| "Information revolution" led the great changes at the end of 20th century. With widely use of computers and Internet, the securities of networks become more and more important. When all the computers connect together through the Internet, the meaning of information security has an essential change. Not only from normal protection to common defense, but also from special scope to anywhere now. Researches of networks security situation evaluation become a hot spot under these backgrounds, and higher-level requirement to networks security research is presented. In this paper, first, the common model of networks security situational awareness architecture is described, and studies the evaluation method relevantly: from security situation numeric computation, the AHP arithmetic is analysis, which is promoted by T.L.Satty, an operational researcher of American. It is methodology of multi-targets decision-making with unite of determine the nature analysis and quantitative analysis. This arithmetic absorbs the specialty of behavioral sciences, measure the judgment of experience of decision-making, it is a practical arithmetic under the circumstances of target complex configuration and lack the essential data. It is one of powerful method in system science analyzing, and usually is used as a mathematic tool. Using this powerful tool, and considering the level division of the network services, host, subnet, cyberspace, several of weights, values of security situational awareness architecture can be calculated. The advantage of this arithmetic is that can gather the networks security situational information from under stratum level by level, and weight factor is considered in situation value computing in this arithmetic, this security situation evaluation architecture is very perspicuity, and tally with the requirement of BS7799.As the research problems become more and more complex, the computing of this math model become even more difficult, when cosmically networks security threats burst out, the pefermance of networks equipments and bandwidth toboggan for the highly frequency scanning and detecting on the infect nodes, the security problems occurs in this more complex networks environment. Performance of real time analyzing of situational awareness is greatly effected too; other disadvantage such as AHP cannot give a solution of situational alert in the future. In order to make this computing model better, a powerful tool is introduced, it is Artificial Neural Network- ANN. For the reason of highly error tolerance, association, auto organize, auto study ability of ANN, and its powerful nonlinear mapping function to complex system, it can be applied to solve the problem of cyberspace security situation weight computing. The predominance as follows: first of all, it doesn't need any numeric arithmetic to set up the model, only sample data is used, the black box relationship of input and output will be constructed, and doesn't need to describe the numeric relationship and dimension distribution of real system. Secondly, this method is very swift in construction when the training data is available. The result can output dynamically. Thirdly, its inherent nonlinear data structure and computing process give it ability to process the nonlinear mapping relationship. Finally, the security situation values can be store distributed, combine the store and processing together, error tolerate ability is good in the data store structure, the error can be diminished. not like the numberic computing as before, the introduction of this intelligent technology make the analysis of security situational awareness be more apt to human intelligence, to design the situational weight analysis nerve cell, and form more complicated nonlinear situational evaluation system with nerve cells. this system has adventages, especially in distributed parallel processing and self adapt learning of cosmically cyberspace security situational awareness, this system also improves robustness and tolerance of situational awareness system to a great extent.The trend apperceiving of cyberspace security situational awareness is mainly based on analysis of networks attack data, in this paper, an adapting filter is designed to predict the trend of situational awareness, accordingly, the NN is constructed: when security history data passes the model, the next value will be predicted. In fact, the security situational value changed nonlinearly when time lapses. Its trend is described as networks situational function P(t), it enters the model at time delay input, the earlier two situational data can be input into the model directly from delay input. The adaptor changes weights to make the error minimal, and error output used to drive the weight adjusting. When error goes 0, the prediction is done, this is the purpose.When the cyberspace become more and more complex, especially in the future cyberspace, more factors should be conceded in situational awareness research content. The variation of cyberspace awareness is dynamically analyzed with pre-trained situational awareness model and network security information which is input. And abstracted level of cyberspace situational awareness meaning is formed. And through the situational awareness prediction based on fuzz reason, the trend of future security situation will be observed. All the result set will form a new observation space, and can make the training set of prediction model richer. In the next generation networks, especially in the grid computing application, research of the cyberspace security situational awareness is an important new direction. The purpose is set up the security situational awareness system, and help decision-maker to comprehend the networks security situation, and support them in decision-making and stage-managing. As a hot spot in NGN, the requirement of grid security analysis is even higher. In this paper, a common grid security model introduced, policy metadata mapping of grid security analysis is based on knowledge database. Describe of security information metadata is very important to grid security, encrypt etc. Any grid infrastructure must combine all the resource under protect of grid security architecture, and create a digital, tagged resource database to support the several of grid application. These security applications are some parts of the grid development. Also are hot spots in later research of cyberspace security situational awareness.
|
PDF Full Text Request