基于事件与环境协同感知的典型网络安全事件场景构建技术研究

Network security event scenario is one of the most effective method for the prediction, assessment, response, offensive and defensive drills of large-scale network security events. Scenario is composed of two parts, one of which is network security event, and the other is network environment. How to make scenario to characterize the processes of the development of network security event and the corresponding changes of network environment really, reasonably and effectively is the research goal of this subject. With regard to these purposes, based on the true data of network security monitoring events and environment, this subject proposes solutions for the related several key issues. Firstly, to enhance the accuracy of mined event correlation and solve the problem of self-mining, we propose a method for network security event correlation mining based on similarity and causality. Secondly, to solve the authenticity problem of network environment abstraction, we propose a network environment abstraction model based on event conduction view and regional influence. Thirdly, to solve the reasonable problem of event model, we propose a complex network security event model based on phase division and temporal-spatial correlation. Finally, to enhance the effectiveness of scenario deduction, we propose a method for parallel scenario rehearsal based on automatic construction of security event. This subject has important application prospect, higher theoretical significance and practical value for the response of large-scale burst network security event, the forecast of network security event situation, the assessment of event impact, and the Internet offensive and defensive drills, etc.

网络安全事件场景是研究大规模网络安全事件预测、评估、应对，及攻防演练的最有效手段之一。场景由事件和网络环境两部分组成，如何使场景能够真实地、合理地、高效地刻画网络安全事件的发展及其引起网络环境变化的过程是本课题的研究目标。为此，在真实网络安全事件监测数据及网络环境数据的基础上，本课题提出基于相似度及因果关系的网络安全事件关联关系挖掘方法，解决事件关联关系挖掘准确性及自挖掘问题；提出基于事件传导视图和区域影响力的网络环境抽象模型，解决网络环境抽象的真实性问题；提出基于阶段划分与时空关联的复杂网络安全事件建模，解决事件建模的合理性问题；提出基于安全事件自动构建的场景并行推演方法，解决场景推演的高效性问题。本课题的研究在大规模突发网络安全事件应对、网络安全事件态势预测与影响力评估、互联网攻防演练等方面具有重要的应用前景、较高的理论意义和实用价值。

网络安全事件场景是研究大规模网络安全事件预测、评估、应对，及攻防演练的最有效手段之一。场景由事件和网络环境两部分组成，如何使场景能够真实地、合理地、高效地刻画网络安全事件的发展及其引起网络环境变化的过程是本课题的研究目标。为此，在真实网络安全事件监测数据及网络环境数据的基础上，本课题提出基于相似度及因果关系的网络安全事件关联关系挖掘方法，解决事件关联关系挖掘准确性及自挖掘问题；提出基于事件传导视图和区域影响力的网络环境抽象模型，解决网络环境抽象的真实性问题；提出基于阶段划分与时空关联的复杂网络安全事件建模，解决事件建模的合理性问题；提出基于安全事件自动构建的场景并行推演方法，解决场景推演的高效性问题。本课题的研究在大规模突发网络安全事件应对、网络安全事件态势预测与影响力评估、互联网攻防演练等方面具有重要的应用前景、较高的理论意义和实用价值。