The Situation Evaluation Research And Design Based On Multi-Source Network Security Events

The network security situation increases more seriously with the network technology developing at a very fast speed. In order to keep the security of the inside network, the administrators use many network security devices, such as a firewall, a virus gateway, an intrusion detection system. But the network security state is still hard to gain, because of so many events and different evaluations generated by different devices. So that, the network security situation awareness, came from the war battlefield situation awareness, becomes a research point in the network security field in recent years.The network situation evaluation is the key layer of the network situation awareness model and focuses on extracting and analyzing the security information from the huge network and providing the right and effective evaluation of the current network security. This research project arms to build a network security situation evaluation model which applies to a real system easily and provide the knowledge of security situation to administrators.Firstly, this thesis introduces the background and the conception of network security situation, overviews the evaluating methods, the evaluation system and the differences with other security evaluations. At the same time, the layer of the situation evaluation in the situation awareness model and the key role of the evaluating model are points out.Secondly, the research of the network security situation is presented. The security events came from network are the source data of the evaluation and the fuzzy fusion is used for data fusion. Then, the hierarchical and associated evaluation model presented this thesis is expanded in detail, including the analytical hierarchy process method and the hierarchical fusion method which are used in this model. The advantage of this model is that it expresses the complex relation in the network resources and the services, determine the effect of security events on the whole network state and provides the certain knowledge of the security situation. Besides, this model is expandable and maintainable and applies conveniently to the real security situation evaluation.Based on the hierarchical and associated model, it presents a design of a network security situation evaluation and details the confirm of evaluation targets, the implement of the evaluation model, the calculation of the weight with the analytical hierarchy process method, the threat of security events and some schema of database.At last, it mentions the implement of the network security situation evaluation system, including the establishment of the evaluation model and the calculation of the weight and the situation value.