摘要
网络空间中的实体推断是网络空间测绘研究的重要内容之一,主要通过综合多源数据实现对网络空间中各类实体的分类与识别。本文首先提出了网络空间的实体分类模型,基于此模型提出了一种低开销的网络实体探测分类方法。首先对于探测发现的IP地址,采用别名解析技术将属于一个设备的多个IP映射为一个网络实体;然后采用决策树对网络实体分类进行粗粒度分类;最后,再基于贝叶斯网络进行详细分类。为验证分类效果,以江苏省某市为例进行了探测分析并与备案数据进行了对比,试验结果表明该方法可以有效地对网络空间中的各类实体进行判别,从而为网络空间地图构建、态势分析等应用提供技术支撑。
Network entity inference is one of the important contents in cyberspace surveying and mapping.Network entity inference and calibration need to synthesize multi-source data,classify nodes in network space by synthetical judgment.Thus,the entity classification model in network space is proposed.Based on this model,a low-overhead network entity detection classification method is proposed.Firstly,for IP addresses detected by detection,the alias parsing technology is used to map multiple IP addresses belonging to a device into a network entity;Then,the decision tree is used to classify network entities in a coarse-grained manner;Finally,the Bayesian network is used to classify them in detail.Taking a city in Jiangsu Province as an example,the detection and analysis are carried out and compared with the recorded data.The experimental results show that the method can effectively classify various types of entities in the network space,thus providing support for network space map construction,situation analysis and other applications.
作者
马旸
仲思超
蔡冰
王占丰
MA Yang;ZHONG Sichao;CAI Bing;WANG Zhanfeng(Jiangsu Branch of National Computer Network and Information Security Management Center,Nanjing,210003,China;School of Computer Science and Engineering,Southeast University,Nanjing,211189,China)
出处
《南京航空航天大学学报》
EI
CAS
CSCD
北大核心
2019年第6期870-878,共9页
Journal of Nanjing University of Aeronautics & Astronautics
关键词
网络空间测绘
网络实体
贝叶斯
标注
network space surveying and mapping
network entities
Bayesian
annotation
作者简介
通信作者:马旸,男,高级工程师,E-mail:mayang@jsca.gov.cn。
