Research On Network Security Situation Assessment Based On Knowledge Acquisition And Rule Fusion

Network security situation assessment has great importance in improving abilities torespond to emergences and enhance system abilities of fighting back. Rules based networksecurity situation assessment which possess the characteristics of fine granularity and scalabilityis a hot area of network security research. However, current research mainly focuses on the ruleextraction and rule matching. Rule extraction mainly considers how to extract rules fromsituation assessment information library efficiently, without considering the weak impact factorrules in the extracted rules; rule matching mainly considers how to improve the matchingefficiency, without considering the multi-match rules. Accordingly, the efficiency andapplicability of the network security situation assessment is difficult to meet the demand ofnetwork security.To counter the above problems, this paper explores deeply into the technology of networksecurity situation assessment based on rules. The main work is as follows:1. A framework of network security situation assessment based on knowledge acquisition&rule fusion is proposed. Accordance with the existing network security situation assessmentframework based on rules has low efficiency and applicability, this paper designs a framework ofsituation assessment based on knowledge acquisition&rule fusion and gives the overallstructure. According to the uncertainty of data in the network environment, this paper designs thestructure of knowledge acquisition based on rough set with the help of rough set which hasadvantage in dealing with uncertainty problems. In order to solve the problem of multiplematching rules in rule matching, this paper designs a structure of rule fusion with the help of D-Sevidence theory which has advantage in multi-sensor information fusion. This architecturemerges rule extraction, rule evaluation, rule fusion and rule matching.2. A two-stage knowledge acquisition method based on rough set is proposed. Accordancewith the existing rule extraction method will produce a large number of rules without focus andhas low efficiency in eliminating redundant rules, and thus reduces the timeliness and accuracyof situation assessment. This paper presents a two-stage knowledge acquisition method based onrough set. Firstly, a reduction strength index is introduced, and rules with focus are extractedbased on rough set; Secondly, weak impact factor rules are reduced by rule evaluation based onrough set; Finally, simulation experiments show that the suggested method reduces the size ofrules, and thus enhances the timeliness and accuracy of the network security situationassessment.3. A method of rule fusion which merges group decision and D-S evidence theory is proposed. Current methods of rule fusion set the rules conflict measure unreasonable, and thusreduce the accuracy of the situation assessment, this paper proposes a method of rule fusionwhich merges group decision and D-S evidence theory. Firstly, a method that expects to obtainBPA is designed based on confidence of rules according to the characteristics of conflict rules.Secondly, a conflict measure is designed according to the conflict matrix and consistent matrixamong rules. Thirdly, a new combination formula based on group decision and conflictinformation is introduced. Computer simulation and experimental verification show that thesuggested method improves the certainty of outcome effectively, and thus enhances the accuracyof the results of situation assessment.