Research And Realization On Key Issues Of Event-Based Network Security Situation

With the development of network communication technology, network technology has been changing the way of our daily life, in the meaning time it has threatened the information security. With the increase of security events, the network administrator can not master the network situation accurately. A system which can evaluate and predict the network security situation is urgently needed. With the system, network administrator can deal the security events in time, nip in the bud.In this paper, some evaluation and forecast methods of event-based network security situation are put forward using the model of network situational awareness. It includes the event handling module which based on the technology of event fusion, the situation evaluation module which based on the analytic hierarchy process, and the situation prediction module which based on the time series.In the event handling module, it mainly researched the technology of event acquisition, event pro-processing, event fusion, and event storage. A comparative analysis on the technology of event fusion based on the Bayesian network, similarity computation and fuzzy information, it held that the technology of event fusion based on similarity computation which needn’t develop rules was more suitable for this system. This paper designed and realized a general framework of the event handling module based on the technology of event acquisition.In the situation evaluation module, it mainly researched the technology of situation evaluation based on the game theory, the analytic hierarchy process and the statistic analysis. It held that the analytic hierarchy process which evaluate from different levels can evaluate the network environment better. So it divided the overall security situation into the situation of device, network, attack and vulnerability. This paper designed a general framework and realized the events treatment module, the calculation module and the presentation module.In the situation prediction module, it mainly researched the technology of situation prediction based on the time series, the gray theory and the neural network. It held that the time series which using the regression analysis is more efficiently. This paper designed and realized a general framework of the situation prediction module based on the linearity analysis and the regression analysis.