大数据环境下基于攻击意图的网络安全态势评估

The data storage and network access under the environment of big data, causes the network attack to lower cost, higher income, so that the current network security situation assessment technology can’t evaluate and predict the threats effectively under the big data environment. In this project，the model of the attack intention will be modeled based on the attacker purpose and the 4V features of large data, and the algorithm of extracting the attacker s’ current intention from the big data will be studied by means of the rough set etc. granular computing. The model of the fuzzy hidden Markov will be constructed, so that the attacker’ future intention can be predicted based on the uncertainty and profitability of the attackers’ intention etc.. A networks security situation assessment index system, will be constructed based on the information of the attacker’ intention from the big data and the protecting purpose of the data, and the other factors, and the situation value will be computed through the construction of particle swarm wavelet neural network. Based on availability, dependability and performance of offensive and defensive both sides, the algorithm of assessing the effectiveness, the system dynamics model will be studied, by drawing lessons from the military Lanchester model of direct and indirect confrontation, reinforcements added, consumption, the Lanchester model of network attack and defense, will be given to predict the network security situation under the offensive and defensive state. This project is expected to achieve a breakthrough to extract and predict the attacker’s intention, evaluate and predict the network security situation, under the environment of big data, provide theory and method support for network defense under the environment of big data.

大数据环境下数据存储和网络接入方式使得网络攻击的成本更低、收益更高，现有的网络安全态势评估技术难以对其进行有效评估和预测。本项目基于攻击指向性、大数据的4V特性建立攻击意图的定量模型，利用决策粗糙集等粒计算方法，实现从大数据中提取攻击意图；针对攻击意图的不确定性和收益性等要素，构建模糊-隐马尔科夫模型，对未来攻击意图进行预测。基于大数据信息、攻击意图和保护目标等要素建立大数据环境下网络安全态势评估指标体系，并通过构建粒子群小波神经网络实现对态势值的计算。基于可用性、可信性、性能等，研究攻防双方的效用评估算法、系统动力学模型；借鉴军事上兰彻斯特模型的直接、间接对抗、增援补充、消耗等思想，建立网络攻防对抗的兰彻斯特模型，实现对攻防状态下的网络安全态势的预测。本项目预期在大数据环境下的攻击意图提取和预测、网络安全态势的评估和预测方面取得突破，为大数据环境下的网络防御提供理论与方法支撑。