Network security threat assessment method based on unsupervised generation reasoning
YANG Hongyu1, WANG Fengyan1, L�Weili2
1. School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China; 2. Pipeline Changchun Transmission and Oil Company, China National Petroleum Corporation, Changchun 130000, China
Abstract:Supervised network data modeling based on data category tags is computationally expensive, inefficient and requires long time for network threat assessments. This paper presents a network security threat assessment method based on unsupervised generation reasoning. A variant auto encoder - generative adversarial network (VAE-GAN) model is designed with training data set containing only normal network traffic input to the network collection layer of the VAE-GAN while monitoring the reconstruction error of each layer network output and a 3-layer variant auto encoder of the output layer is used to train the reconstruction error with a test data set used for group threat testing while monitoring the threat occurrence probability for each group of tests. Finally, the severities of the network security threats are determined based on the threat occurrence probability with a threat situation impact factor used to calculate the threat level to quantify the network security threat. Simulations show that this method more intuitively evaluates the overall network security threat than back propagation (BP) and radical basis function (RBF) methods and more effectively characterizes the network threat.
[1] WANG H, CHEN Z F, FENG X, et al. Research on network security situation assessment and quantification method based on analytic hierarchy process[J]. Wireless Personal Communications, 2018, 102(2):1401-1420. [2] ZHOU C, PAN P, MAO X Y, et al. Risk analysis of information system security based on distance of information-state transition[J]. Wuhan University Journal of Natural Sciences, 2018, 23(3):210-218. [3] 文志诚, 陈志刚, 唐军. 基于信息融合的网络安全态势量化评估方法[J]. 北京航空航天大学学报, 2016, 42(8):1593-1602. WEN Z C, CHEN Z G, TANG J. Assessing network security situation quantitatively based on information fusion[J]. Journal of Beijing University of Aeronautics and Astronautics, 2016, 42(8):1593-1602. (in Chinese) [4] YU J J, HU M, WANG P. Evaluation and reliability analysis of network security risk factors based on D-S evidence theory[J]. Journal of Intelligent & Fuzzy Systems, 2018, 34(2):861-869. [5] 朱闻亚. 卡尔曼熵值模型的网络安全态势估计[J]. 华侨大学学报(自然科学版), 2017, 38(1):101-104. ZHU W Y. Network security situation assessment based on Kalman entropy model[J]. Journal of Huaqiao University (Natural Science), 2017, 38(1):101-104. (in Chinese) [6] HU G Y, ZHOU Z J, ZHANG B C, et al. A method for predicting the network security situation based on hidden BRB model and revised CMA-ES algorithm[J]. Applied Soft Computing, 2016, 48:404-418. [7] 谢丽霞, 王亚超, 于巾博. 基于神经网络的网络安全态势感知[J]. 清华大学学报(自然科学版), 2013, 53(12):1750-1760. XIE L X, WANG Y C, YU J B. Network security situation awareness based on neural networks[J]. Journal of Tsinghua University (Science & Technology), 2013, 53(12):1750-1760. (in Chinese) [8] DOERSCH C. Tutorial on variational autoencoders[Z]. arXiv preprint:1606.05908, 2016. [9] AN J, CHO S. Variational autoencoder based anomaly detection using reconstruction probability[R]. Seoul, South Korea:SNU Data Mining Center, 2015. [10] GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems. Montreal, Canada:MIT Press, 2014:1-9. [11] 中华人民共和国国务院. 国家突发公共事件总体应急预案[M]. 北京:中国法制出版社, 2006. State Council of the People's Republic of China. Overall emergency plans for national sudden public incidents[M]. Beijing:China Legal Press, 2006. (in Chinese) [12] MELL P, SCARFONE K, ROMANOSKY S. Common vulnerability scoring system[J]. IEEE Security & Privacy, 2006, 4(6):85-89. [13] FIRST. Common vulnerability scoring system v3.1:Specification document[S/OL].[2019-05-20]. https://www.first.org/cvss/specification-document. [14] 唐成华, 余顺争. 一种基于似然BP的网络安全态势预测方法[J]. 计算机科学, 2009, 36(11):97-100, 168. TANG C H, YU S Z. Method of network security situation prediction based on likelihood BP[J]. Computer Science, 2009, 36(11):97-100, 168. (in Chinese) [15] 赖智全. 基于混合优化RBF神经网络的网络安全态势预测模型[D]. 兰州:兰州大学, 2017. LAI Z Q. Prediction model of network security situation based on hybrid optimization RBF neural network[D]. Lanzhou:Lanzhou University, 2017. (in Chinese)