Research On Network Security Situation Assessment Based On Autonomic Computing

As the continuous expansion of the network and the growing intensifies ofnetwork attacks, due to the current network security situation awareness research in itsinfancy, though intelligent situational awareness framework and the situationassessment techniques with independent characteristics, there are still complex, highcost of management and configuration, requiring more human intervention, and thecomplexity of network security management is also becoming increasing. Thus,traditional situational awareness systems have been unable to adapt to an increasinglycomplex system security needs due to lack of self-adaptive and self-management skills.Therefore, seeking an automated, flexible method which does not increase thecomplexity of the system to improve situational awareness system’s adaptability hasbecome the urgent need to resolve the key issues in the areas of situational awareness.And the proposed autonomic computing idea will provide new research idea forresolution of this problem.Based on self-perception, self-management features of autonomic computing, anautomated, flexible network security situational awareness system–Network SecuritySituation Awareness Model based on Autonomic Computing (ACNSSAM) is designed,and involved in the network security situation assessment techniques are conducted in-depth research.(1) The existing related technologies of network security situational awarenessare analyzed, the typical frameworks are introduced. The problems in the relatedtechnologies are discussed to draw forth the necessity of establishing NetworkSecurity Situation Awareness Model based on Autonomic Computing.(2) Aiming at situational awareness systems lack of adaptability, based onautonomic computing idea, an autonomic awareness model of network securitysituation is proposed. Autonomic Manager is the core of the model. The management and deployment of the managed resources are achieved by Agent coordination layer.Self-learning of the unknown attacks is obtained by situation extraction, perceiving thechange of system environment, autonomously dealing with attacks information torealize the autonomic response of attacks. In the process of extracting situationelements, fusion analysis of data is achieved by applying Manifold Learning, KernelMatching Pursuit (KMP) algorithm and Exponentially Weighted DS evidence theoryand autonomic response of attacks is realized by using Autonomic Response Methodbased on Danger Theory so that the effective situation information will be extracted,which provides foundation for situation assessment.(3) To be more accurate understanding of the current network security situation,the cloud model is introduced to the network security situation assessment, and anetwork security evaluation method based on Cloud Gravity Center Judgment (CGCJ)is proposed, in order to more accurately understand the security situation and achievethe autonomic assessment for the current network. The level of network securitysituation is judged by applying cloud gravity center vector. And the degree of thesystem state in a moment deviation from the ideal state is measured by using theweighted deviation degree (WDD). Finally, the weighted deviation degree is input toevaluation cloud generator to obtain the results of the assessment, and MCM method isapplied to obtain the final assessment results. Then the future security situation ispredicted by adopting BP neural network based on improved genetic algorithmaccording to the result of situation assessment.Finally, the effectiveness and feasibility of the proposed evaluation method andthe predicted effect for GA-BPNN are verified by the simulation experiment. Theresults show that the proposed evaluation method is feasible and the results of theassessment are more objective and accurate, the prediction results by GA-BPNN aremore accurate.