Probe On The Network Security Situational Awareness Model Based On The Gray Theory

With the continuous development of computer technology and the wide spread of network application, network security is becoming an important issue which technicians face and many studies relating to the network security technology are becoming muture. Network security situational awareness is a technology which can realize the network security inspection and monitoring. Besides, it is a hot topic on the information security research. It is very significant to carry out this research, for it can improve the emergency response ability of net system, matigate the harm caused by cyber attacks, discover the malicious invasion behavior and improve the system's counter-attack ability. This article aims to study the systematic structure, models and inspection methods of network security situational awareness.Firstly, this article summarizes and analyses the backgrounds , present research situations, relating concepts and the key technology of the network security situational awareness and gray theory.Secondly, this article has a general description of the functions about improved structures which are based on the improvement of multi-source sensors of network security situational awareness system, including sensors, data pre-processing, event relations, target identification, situational assessment, threat assessment , response and pre-warning, database management systems, process optimizatic control and management, trend visualization and so on.Thirdly, this article analyses the methods of network securtiy situational awareness, explains the awareness methods and gray systems , creates a network security situational awareness model on the basis of the gray theory and analyses the model, which is based on the network security systematic structure and commonly used securtiy systematic assessment model.Fourthly, this article uses the data collected by means of Honeynet technology to carry out a simulation experiment on the security situational awareness model , amends the residual values and gives a comprehensive analysis on the results. According to the verification of the simulation experiment, this model can overcome the discrete of primitive data effectively and obtain a reasonable awareness results on the condition of limited information and a vague knowledge of factors which influences net security situations.