Research And Implementation Of Network Security Assessment System

With the rapid development of computer networks, a variety of network attacks continue to occur, the issue of network security has increasingly become the focus of attention. Every day, Firewall, intrusion detection system (IDS) and other security defense systems produce a lot of alert information, which make it difficult for network administrators to understand the real security situation of the whole network system. So how to assess the network security situation truly and accurately has become a hotspot in the field of network security. This paper analyzes the status and prospects of research on security situation assessment technology, and proposes a new system structure and its methods, finally designs and implements a network security situation evaluation system. The main contributions of this paper can be listed as follows:(1) We present the status and prospects of research on the security incidents standardization, security event correlation and security situation assessment.(2) We propose a standard model of network security incidents based on IDMEF. This model presents the data representation, the creating methods, and the storage management of the information security event with XML-based language. Finally we design and implementation the modules of security incidents standardization and network security incident database. It provides reliable basic data for the security event correlation and security situation assessment.(3) We propose a two-stage Alert Correlation Methods based on Apriori algorithm. The causal events set are obtained by causal association clustering algorithm for security events, and then are mined to generate the associated events set via the Apriori algorithm. We Design and implement association rule mining module for security events and it provides a reliable situation information for security assessment.(4) We propose a security situation assessment method via hierarchical risk Measurement based on attacks entropy. This paper analyzes the needs of the network security situation assessment, designs risk assessment module, device importance assessment module, attack assessment module and damage assessment module of the network security situation assessment system. A quantitative hierarchical risk evaluation method is used to assess the risk situation of the network. According to the structure of the network system, the paper calculated the value of the risk of the service layer, the host layer, the local network layer and the overall network layer, reflected both the local and overall aspects of the network risk situation. The test result showed that the system can realistically reflect the situation of network security, and can reflect the situation of network security with clear and simple user interface.