four categories: basic characteristics of TCP connection, statistical characteristics of network traffic based on time, statistical characteristics of network traffic based on host, and content characteristics of TCP connection.

[0112] Data sampling is then performed. The categories of the training set are unbalanced, and directly using the original training set to train the classifier will seriously affect the accuracy. The method of undersampling is used to divide the sampling of the training set into multiple parts for use b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to technical fields characterized by protocols and discloses an attack occurrence confidence-based network security situation assessment method and system. According to the attack occurrence confidence-based network security situation assessment method and system, a machine learning technology is adopted to analyze network stream data and calculate a probability that networkstreams belong to attack streams; a D-S evidence theory is used to fuse the information of multi-step attacks to obtain the confidence of attack occurrence; and a network security situation is calculated by means of situational factor integration on the basis of security vulnerability information, network service information and host protection strategies; and therefore, the accuracy of assessmentis effectively improved. Since the confidence information of detection equipment is added to the assessment system, the influence of false negatives and false positives can be effectively reduced. Anensemble learning method is adopted, so that the accuracy of confidence calculation can be improved. A network attack is regarded as a dynamic process, and merging processing is performed on the information of the multi-step attacks. Information fusion technology is adopted, so that network environment characteristics such as vulnerabilities, service information and protection strategies are comprehensively considered.

Description

technical field [0001] The invention belongs to the technical field characterized by protocols, and in particular relates to a network security situation assessment method and system based on the confidence of attack occurrence. Background technique [0002] At present, the existing technologies commonly used in the industry are as follows: In order to evaluate the network security situation accurately and efficiently, the current idea is mainly to use data fusion to directly use the log or alarm information output by the security monitoring equipment for fusion processing to obtain the overall security situation of the network. The evaluation result of the security situation is very dependent on the accuracy of network attack identification by intrusion detection equipment or log inspection equipment. Due to the complexity of network attacks and the continuous evolution of attack methods, security detection equipment often has deviations in the identification of attacks, a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/1416H04L41/145H04L63/1433H04L63/1458
Inventor 刘东航
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap