北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2015, Vol. 38 ›› Issue (2): 50-54.doi: 10.13190/j.jbupt.2015.02.008

• 论文 • 上一篇    下一篇

基于神经网络和遗传算法的网络安全事件分析方法

刘敬1, 谷利泽1, 钮心忻1, 杨义先1, 李忠献2   

  1. 1. 北京邮电大学 信息安全中心, 北京 100876;
    2. 国瑞数码安全系统有限公司, 北京 100088
  • 收稿日期:2014-04-01 出版日期:2015-04-28 发布日期:2015-05-14
  • 作者简介:刘 敬(1981—), 男, 博士生, E-mail: liujing81@sohu.com; 谷利泽(1965—), 男, 副教授.
  • 基金资助:

    国家自然科学基金项目(61202082,61121061); 北京邮电大学青年科研创新计划专项项目(2012RC0219,2012RC0311); 国家科技支撑计划项目(2012BAH37B05)

Network Security Events Analyze Method Based on Neural Networks and Genetic Algorithm

LIU Jing1, GU Li-ze1, Niu Xin-xin1, YANG Yi-xian1, LI Zhong-xian2   

  1. 1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. National Cybernet Security Ltd, Beijing 100088, China
  • Received:2014-04-01 Online:2015-04-28 Published:2015-05-14

摘要:

传统网络安全事件分析方法较多依赖人工干预,针对该问题提出了一种具备更高自适应能力和自动化程度的网络安全事件分析方法,利用神经网络模型对多种异构事件源产生的数据进行分析,按照不同攻击场景自动分类,基于分类结果提取规则项,利用遗传算法自动生成针对不同攻击场景的关联规则. 实验结果表明,该方法可自动完成事件分类和关联规则生成,是对传统方法的有效增强和改进.

关键词: 网络安全事件分析, 神经网络, 遗传算法, 关联规则

Abstract:

The traditional network security events analysis methods depend more on human interventions. To address this problem, an automatic and self-adaptive method is presented. The neural network models are used to classify amounts of security events according to various attack scenarios, which can reduce much human intervention. The rule items are extracted from the classification results. And the correlation rules are generated automatically from these items using genetic algorithm. Experiments demonstrate that the method can classify the network security events and generate association rules automatically, so that the degree of automation can be improved. It is an effective enhancement and improvement to the traditional methods.

Key words: network security events analyze, neural network, generic algorithm, correlation rules

中图分类号: