The Design Of Situation Evaluation On Networked System Security And Research Of Situation Fusion Model

Facing the current increasingly serious network security situation, traditional intrusion detection system can only generate alarm message. And network manager is unable to attain threat degree of network attack and correlated information of network security situation. Consequently, network manager is hard to make the corresponding decision. In order to meet a higher demand of network application in safety area, technology of network security situation evaluation, came from technology of information war's battle field aware, has offered the brand-new train of thought for implement of network information asset's protecting. Recently, it has become a hot topic in network security.This paper aims at the problem that it is hard to attain knowledge of network security situation. How to attain actual and useful knowledge of network security situation has been researched in this paper.Through learning from the related research at home and abroad, Model of networked system security situation evaluation is presented based on lacking of the Waltz model. Then the model's framework and functional proportion is designed in some detail.After analyzing the characteristic of attack factor, attack factor and their components are defined. Then attack frequency, attack difficult degree and attack compromise degree are quantized by dynamic method. Because the attack information are uncertain, incomplete, intangible, changeful, this thesis puts forward a method of fuzzy information fusion based on Mamdani fuzzy reasoning method, applies on network security situation evaluation to associate attack factor.And then, aiming at characteristic of networked system frame, this paper sets up networked system hierarchical situation fusion model. And it makes use of statistical method for the quantitative calculation of security situation index of service level, host level and network level in networked system. Compared with other methods, the method performs well in small hardware and software resources-occupied.Finally, through using Matlab7.0 tools, the simulations about this system were done based on the methods from this paper. The experiment of self-optional data uses representative self-optional data to prove validity of attack factor associate method and validity and rationality of attack factor's basis universe, membership function and the inference rules. The experiment of HoneyNet Data uses Soml7 data that published from HoneyNet Project. The both experiments prove the method feasible and rational.