Network security situation assessments with parallel feature extraction and an improved BiGRU
YANG Hongyu1,2, ZHANG Zixin2, ZHANG Liang3
1. School of Safety Science and Engineering, Civil Aviation University of China, Tianjin 300300, China; 2. School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China; 3. Department of Information, University of Arizona, Tucson 85721, USA
Abstract:Current network security situation assessment methods have limited feature extraction capabilities and can be more efficient. This paper presents a network security situation assessment method that uses a parallel feature extraction network (PFEN) and an improved bi-directional gate recurrent unit (BiGRU). A deep learning model is designed with a PFEN and a BiGRU based on an attention mechanism (ABiGRU). The PFEN module has parallel sparse auto-encoders which identify key data out of the network traffic and integrate this data with the original features. Then, the ABiGRU module weights the key features through the attention mechanism to improve the model accuracy. The trained PFEN-ABiGRU is then applied to network threat detection. The model detection results are combined with a network security quantification method to calculate a network security situation index. Tests indicate that the PFEN-ABiGRU assessments have better accuracy and recall rates than other model assessment results.
[1] CHEN C, YE L, YU X Z, et al. A survey of network security situational awareness technology[C]//International Conference on Artificial Intelligence and Security. New York, USA:Springer, 2019:101-109. [2] WEN L. Security evaluation of computer network based on hierarchy[J]. International Journal of Network Security, 2019, 21(5):735-740. [3] YANG M, JIANG R, GAO T L, et al. Research on cloud computing security risk assessment based on information entropy and Markov chain[J]. International Journal of Network Security, 2018, 20(4):664-673. [4] LI X N, LI M G, WANG H. Research on network security risk assessment method based on Bayesian reasoning[C]//2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC). Beijing, 2019:1-7. [5] ZHAO Z W, PENG Y, HUANG J H, et al. An evaluation method of network security situation using data fusion theory[J]. International Journal of Performability Engineering, 2020, 16(7):1046-1057. [6] ZHAO D M, SONG H Q, LI H. Fuzzy integrated rough set theory situation feature extraction of network security[J]. Journal of Intelligent & Fuzzy Systems, 2021, 40(4):8439-8450. [7] DONG G S, LI W C, WANG S W, et al. The assessment method of network security situation based on improved BP neural network[C]//The 8th International Conference on Computer Engineering and Networks. Berlin, Germany:Springer, 2018:67-76. [8] LIN Y, WANG J, TU Y, et al. Time-related network intrusion detection model:A deep learning method[C]//2019 IEEE Global Communications Conference (GLOBECOM). Waikoloa, USA, 2019:1-6. [9] JAVAID A, NIYAZ Q, SUN W Q, et al. A deep learning approach for network intrusion detection system[C]//Proceedings of the 9th EAI International Conference on Bio-Inspired Information and Communications Technologies (Formerly BIONETICS). Brussels, Belgium:ICST, 2016:21-26. [10] LIU T L, YU Q, LIANG S, et al. Locate-then-detect:Real-time web attack detection via attention-based deep neural networks[C]//Proceedings of the 28th International Joint Conference on Artificial Intelligence Main Track (IJCAI). San Francisco, USA:Morgan Kaufmann, 2019:4725-4731. [11] HU J J, MA D Y, LIU C, et al. Network security situation prediction based on MR-SVM[J]. IEEE Access, 2019, 7:130937-130945. [12] LUONG M T, PHAM H, MANNING C D. Effective approaches to attention-based neural machine translation[C]//Proceedings of the 2015 Conference on Empirical Methods in Natural Language Processing. Lisbon, Portugal:ACL, 2015:1412-1421. [13] 刘效武, 王慧强, 吕宏武, 等. 网络安全态势认知融合感控模型[J]. 软件学报, 2016, 27(8):2099-2114. LIU X W, WANG H Q, Lü H W, et al. Fusion-based cognitive awareness-control model for network security situation[J]. Journal of Software, 2016, 27(8):2099-2114. (in Chinese) [14] Forum of Incident Response and Security Teams. Common vulnerability scoring system v3.1:Specification document[EB/OL].[2020-06-22]. https://www.first.org/cvss/specification-document. [15] 国务院. 国家突发公共事件总体应急预案[M]. 北京:中国法制出版社, 2006. State Council of the People's Republic of China. Overall emergency plans for national sudden public incidents[M]. Beijing:China Legal Press, 2006. (in Chinese) [16] FERRAG M A, MAGLARAS L, MOSCHOYIANNIS S, et al. Deep learning for cyber security intrusion detection:Approaches, datasets, and comparative study[J]. Journal of Information Security and Applications, 2020, 50:102419. [17] 杨宏宇, 王峰岩, 吕伟力. 基于无监督生成推理的网络安全威胁态势评估方法[J]. 清华大学学报(自然科学版), 2020, 60(6):474-484. YANG H Y, WANG F Y, Lü W L. Network security threat assessment method based on unsupervised generation reasoning[J]. Journal of Tsinghua University (Science and Technology), 2020, 60(6):474-484. (in Chinese) [18] YANG L Q, ZHANG J W, WANG X Z, et al. An improved ELM-based and data preprocessing integrated approach for phishing detection considering comprehensive features[J]. Expert Systems with Applications, 2021, 165:113863.