基于数据挖掘的企业局域网安全态势感知方法
Enterprise LAN Security Situation Awareness Method Based on Data Mining
朱赛华1
作者信息
- 1. 常州博瑞电力自动化设备有限公司,江苏常州 213025
- 折叠
摘要
为提高企业局域网运行的安全性与稳定性,准确感知和应对潜在的网络威胁,开展基于数据挖掘的企业局域网安全态势感知方法研究.首先,采集并预处理企业局域网安全数据.然后,利用数据挖掘算法,设计关联规则挖掘,从安全数据中提取网络态势特征.最后,构建态势评估模型,计算企业局域网安全态势的基本指数,评估当前企业局域网的态势情况,分析可能的威胁来源,确定威胁级别及对应威胁程度,实现安全态势感知.实验结果表明,该方法应用后,感知误报率均低于0.5%,能够准确识别出潜在的安全威胁,从而提高企业的网络安全防护能力.
Abstract
In order to improve the security and stability of enterprise LAN operation,and accurately perceive and deal with potential network threats,research on enterprise LAN security situation awareness method based on data mining is carried out.First,the enterprise LAN security data is collected and preprocessed.Then,by using data mining algorithm,we design association rule mining to extract network situation characteristics from security data.Finally,the situation assessment model is constructed to calculate the basic index of the enterprise LAN security situation,perceptively evaluate the current situation of the enterprise LAN,analyze possible threat sources,determine the threat level and corresponding threat degree,and realize the security situation awareness.The experimental results show that after the application of this method,the perceived false positive rate is less than 0.5%,and the potential security threats can be accurately identified,so as to improve the network security protection ability of enterprises.
关键词
数据挖掘/企业/局域网/安全态势感知Key words
data mining/enterprise/local area network/secure situation awareness引用本文复制引用
出版年
2024
NETL
NSTL
万方数据