| With the fast development of Internet technologies, computer networks have played an increasingly important role in the fields of politics, economy, military, and social life. However, there are too many attacks, Trojans, viruses and other threats in Internet, which make the network security situation even worse. Although the firewalls, VPN, IDS, anti-virus software, identity authentication, data encryption, security audit and other network security management products have been widely used, these devices are often limited to single point and single security issues which cannot mutually support each other or work together. There are so many redundancies and false alarms in the logs that make them cannot satisfy the security monitoring requirements of global network or large-scale network. As a result, this paper does research work on security alerts correlation analysis, network threat & macrco situation assessment and situation trend prediction. It mainly includes:Firstly, according to the principles of the network security situation dissertation select the threat evaluation indicators. On this basis, a quantitative evaluation method is proposed. To solve the problem of the unclearness in selecting coefficients of gray correlation analysis, a weight-determined method which based on improved gray relational analysis is proposed. The method assigns normalized weight to evaluation indicators with AHP (Analytic Hierarchy Process), and then assigns the quantified weight which is close to comparing numerical sequence and reference sequence. Accordingly Dissertation realize the amendment for the traditional gray relation analysis model, and the weight is more objective and credible.Secondly, a security alerts method based on hierarchical clustering is proposed. It clusters alerts hierarchically combined with different clustering methods. This method takes the advantage of different clustering algorithms, and avoids the single clustering result caused by single method. In addition, a security alerts correlation method based on attract graph is presented. With this method, weakness-used nodes'distance (attract graph distance) is obtained by using the informations of attract graph. We can measure the correlativity of security alerts according to the attract graph, and then correlate multi-step attracts.Thirdly, Dissertation propose a network threat situation assessment model based on Grey-Fuzzy weight matrix and a network situation assessment model based on ANIFS. With the fuzzy weight matrix, we can evaluate the dangerous degree of network threats and draw the threat situation trend picture. With the grey relation analysis, Dissertation can sort the threat degrees of different attacks and hosts and find out which type is more dangerous and which host is more threaten. With the indicatiors extracted from IDS and Nessus, we fuse and evaluate them with ANIFS and ultimately express the network security situation trend in a qualified form.Finally, Dissertation solve the network security situation trend prediction problem with time series analysis technology. With the analysis of the historical and current situation, Dissertation analysis the trend data series with ARMA model and get a relatively accurate predicted value of network security situation trend.
|
PDF Full Text Request