Risk Situation Evaluation And Prediction Based On Threat Analysis In Power Information Network

With the increasing importance of the power enterprise in the national economy and social life, along with the information network services becoming more abundant, the network itself closeness and operation mechanism also have been affected. How to strengthen the abilities of power information network security risk assessment and control, improve the guarantee of power information network communication is a hot research area. Considering the complexity of large scale of power information network and the high request of the whole network security, the traditional security solution can not complete the security task. But the research of network security situation can solve the problem to meet the whole network security demand. The aim of network security situation evaluation is to establish a unified security situation evaluation system, provide a uniformed security strategy, situation awareness and decision support tool for implementation of network security command.This paper first introduced the background and the significance of the topic research, compared the current research of network security situation technologies at home and abroad, analyzed the future development tendency and the challenges faced with, finally determined this paper’s research content, which is power information network risk situation evaluation and prediction based on threat analysis.According to the framework of power information network, elaborated the main security threats that exist and various protection security technologies, determined the security threat index based on the data source. Referenced intrusion detection message exchange format (IDMEF) and chose XML as a unified situational information model technology, established a security situational information model(SSIM) and designed DTD document formats of the main class.This paper mainly discussed the security situation evaluation and prediction. Referenced the hierarchical security threat assessment model, utilized the unified situation data of the IDS data, flow detection data and vulnerability scanning data, clustered as pretreatment, quantitatively calculated the services, host and network level security situation value, eventually got the whole network security situation value. Based on the real data calculation and analysis, the conclusion is the higher value is, the higher threat level the host and the network get. In comparison of the current prediction methods and models, analyzed the feasibility of utilizing support vector machine (SVM) as the network situation prediction and chose the ε-SVM as the prediction method, the experiment results proved the effectiveness and superiority.