Network Risk Assessment Research Based On Multi-Source Data Fusion

Now, the network attack techniques continue to improve, more and more professional attack tools, attack methods of increasing complexity to the management of network security has brought many problems. Research and applications in a number of preventive measures put forward, such as unified network security management platform for research and development, able to multi-source network for unified management of heterogeneous security devices, the deployment of these devices in the network for attack events information collection, get some security events set, and then analyze and comprehensive process. However, there are many complicated factors in network, such as massive alarm log information, security event collection of multi-sources, and network risk the uncertainty of the situation, how the collected uncertainty, multi-source, the mass of alert events; how to assess the risk of the network and so a series of network security management issues needs to comprehensive, multi-level perspective.This paper was around the assessment technique of network risks. After analysis and comparison the existing risk assessment methods and the data source which is a great number of multi-source security alert events, this paper proposed a network risk assessment method based on multi-source data fusion. This method starts from collecting the multi-source data, then pre-processes and integrates those data, and draws a conclusion of the network risk during a certain time period eventually. From this procedure, it accomplished creating alarm, analyzing attack and unified analysis of the network. The core idea is to reference D-S evidence theory to a host of multi-source data fusion analysis, obtain the attack information, and then with combination of the vulnerability and services information, compute the effect of attack and self-vulnerability on the host, meanwhile, to quantify the risks and analyze the entire risk, finally help the administrators be aware of the risk state during certain time period. In the last part of this paper, the simulation network experiments on the proposed network risk assessment method is validated, and the result showed that it's feasible and effective.