Research On Key Techniques In Network Security Situation Assessment And Prediction

As the network system application increasingly involved in the production and living, the network security issues have been paid more and more attention. To solve those various security issues, Network Security Situational Awareness provides more perfect and comprehensive solution, in opposition to those only focus on the sole security aspect, thus become a hot topic. The optimal solution of the perception of the network security situation in terms of architecture design, algorithm design has not been unified. A host of ideas have constantly been proposed and there is still a relatively wide space for study. Model framework, algorithm optimization has been studied in this paper, and there are the main work and innovation points:We analyse the existing hierarchical network security situation awareness assessment techniques. For the problem of D-S evidence theory lacking of considering the time factor in the multi-source data fusion stage, with the time parameter introduced, the time-varying D-S theory of evidence-based data fusion method is given to improve the information fusion layer in the threat situation quantitative assessment model and to perfect the model. In the experiment, with the comparison of time-varying assessment model and the non-time-varying one, it is very clear that the result of the former model is more in line with the actual situation and optimizes the results of the assessment.To continue to improve the threat situation quantitative assessment model, this paper proposes to use the concept of host correlation to study the impact of the associated hosts to the security situation of the target host, in order to improve calculation method for the host security situation in the host situation analysis layer. In this study, correlation analysis between the hosts in a network software system is instantiated into the one between the modules on the host. This paper studies and gives a series of theoretical definition of the coupling correlation between modules in software system, which reveal the intrinsic link between modules correlation and the risk propagation, and then use the graph theory to establish a module correlation model, with a multi-Dijkstra algorithm designed to gain the correlation degree between modules, which gives the method of calculation of the correlation degree between hosts. Finally, on this basis, this paper improves the calculation method for host security situation in the quantitative calculation method in the host situation analysis layer, and further improves the network security threat situation assessment model.Considering the impact of internal efficiency of the network system on the network security situation, after analysis, the combination of the internal efficiency evaluation in the network system with the external threat situation assessment is proposed to comprehensively reflect the overall network system security situation. Firstly, this paper gives the concept of an efficiency evaluation of the network system, and then refers the ADC efficiency evaluation model from WSEIAC. Based on its similarity to the characteristics of the network system, the ADC efficiency evaluation model is introduced into the analysis. With the dynamic factor joined, finally, the dynamic ADC effectiveness evaluation model is constructed. In addition, the Poisson process is also integrated to simulate the aging effection caused by the actual physical environment, and makes the consideration of effectiveness evaluation more comprehensive.About the prediction related study work, this paper does not rush to in-depth prediction study, but starts from the predictability study to lay the theoretical basis of the follow-up work. Self-similarity theory is adopted to prove the security situation time series data predictable. Specifically, wavelet analysis method is used for calculating Hurst exponent, the key index of the self-similarity. And according to the relationship between the predictability and the Hurst exponent, this paper judges the series data is predictable. In the analysis of the experimental data, according to the periodically behavior of the series data, the data is grouped with calendar days and verified with better predictability.In the study of prediction part of network security situation, the RBF neural network is proposed to do the prediction. In order to accelerate convergence speed and improves accuracy, Hybrid Hierarchy Genetic Algorithm (HHGA) is adopted to train the RBF neural network. Through the experiment, the efficiency of this method is proved. And according to the comparison result with existed prediction method, the superiority of the proposed method in the accuracy aspect is also proved.Because of the grouping data gained from the analysis of predictability study which has better predictability is not well fit for the neural network, considering the superiority of SVM in small sample, this paper proposes to integrate the PSO which has the rapid speed to be globalized and SVM which is good at non-linear data fitting to form the network security situation prediction model. Through the comparison experiment, the result of the prediction with the whole data set is found similar to the accuracy of HHGA-RBFNN method, but superior to RBFNN and GABPNN methods. In addition, considering the superior of the small sample gained after grouping, this paper further does the comparison experiment, verifies that the PSO-SVM has more accurate result under the small sample than the others models.