Research On Network Security Situation Awareness Based On Network Traffic

Along with the network scale and user group continues to expand, network security events following with this trend have brought great threat to the security of social and personal information, and network security also attracts more and more attention from all walks of life. Network security situational awareness which is one of the research hotspot of information security provides a new train of thought for the realization of network security monitoring, and research on large-scale network has become a challenging issue with the production of huge amounts of data.Under the background of large scale network data, the traditional intrusion detection methods are often unable to achieve a considerable timeliness. In view of the characteristics of large scale network, which include huge amounts of data, high real-time requirements and complex data sources, the introduction of analysis of network flow can achieve better real-time monitoring and rapid response.This paper proposes a network situation awareness model based on acquisition, storage and real-time analysis of multi-source data, and also designs a real-time network security situational awareness system based on network flows, which includes data acquisition, situation extraction, situation understanding, situation prediction, presentation, also a prototype system is designed and implemented. An anomaly detection algorithm based on anomaly detection and inference of Bayesian network is proposed. First calculate the multiple trend quota includes information entropy based on analysis of network flow, then select some quota through the optimazation of correlation in order to improve the efficiency of learning Bayesian network, and determine whether the quota is abnormal according to the anomaly detection algorithm based on the sliding window, and the Bayesian network anomaly detection model is constructed based on the BIC score and mountain climbing algorithm and the model is used to judge the behavior of network attack based on the inference of Bayesian network.The model has been able to make up for some deficiencies in the current stage of network situation awareness after experimental verification, and also made beneficial exploration in the large-scale network situation awareness research direction, which has positive significance in both theory and practical application.