CAJ | 학술논문

针对目前网络安全威胁态势分析实时性不足以及对复杂攻击感知敏感度不高的问题，设计实时感知系统结构模型，提出相应的感知方法和分析技术。通过粗集（rough set ， RS），从已有的组合攻击样本数据集中提取复杂攻击规则，结合事件流处理技术（event stream processing ， ESP），实现对安全事件流的在线动态分析检测，提高对复杂攻击的感知能力，提升网络安全威胁态势分析的实时性和客观性。实验验证了该方法的有效性和可行性。
침대목전망락안전위협태세분석실시성불족이급대복잡공격감지민감도불고적문제，설계실시감지계통결구모형，제출상응적감지방법화분석기술。통과조집（rough set ， RS），종이유적조합공격양본수거집중제취복잡공격규칙，결합사건류처리기술（event stream processing ， ESP），실현대안전사건류적재선동태분석검측，제고대복잡공격적감지능력，제승망락안전위협태세분석적실시성화객관성。실험험증료해방법적유효성화가행성。
Aiming at the lack of real‐time analysis of network security threats situation and sensitivity perceived of complex at‐tack ,the architecture of real‐time perceived system was designed ,and the method and analysis technology were proposed .Com‐plex attack rules from the sample were got through rough set (RS) theory .Combining with event stream processing (ESP) tech‐nology ,online dynamic analysis and detection of security event stream was completed .The sensitivity for complex attack was promoted ,so that it can improve the timeliness and objectivity of situation analysis of network security threats .Experiments verifies the effectiveness and feasibility of the proposed method .