Research On Key Technologies For Network Security Situational Awareness Systems

Network security situational awareness system (NSSAS) is a new technology to monitor network security, and it is one of the hot research domains in information security. The research of NSSAS has great importance in improving abilities to respond to emergences, reduce losses of network attacks, reveal abnormal intrusions, and enhance system abilities of fighting back. However, the study of the key technologies related to NSSAS is the premise and the foundation, and it is important to implement NSSAS. The key technologies related to NSSAS that consist of the system architecture, the model and the implementation method are mainly discussed.Firstly, the basic situation of NSSAS is summarized, including backgrounds, the difference and relationship among concepts, the comparison between NSSAS and IDS, research situation and key technologies etc, and a systematic theory framework of NSSAS is built.Secondly, an architecture of NSSAS based on multi-source heterogeneous sensor is put forward. From bottom to top there are sensors, data preprocessing, event correlation and object recognition, situation assessment, threat assessment, response and early-warning, database management system, process optimization control and manage and situation visualization. What's more, every function component is described.Thirdly, a network security situational awareness model based on simple additive weight and grey theory (NSAM) is presented. The construction of NSAM is divided into two stages: current network security situational evaluation modeling and future network security situational prediction modeling. The model of current network security situational evaluation using simple additive weight method is established by the threat of various services attacked. The model of future network security situational prediction adopting grey theory is built by past and current network security situation. Test results show that NSAM is feasible and reasonable.Finally, an implementation method of NSSAS based on Netflow is discussed. On the basis of introducing basic principles and data formats of Netflow, the implementation architecture of NSSAS based on Netflow is presented. Key technologies related to building NSSAS prototype are figured out in detail. A primary test is carried out.