基于GEP-CPN的可信网络终端行为聚类模型的研究
|
摘要
在当前网络发展中,网络安全所表现出的脆弱性越来越突出。虽然针对越来越多的网络攻击,相关研究者或技术人员提出相应的有效补救措施,如各种各样的防火墙,杀毒软件及专门针对某一领域内的安全防范软件等,但是,其采取的普遍防护措施都是以阻止外来攻击作为主要设计手段,并没考虑到网络终端本身所存在的安全隐患问题,而在安全问题上,终端的不安全性与不可信性是造成网络出现安全威胁的关键原因。正由于此,国内外学者在近几年对网络提出了可信网络的概念,试图对这些问题提出一种可行的方法措施,并取得了一定的研究成果。
而在可信网络中,尤以用户终端行为是一大研究热点问题,如:如何对终端行为的属性进行统一的形式化描述;在终端连接网络时,怎么样建立终端的认证机制,如何解决一个用户终端在其向服务提供者提交请求时辨别与确定其行为的可信级别等。
本文基于此提出了一种基于神经网络的改进方法对可信网络终端行为进行预测与控制,以达到更好地保障网络的安全与可信。首先研究了当前可信网络中存在的问题,和在可信领域中网络终端行为证据提取的关键技术,研究了用户终端行为证据的一般性评估方法;然后结合对偶传播神经网络(Counter Propagation Networks, CPN)机制和基因表达式(Gene Expression Programming, GEP)算法思想,设计了基于GEP-CPN的可信网络终端行为聚类模型,并通过实验与实例分析证明了该模型的有效性和优越性。
本文主要工作有以下几个方面:
a)分析了可信网络终端用户行为证据的定义及其特点,证据的获得与规范化。然后利用这些方法所得到的数据集,即是对不同种类的用户行为证据中各种相关的特征进行研究。
b)研究怎么样改进CPN网络,使其能够跳离传统网络的束缚,达到更好的训练网络。即是优化输入向量以及对传统CPN中Kohonen层的各神经元对应的权向量尽可能做到与实际输入向量的分布一致。
c)对新模型进行聚类结果的评估,在文本数据集下,对不同的聚类方法进行比较分析。
d)由于要对网络终端用户行为证据进行一定的分析,才能对网络本身做出正确的判断,以及聚类分析能够从数据集中抽取出各个数据对象之间有必然价值的联系,因此本文通过对其行为数据进行聚类分析,实验证明该模型在系统的安全性能上有一定的改善,且能有效地为保障整个网络的安全提供参考。
The network security has become increasingly manifest its vulnerability in current network development. For a growing number of network attacks, the relevant researchers or technical staffs propose appropriate and effective remedial measures. For example, a variety of firewall, antivirus software and the security software for a specifically field, etc. But, these protective measures is designed to prevent external attacks as the primary means, the security problem of the network terminal itself did not be taken into. On the security issues, the insecurity and incredible of the terminal is the key reason in the existence of network security threats. Because of this, domestic and foreign scholars have presented the concept of the trusted network in recent years, trying to make a feasible measure for these issues, at the same time, these scholars get some research and application results.
In the trusted network, especially the user terminal behavior is a major research focus. For example, how make the properties of the terminal behavior as a unified formal description. In the terminal connecting to the network, how to build the terminal authentication mechanisms, how to solve a user terminal submit its request to the service provider for identifying and determining the credibility level of their behavior, and so on.
Based on these, this paper present an improving method based on neural network for predicting and control the terminal behavior of the Trusted Network, to achieve better protection of network security and credibility. First, study the current problems in the trusted network, and the key thechnique that how to extract the evidence in credible field. And then research the general assessment method of the terminal users’evidence. Second, combined with the counter propagation network (CPN) mechanism and gene expression programming (GEP) algorithm, designed the model of clustering on the terminal behavior of trusted networks based on GEP-CPN, Finally, the validity and superiority of the presented algorithm is demonstrated by experiments.
This paper makes mainly the following contributions:
a) Analyse the definite and characteristic of the terminal user evidence in trusted network, obtain and standardize the evidence. And then obtain data set by using these metods, that is: the various relevant characteristics in the evidence of the different users’behaviors are studied.
b) Study how to improve the CPN network for jumping off the shakles of the traditional CPN network, to achieve best training networks. That is: optimize the input vector and enable the weight vector of these neurons in the Kohonen of the traditional CPN network to consistent with the actual input vectors as possible as it can.
c) Evaluated the clustering result on the new model, and compared the various cluster methods with the same text data set.
d) Before making the right judgement for the network itself, the evidecnces of the terminal users’behaviors in network must be anlysised. And cluster analysis can extract the useful links between the different data in the data set. So this paper cluster and analy the data of behavior in the network, experiments show that the model have some improvements on the security of the network, and can effectively provide consultation for protecting the entire network.
而在可信网络中,尤以用户终端行为是一大研究热点问题,如:如何对终端行为的属性进行统一的形式化描述;在终端连接网络时,怎么样建立终端的认证机制,如何解决一个用户终端在其向服务提供者提交请求时辨别与确定其行为的可信级别等。
本文基于此提出了一种基于神经网络的改进方法对可信网络终端行为进行预测与控制,以达到更好地保障网络的安全与可信。首先研究了当前可信网络中存在的问题,和在可信领域中网络终端行为证据提取的关键技术,研究了用户终端行为证据的一般性评估方法;然后结合对偶传播神经网络(Counter Propagation Networks, CPN)机制和基因表达式(Gene Expression Programming, GEP)算法思想,设计了基于GEP-CPN的可信网络终端行为聚类模型,并通过实验与实例分析证明了该模型的有效性和优越性。
本文主要工作有以下几个方面:
a)分析了可信网络终端用户行为证据的定义及其特点,证据的获得与规范化。然后利用这些方法所得到的数据集,即是对不同种类的用户行为证据中各种相关的特征进行研究。
b)研究怎么样改进CPN网络,使其能够跳离传统网络的束缚,达到更好的训练网络。即是优化输入向量以及对传统CPN中Kohonen层的各神经元对应的权向量尽可能做到与实际输入向量的分布一致。
c)对新模型进行聚类结果的评估,在文本数据集下,对不同的聚类方法进行比较分析。
d)由于要对网络终端用户行为证据进行一定的分析,才能对网络本身做出正确的判断,以及聚类分析能够从数据集中抽取出各个数据对象之间有必然价值的联系,因此本文通过对其行为数据进行聚类分析,实验证明该模型在系统的安全性能上有一定的改善,且能有效地为保障整个网络的安全提供参考。
The network security has become increasingly manifest its vulnerability in current network development. For a growing number of network attacks, the relevant researchers or technical staffs propose appropriate and effective remedial measures. For example, a variety of firewall, antivirus software and the security software for a specifically field, etc. But, these protective measures is designed to prevent external attacks as the primary means, the security problem of the network terminal itself did not be taken into. On the security issues, the insecurity and incredible of the terminal is the key reason in the existence of network security threats. Because of this, domestic and foreign scholars have presented the concept of the trusted network in recent years, trying to make a feasible measure for these issues, at the same time, these scholars get some research and application results.
In the trusted network, especially the user terminal behavior is a major research focus. For example, how make the properties of the terminal behavior as a unified formal description. In the terminal connecting to the network, how to build the terminal authentication mechanisms, how to solve a user terminal submit its request to the service provider for identifying and determining the credibility level of their behavior, and so on.
Based on these, this paper present an improving method based on neural network for predicting and control the terminal behavior of the Trusted Network, to achieve better protection of network security and credibility. First, study the current problems in the trusted network, and the key thechnique that how to extract the evidence in credible field. And then research the general assessment method of the terminal users’evidence. Second, combined with the counter propagation network (CPN) mechanism and gene expression programming (GEP) algorithm, designed the model of clustering on the terminal behavior of trusted networks based on GEP-CPN, Finally, the validity and superiority of the presented algorithm is demonstrated by experiments.
This paper makes mainly the following contributions:
a) Analyse the definite and characteristic of the terminal user evidence in trusted network, obtain and standardize the evidence. And then obtain data set by using these metods, that is: the various relevant characteristics in the evidence of the different users’behaviors are studied.
b) Study how to improve the CPN network for jumping off the shakles of the traditional CPN network, to achieve best training networks. That is: optimize the input vector and enable the weight vector of these neurons in the Kohonen of the traditional CPN network to consistent with the actual input vectors as possible as it can.
c) Evaluated the clustering result on the new model, and compared the various cluster methods with the same text data set.
d) Before making the right judgement for the network itself, the evidecnces of the terminal users’behaviors in network must be anlysised. And cluster analysis can extract the useful links between the different data in the data set. So this paper cluster and analy the data of behavior in the network, experiments show that the model have some improvements on the security of the network, and can effectively provide consultation for protecting the entire network.
引文
[1] TCG Web Site. http://www.trustedcomputinggroup.org.
[2]张焕国,陈璐,张立强.可信网络连接[C]. TCTP’2009.
[3] Shen Changxiang, Zhang Huanguo, Feng Dengguo, Cao Zhenfu, Huang Jiwu. Survey of Information Security[J]. Science in Chian Series F, Vol.50, No.3, Jun,2007,pp, 273-298.
[4] Trusted Computing Group [EB/OL]. http://www.trustedcomputinggroup.org.
[5] Lin Chuang, Wang Yuanzhuo, Tian Liqin. Development of trusted network and challenges it faces [J]. ZTE Communications, 2008, 6(1): 13-17.
[6]林闯,彭雪海.可信网络研究[J].计算机学报, 2005,28(5):751-758
[7]林闯,田立勤,王元卓.可信网络中用户行为可信的研究[J].计算机研究与发展.2008, 45(12): 2033-2043.
[8] TCG Web Site. http://www.trustedcomputinggroup.org/network/.
[9] TCM Web Site. http://www.tcmu.org.cn/2008/1211/175.html.
[10] Neumann P.G., Principled assuredly trustworthy composable aschitectures [EB/ OL], http://www.csl.sri.com/neumann/chats4.html.
[11] Ellison R.J., Moore A.P., Trustworthy refinement through intrusion-aware design (TRIAID):An overwiew[EB/OL],Proceedings of the 3rd Annual High Confidence Software and Systems Conference, 2003, http://www.cert.org/archive /pdf/ traid. pdf.
[12] Antonio Lioy,Gianluca Ramunno, Davide Vernizzi.Trusted Computing and Infrastructure Commons[EB/OL]. http://www.communia-project.eu/communia files/ws01p _Communia-TrustedComputinAndCommons.pdf.
[13] David Clark, Karen Sollins, John Wroclawski. NewArch Project: Future-Gene- ration Internet Architecture[EB/OL]. http://www.isi.edu/newarch/iDOCS/final. finalreport .pdf.
[14] A. Seshadri, M.Luk, E.Shi, A.Perring, L.van Doorn, and P.Khosla. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platform[J]. In Symposium on Operating System Principles, 2005.
[15] Rick Kennell, Leah H. Jamieson, Establishing the of Remote Computer Systems[J]. USENIX Security,2003.
[16] Huawei Product. Http://www.huawei.com.
[17]李鸿培.可信网络架构概述[R].北京天融信公司. 2005,11.
[18]曲延文.软件行为学[M].北京:电子工业出版社.
[19]邱宜辉,陈志德,许力.基于BP神经网络的可信网络用户行为预测模型[J].福建电脑,2009年第一期,70~71.
[20] C. Feerrira,Gene Expression Programming: A new Adaptive Algorithm of Resolving Problems[J]. Complex System, Vol.13,No.2,PP.8—7129, 2001.
[21] Chang-an Yuan, Chang-jie Tang, Jie Zuo, An-long Chen, Yuan-guang Wen, Attribute Reduction Function Mining Algorithm Based on Gene Expression Programming[J]. Proceedings of 2006 International Conference on Machine Learning and Cybernetics(ICMLC 2006),1007-1012.
[22]邓松,元昌安等.基于GEP和神经网络的属性约简分类算法[J].计算机工程与应用.2006.23,154-157
[23]吴江,李太勇,刘洋洋,唐常杰.基于基因表达式编程的代价敏感分类算法[J].吉林大学学报(信息科学版).2009,7.27(4).418-423
[24]邓松,王汝传.一种基于网格服务的分布式GEP-BP分类算法[J].电子学报. Nov.2009 .Vol . 37. No. 11
[25] QIN Xiao,YUAN Chang-an.Text clustering method based on genetic algorithm and SOM network[J]. Computer Applications,Vol 28 No.3 Mar 2008,757-760.
[26] LIANG Na, ZHANG Ji-gang. Prediction of the customer value based on rough set and CPN network[J]. Statistics and Decision, 2008 (5):155-156.
[27] CHEN Jing-wen, PENG Zhe. Study on Web text extraction based on CPN network[J]. New Technology of Library and Information Service.2008(11):65-71.
[28] LI Lin-qing, HAO YuAn. Algorithm for Fingerprint Recognition Based on Improved CPN[J].Computer Simulation Vol.23, Nov.2006,279-283.
[29] YANG Zhan-hua, YAN Yan. Research and Development of Self-organizing Maps Algorithm[J]. Computer Engineering. 2006,16(8):201- 203.
[30]钱洁,薛昌春,秦海玉.新一代网络技术——主动网络[J].湖北汽车工业学院学报,2003,17(2):34-38.
[31]王莹.网络隔离技术[J].微计算机应用,2003,24(3):133-136.
[32]杨云,宓佳,党宏社.嵌入式入侵检测系统的设计与实现[J].计算机工程与设计,2011,vol.32,No.1,21-23,27.
[33]王功明,关永,赵春江等.可信网络框架及研究[J].计算机工程与设计. Vol.28,No.5, Mar.2007:1016-1019.
[34] http://www.net130.com.
[35]欧阳毅,周立峰,张绍莲等.安全可信网络系统的标准与实现[J].计算机应用与软件,2002,19(11):40-43.
[36]于志勤,曾国荪.网格环境下的基于行为的信任评估模型[J].计算机应用与软件.Vol.22,No.2,Feb.2005:62-64.
[37]赵洁,肖南峰,钟军锐.基于贝叶斯网络和行为日志挖掘的行为信任控制[J].华南理工大学学报(自然科学版),Vol.37,No.5,May.2009:94-100.
[38] T. L. Saaty, The Analytic Hierarchy Process:Planning, Priority Setting, Resource Allocation[M]. McGraw-Hill, NewYork, 1980.
[39] Zongli Jiang. Introduction to Aritificial Neural Networks [M]. BeiJing: Higher Education Express. 2008.
[40] http:// kdd.ics.uci.edu/databases/20newsgroups/20newsgroups.html.
[41]周明,孙树栋.遗传算法原理及应用[M].北京:国防工业出版社,1999
[42] Bo Su; Li Wang. Application of Proteus Virtual System Modelling (VSM) in Teaching of Microcontroller[J]. 2010 International Conference on E-Health Network- ing, Digital Ecosystems and Technologies Proceedings(Volume 2),2010.
[43] XU Hou-jin,LIU Yong-yan,et al. K-means text clustering algorithm based on similar centroid[J].Computer Engineering and Design,2010,31(8):1802-1805.
[44]冀铁果,田立勤,胡志兴等.可信网络中一种基于AHP的用户行为评估方法[J].计算机工程与应用.2007,43(19):123-126,151.
[2]张焕国,陈璐,张立强.可信网络连接[C]. TCTP’2009.
[3] Shen Changxiang, Zhang Huanguo, Feng Dengguo, Cao Zhenfu, Huang Jiwu. Survey of Information Security[J]. Science in Chian Series F, Vol.50, No.3, Jun,2007,pp, 273-298.
[4] Trusted Computing Group [EB/OL]. http://www.trustedcomputinggroup.org.
[5] Lin Chuang, Wang Yuanzhuo, Tian Liqin. Development of trusted network and challenges it faces [J]. ZTE Communications, 2008, 6(1): 13-17.
[6]林闯,彭雪海.可信网络研究[J].计算机学报, 2005,28(5):751-758
[7]林闯,田立勤,王元卓.可信网络中用户行为可信的研究[J].计算机研究与发展.2008, 45(12): 2033-2043.
[8] TCG Web Site. http://www.trustedcomputinggroup.org/network/.
[9] TCM Web Site. http://www.tcmu.org.cn/2008/1211/175.html.
[10] Neumann P.G., Principled assuredly trustworthy composable aschitectures [EB/ OL], http://www.csl.sri.com/neumann/chats4.html.
[11] Ellison R.J., Moore A.P., Trustworthy refinement through intrusion-aware design (TRIAID):An overwiew[EB/OL],Proceedings of the 3rd Annual High Confidence Software and Systems Conference, 2003, http://www.cert.org/archive /pdf/ traid. pdf.
[12] Antonio Lioy,Gianluca Ramunno, Davide Vernizzi.Trusted Computing and Infrastructure Commons[EB/OL]. http://www.communia-project.eu/communia files/ws01p _Communia-TrustedComputinAndCommons.pdf.
[13] David Clark, Karen Sollins, John Wroclawski. NewArch Project: Future-Gene- ration Internet Architecture[EB/OL]. http://www.isi.edu/newarch/iDOCS/final. finalreport .pdf.
[14] A. Seshadri, M.Luk, E.Shi, A.Perring, L.van Doorn, and P.Khosla. Pioneer: Verifying integrity and guaranteeing execution of code on legacy platform[J]. In Symposium on Operating System Principles, 2005.
[15] Rick Kennell, Leah H. Jamieson, Establishing the of Remote Computer Systems[J]. USENIX Security,2003.
[16] Huawei Product. Http://www.huawei.com.
[17]李鸿培.可信网络架构概述[R].北京天融信公司. 2005,11.
[18]曲延文.软件行为学[M].北京:电子工业出版社.
[19]邱宜辉,陈志德,许力.基于BP神经网络的可信网络用户行为预测模型[J].福建电脑,2009年第一期,70~71.
[20] C. Feerrira,Gene Expression Programming: A new Adaptive Algorithm of Resolving Problems[J]. Complex System, Vol.13,No.2,PP.8—7129, 2001.
[21] Chang-an Yuan, Chang-jie Tang, Jie Zuo, An-long Chen, Yuan-guang Wen, Attribute Reduction Function Mining Algorithm Based on Gene Expression Programming[J]. Proceedings of 2006 International Conference on Machine Learning and Cybernetics(ICMLC 2006),1007-1012.
[22]邓松,元昌安等.基于GEP和神经网络的属性约简分类算法[J].计算机工程与应用.2006.23,154-157
[23]吴江,李太勇,刘洋洋,唐常杰.基于基因表达式编程的代价敏感分类算法[J].吉林大学学报(信息科学版).2009,7.27(4).418-423
[24]邓松,王汝传.一种基于网格服务的分布式GEP-BP分类算法[J].电子学报. Nov.2009 .Vol . 37. No. 11
[25] QIN Xiao,YUAN Chang-an.Text clustering method based on genetic algorithm and SOM network[J]. Computer Applications,Vol 28 No.3 Mar 2008,757-760.
[26] LIANG Na, ZHANG Ji-gang. Prediction of the customer value based on rough set and CPN network[J]. Statistics and Decision, 2008 (5):155-156.
[27] CHEN Jing-wen, PENG Zhe. Study on Web text extraction based on CPN network[J]. New Technology of Library and Information Service.2008(11):65-71.
[28] LI Lin-qing, HAO YuAn. Algorithm for Fingerprint Recognition Based on Improved CPN[J].Computer Simulation Vol.23, Nov.2006,279-283.
[29] YANG Zhan-hua, YAN Yan. Research and Development of Self-organizing Maps Algorithm[J]. Computer Engineering. 2006,16(8):201- 203.
[30]钱洁,薛昌春,秦海玉.新一代网络技术——主动网络[J].湖北汽车工业学院学报,2003,17(2):34-38.
[31]王莹.网络隔离技术[J].微计算机应用,2003,24(3):133-136.
[32]杨云,宓佳,党宏社.嵌入式入侵检测系统的设计与实现[J].计算机工程与设计,2011,vol.32,No.1,21-23,27.
[33]王功明,关永,赵春江等.可信网络框架及研究[J].计算机工程与设计. Vol.28,No.5, Mar.2007:1016-1019.
[34] http://www.net130.com.
[35]欧阳毅,周立峰,张绍莲等.安全可信网络系统的标准与实现[J].计算机应用与软件,2002,19(11):40-43.
[36]于志勤,曾国荪.网格环境下的基于行为的信任评估模型[J].计算机应用与软件.Vol.22,No.2,Feb.2005:62-64.
[37]赵洁,肖南峰,钟军锐.基于贝叶斯网络和行为日志挖掘的行为信任控制[J].华南理工大学学报(自然科学版),Vol.37,No.5,May.2009:94-100.
[38] T. L. Saaty, The Analytic Hierarchy Process:Planning, Priority Setting, Resource Allocation[M]. McGraw-Hill, NewYork, 1980.
[39] Zongli Jiang. Introduction to Aritificial Neural Networks [M]. BeiJing: Higher Education Express. 2008.
[40] http:// kdd.ics.uci.edu/databases/20newsgroups/20newsgroups.html.
[41]周明,孙树栋.遗传算法原理及应用[M].北京:国防工业出版社,1999
[42] Bo Su; Li Wang. Application of Proteus Virtual System Modelling (VSM) in Teaching of Microcontroller[J]. 2010 International Conference on E-Health Network- ing, Digital Ecosystems and Technologies Proceedings(Volume 2),2010.
[43] XU Hou-jin,LIU Yong-yan,et al. K-means text clustering algorithm based on similar centroid[J].Computer Engineering and Design,2010,31(8):1802-1805.
[44]冀铁果,田立勤,胡志兴等.可信网络中一种基于AHP的用户行为评估方法[J].计算机工程与应用.2007,43(19):123-126,151.