Research On Network Security Situational Awareness Model

With the rapid development of computer technology and communication technology,users' demands have continuously increased,the application of computer network is more and more popular and its scale is larger and larger.On the other hand,due to the massive network security events,the traditional security defence systems or detection systems are unable to meet the security requirements and computer network is facing a serious situation of information security.Network security situational awareness technology can fuse multi security elements, dynamically reflect the network security situational as a whole and predict its development trend for early warning.As a result,network security situational awareness model and the key technology has become a hot area of network security research.Based on the analysis of existing methods and technology,this dissertation proposes a network security situational awareness model based on expectant threat and performance correction.First of all,it defines core factors of network security, which including expectant threat and performance correction,gives the related definitions and the formal specifications,and proposes the network security situational awareness model and its framework.After that,it gives the quantitative algorithm of network security situational awareness,computes nodes expectant threat using three methods-expectant state graph,information fusion and log audit which fit different situations,gets nodes security situational by performance correction algorithm,finally computes network security situational by general computing using nodes weights,and draws the network security situational graph. Then it gives the predicting algorithm of network security situational awareness, predicts the future threat by several predicting models,and draws the predicting network security situational graph.At last,this dissertation gives the framework of design and realization of network security situational awareness system,and validates the quantitative algorithm and the predicting algorithm of the network security situational awareness model by analysis of four examples.Network security situational awareness model can help administrators to know the security situational of network as a whole for a period of time and its development trend in the future,which will give good reference for the making of security defence policy to improve network security.