Study And Improvement Of PSO-based Network Situation Awareness System Model

In today’s era of rapid development of science and technology, the network size has grown increasingly, and the structure has become complex, making network security issues become increasingly serious. In order to monitor the whole network security situation accurately, network situational awareness technology appears, and gradually becomes to be a hot research field of network security recently.Network situational awareness is required to comprehensively analy internet threats,like malicious code, network attacks, and so on. It also needs to assess the network security in real-time, predict the situation and development trend of the network security, so that we can manage and control the network before the security incidents happen, avoid the occurrence of damage and protect the integrity and security of the network resources. In this paper, the system model and some key technologies of the network security situational awareness are studied in depth.Firstly, through the analysis of recent existing system model of the network security situational awareness, we know that the accuracy and real-time performance of them is not good enough, so an improved system model is proposed. It is divided into three levels as factor extraction, situational assessment and forecasting, and trend visualization from bottom to up, and the prediction and assessment of situation in which are realized in the same time, the data source of forecast using network topology data and the situation factor.Secondly, this paper presents a situational prediction model, in order to adapt to the improved system model, and the situational prediction is realized by quantitative analysis of the abnormal threat combined with Grey Theory. The network topology is divided into four levels from bottom to up as host layer, gateway router layer, boundary layer and the whole network layer, and then compute the damage degree of every layer, using the host-level damage degree as the indicator for prediction. Grey Theory is used for predicting the indicator data, and the whole network situational prediction results are compute out.Thirdly, because the prediction method uses the situational factor directly as the input data, and it needs more precise input data, a situation factor extraction model is proposed. It combines improved PSO algorithm and fuzzy logic rules to optimize the BP neural network (CGCPSO-FNN).Finally, experiments show that the proposed system model can optimize the problem of single data source, and improve the real-time situational awareness and its precision; the forecast method can reduce the middle errors, and get a more accurate situational prediction result; what’s more, the model and algorithm for extracting the situation factor could get a more real-time and precise value, and lay a more strong foundation for obtaining a better predition result.