èŠ‚ç‚¹æ–‡çŒ®

åŸºäºŽæ”»å‡»è¯†åˆ«çš„ç½‘ç»œå®‰å…¨åº¦é‡æ–¹æ³•ç ”ç©¶

Research on Network Security Measurement Method Based on Attack Identification

æŽ¨è CAJä¸‹è½½
PDFä¸‹è½½
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ èµµå°æž—ï¼› èµµæ–Œï¼› èµµæ™¶æ™¶ï¼› è–›é™é”‹ï¼›

ã€Authorã€‘ ZHAO Xiaolin;ZHAO Bin;ZHAO Jingjing;XUE Jingfeng;School of Computer Science and Technology,Beijing Institute of Technology;

ã€é€šè®¯ä½œè€…ã€‘ èµµå°æž—;

ã€æœºæž„ã€‘ åŒ—äº¬ç†å·¥å¤§å¦è®¡ç®—æœºå¦é™¢ï¼›

ã€æ‘˜è¦ã€‘ ç›®å‰,ä¼ ç»Ÿç³»ç»Ÿå®‰å…¨çŠ¶æ€è¯„ä¼°å‡†åˆ™å¤šä¸ºå®šæ€§è¯„ä¼°,å…¶ä¸è¶³ä¹‹å¤„æ˜¯ä¸èƒ½é‡åŒ–é£Žé™©,è€Œå®šé‡è¯„ä¼°æ–¹æ³•å¤§å¤šå˜åœ¨è¯„ä¼°ä¸å…¨é¢ã€è¯†åˆ«æ”»å‡»çš„ç²¾ç¡®çŽ‡è¾ƒä½Žç‰é—®é¢˜ã€‚æ”»å‡»è¯†åˆ«æŠ€æœ¯å¯¹ç½‘ç»œå®‰å…¨åº¦é‡å…·æœ‰é‡è¦ä½œç”¨,æ–‡ç« é‡‡ç”¨é™æ€è¯„ä¼°ä¸ŽåŠ¨æ€è¯„ä¼°ç›¸ç»“åˆçš„èµ„äº§å¨èƒè„†å¼±æ€§ç®¡ç†ç½‘ç»œå®‰å…¨åº¦é‡æ¨¡åž‹ã€‚é™æ€è¯„ä¼°ä½¿ç”¨AHPå±‚æ¬¡åˆ†æžæ³•,ç»“åˆé€šç”¨æ¼æ´žè¯„åˆ†ç³»ç»Ÿç»™å‡ºèµ„äº§æ¼æ´žè¯„åˆ†å’Œç®¡ç†è¯„åˆ†ã€‚åŠ¨æ€è¯„ä¼°ä½¿ç”¨Dw-K-means++ç®—æ³•å’ŒXGBoostæ–¹æ³•ç›¸ç»“åˆ,ä¼˜åŒ–æ”»å‡»è¯†åˆ«çš„æ•ˆæžœã€‚ç»¼åˆé™æ€è¯„ä¼°ä¸ŽåŠ¨æ€è¯„ä¼°,ç»™å‡ºç½‘ç»œç³»ç»Ÿæ€»ä½“çš„è¯„ä¼°ç»“æžœã€‚æ–‡ç« ä½¿ç”¨å…¬å¼€æ•°æ®é›†CICIDS2017è¯æ˜Žäº†Dw-K-means++ç®—æ³•åœ¨å¤§åž‹æ•°æ®é›†ä¸Šçš„èšç±»ä¼˜åŠ¿,åŒæ—¶ä½¿ç”¨åŸºäºŽä»¿çœŸå®žéªŒçš„æ•°æ®éªŒè¯äº†ç½‘ç»œå®‰å…¨åº¦é‡æ¨¡åž‹çš„æœ‰æ•ˆæ€§ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ At present, most of the traditional system security state assessment criteria are qualitative assessment, The disadvantage of this method is that it can not quantify the risk, and there are many kinds of quantitative assessment methods, most of which have the problems of incomplete assessment and low accuracy of attack identification. Attack-based identification plays an important role in network security measurement, this paper proposed a network security measurement model of asset threat vulnerability management, which combined static assessment with dynamic assessment. Static evaluation used AHP analytic hierarchy process, combined with common vulnerability scoring system vulnerability evaluation system to rate asset vulnerability and management. In the aspect of dynamic evaluation, the combination of DW-K-means++ algorithm and XGBoost method were used to improve the effect of attack recognition. The overall evaluation results of the network system are given by combining static and dynamic evaluation. This paper uses public dataset CICIDS2017 to prove the clustering advantage of DW-K-means++ algorithm on large dataset.At the same time, the validity of the network security measurement model proposed in this paper is verified by the data based on simulation experiments.æ›´å¤š è¿˜åŽŸ