基于改进Apriori的网络安全感知方法

针对网络安全态势评估过程中存在数据源单一、实时性不强、准确率不高的问题,提出一种基于改进关联规则算法(Apriori算法)的网络安全态势感知方法。通过对数据的分析,发现在网络中存在关于安全态势的关联规则；通过网络攻击影响熵值序列的分析,对关联规则进行分类为空间正常和异常空间,进而对关联规则进行聚类分析；根据聚类后的规则划分网络安全态势等级。将改进后的算法应用到网络安全态势感知当中,实验结果表明,该方法满足了网络安全危险预警和实时监控的要求。改进的算法用于安全态势感知是可行的、有效的。

Network Security Situation Awareness Method Based on Improved Apriori Algorithm

For the existing problems that data source is single, real-time is not strong, the accuracy rate is not high in the process of network security situation assessment, a network security situation awareness method based on algorithm of association rules is proposed. Through the analysis of the data, association rules about the security situation in the network can be found; based on network attack effect of entropy sequence analysis, association rules are classified for the space of normal and abnormal, and then the cluster analysis to association rules is carried on. Levels of network security situation are divided according to the clustered rules, the improved algorithm is applied to network security situational awareness, experimental results show that, the model can meet the requirements of the network security hazard warning and real-time monitoring. The improved algorithm used for security situational awareness is feasible and effective.