Large-scale Network Security Posture Assessment Model

Network security situational awareness (NSSA)is a new technology to monitor network security,and it is one of the hot research domains in information security. The research of Network security situational awareness system (NSSAS) has great importance in improving abilities to respond to emergences,reduce losses of network attacks,reveal abnormal intrusions,and enhance system abilities of fighting back. meanwhile,the study of the network situational assess(NSA) is foundation and key part of the NSSAS,and it is important to implement NSSAS. The study of the algorithm, the design and implementation of NSA, the extraction of index and the construction of the index-system related to NSA are mainly discussed.Firstly, the basic situation of NSSAS is summarized, including backgrounds, research situation, and the relationship between NSA and NSSAS. The basic theory circumstance of NSA is given. And, the algorithms related to NSA are analyzed and researched.Secondly, a basic model of large-scale network security situational assess based on current condition of network is put forward, including the extraction of situational index, the using of algorithm on situational assess and the building of the model. Its data is Netflow in origin, and algorithm based on BP neuro net. According to the characters of BPNN, the model is abstracted input level, and the correlative elements are designed in every level.Thirdly, the expanding is achieved to the basic model of the NSA in theory, including the construction of the index-system, the expand of the model and the algorithm. And the security situational level of the large-scale network is defined specially. The index-system covers with network, host and services. The model is divided two parts: low-grade assess and high-grade assess, so the algorithm is expanded to two-grade algorithm mixed BPNN and searching method.Finally, an implementation method of NSA based on Netflow is discussed. Key algorithm of the NSA model is implementation in detail. The training of BPNN is fulfilled, and the test is carried out.