Technology Research Of Based On Indicators Extracted Network Security Situational Awareness

With the rapid development of Internet technology, network services increasingly widespread, the network plays an increasingly important role in social development. Therefore, it is necessary to maintain safe operation of the network. To this end, people introduces a variety of safety equipment into network environment, such as IDS, firewalls, vulnerability scanning etc. Initially introduced security devices solve the problem for a particular security device, but with the increased range of the device, the security device events reported range of different formats, which not only increases the workload of the security administrator of the network, but also make it difficult to form a security grasp the overall situation and make timely decisions to maintain network security because of the lack of interaction between the security devices. So this issue for network security situation awareness has become increasingly popular perception of the current research directions.Situational awareness refers to collect, process, and extract a variety of factors affecting network security situational from network environments, then build index system, establish evaluation model to assess the security situation and predict the future trend of the index from the macro by making use of the index of the current network security situation awareness.Based on studying the predecessors’ research works, the article regarded the security events and network node resource information as the source of extracting index, constructed a tree index system. With combining with indicator system, it proposed a hierarchical network security situation assessment model, used fuzzy analytic hierarchy process (FAHP) to solve the problem of weight calculation among the model, designed Index calculation method for calculating network security posture index. Finally, it gave the design and implementation of a network security situation analysis prototype system.The main work is included in the following aspects:1. Previously researchers situational awareness on study, a detailed analysis of the relevant technical theory of situational awareness of the concept of the classical model and situational awareness, and related technologies point to compare the characteristics of research methods;2. Given the situational awareness of the workflow, a clear focus of this study-the index system and situation assessment role and position in the whole of situational awareness, through previous studies and comparative indicators of extraction methods, proposed a tree-index system, the indicator system with network security events and network node resource information for indicators extracted data source, making the index to extract a wider range of data sources.3. In conjunction with the presentation in front of the index system and structural characteristics of the network system, established a hierarchical network security situation assessment model, applying FAHP method to solve the problem of power from model. Compared with AHP one, the consistency adjustment process of this method became more simply, Proposed the calculating index method to calculate network situation index.4.With combining with tree-index system and evaluation model proposed above, gave design and implementation of the network security situation analysis prototype system, the situation assessment modules were designed and implemented in detail, and verified the reasonableness of assessment result by experiment.