Network Security Situation Assessment Research Based On Deep Learning

With the development of society,the size of the Internet is also growing,and network security issues are endless.Cyber attacks not only affect the network environment of or-dinary individual users,but also seriously endanger the network security of enterprises,governments and even countries.Network security assessment proceeds from the overall,integrates heterogeneous network security indicators effectively,describes the current net-work environment comprehensively,and provides a more intuitive overview of network security for network management decision makers.This thesis applies deep learning to situation assessment,uses one-dimensional convolutional neural network(1DCNN)ex-tract situational features.Multi-channel situation assessment,adaptive weighted fusion of situation features,and multi-model ensemble situation assessment are proposed.The specific work is as follows:(1)In view of the fact that there is no unified dataset in the current field of network security situation assessment,this thesis uses the network security information and dynamic weekly reports published by the National Internet Emergency Response Cen-ter(CNCERT)to make a network security situation dataset.Aiming at the problems of missing indicators and lack of samples and slight imbalance in the dataset,this thesis uses KNN-based interpolation algorithm and Kmeans-SMOTE algorithm to improve the dataset?(2)Aiming at the problems of traditional network security situation assessment with many manual interventions and machine learning methods often ignoring the implicit cor-relation between situation indicators,this thesis proposes a situation assessment model based on deep learning and multi-channel mechanism — MC-1DCNN(Multi Channel1DCNN).1DCNN's local perceptual principle can use the position information of the sit-uation indicators to learn the correlation between adjacent situation indicators and enrich the situation features.This thesis divides the indicators in the CNCERT dataset into 4categories according to CNCERT rules: indicators based on network virus activity,indi-cators based on website security,indicators based on vulnerability,and indicators based on security incidents.Since different types of indicators represent different types of network security issues,this thesis based on the multi-channel network structure,extracting four types of situation features through 1DCNN to ensure the independence between the features.Because the four types of situational features all have a certain impact on the final situation,this thesis uses the concat method to form a more comprehensive feature and evaluate the situation.Experiments show that the MC-1DCNN model performs well on the CNCERT situation dataset,with accuracy and recall rates reaching 92.65 % and87.05 %,respectively?(3)In order to analyze the importance of each channel's feature in the MC-1DCNN model,this thesis proposes an adaptive weighted feature fusion method.This method adaptively assigns weights to the features of each channel through the self-learning of the neural network,avoiding the defects of artificially defined weights and fixed weights,and further improves the situation assessment accuracy and recall rate of the MC-1DCNN model.In addition,according to the feature weight of each channel,the degree of influ-ence of various indicators in the sample on the current situation can be analyzed,thereby facilitating network management decision makers to take targeted measures?(4)In order to improve the stability and adaptability of the situation assessment model,this thesis proposes an optimization method based on weighted bagging ensemble.This ensemble method randomly generates many sub-training sets in the training set to obtain different data characteristics of the CNCERT dataset and improve the robust-ness of the model.Because the performance of each basic model is different,this thesis proposes a weighted voting method to integrate the evaluation results of multiple models to improve the effectiveness of ensemble.Experiments show that the weighted bagging ensemble optimization method can further improve the model accuracy and recall rate,reaching 94.03 % and 88.73 %,respectively.