Research And Implementation Of Intranet Security Situation Awareness Technology

In this era of information technology change rapidly. With the continuous development of big data, cloud computing and the Internet of things technology. Computer network has deep into people’s life, plays an irreplaceable role. The computer network interconnection and sharing characteristics bring convenience to people and at the same time, in recent years, in the highly interconnected and rapidly evolving network environment, evolution of network threats and attacks over the development of technology and the means of defense technology. Network attacks can without geographical boundaries and limitations of national jurisdiction rapidly spread around the world. The network information security defense system of local and regional does not have the ability to cope and deal with the globalization and the scale of network attack.It is undeniable that information encryption technology, firewall technology, network data packet audit and intrusion detection technology and other traditional security technology, in one respect indeed protect the network security, but in the current complex network environment, the single use of these technologies is difficult to make accurate monitoring dynamic change of overall network security and control, cannot reach the goal of network security in people’s minds. Network security situational awareness technology is put forward in order to make the network security management personnel to grasp the overall operation of network system, and in a timely manner to evaluate and forecast the trend of network security. So it may be possible to identify the earliest in time and malicious network behavior will be nipped in the bud.This paper based on the analysis of the network security situational awareness technology research status at home and abroad, pointed out existing problems in the research of this technology. Through a multi-angle and multi-level analysis of influence factors of network security’ this paper establishes the system of intranet security situational awareness index from three aspects of network assets, vulnerability management and threat management, and based on Delphi and AHP methods to indentify each security elements of index system scientifically and reasonably, to complete the network security situation assessment.Secondly, introduces several classic network security situation assessment model, analyzes the key technology within the network security situation assessment data acquisition and processing. Due to established intranet network security situational awareness index system has the characteristics of multi-level and uncertainty, so uses a fuzzy comprehensive evaluation method to establish intranet network security situation assessment model and framework, resulting in network security situation assessment through quantitative value, making network security posture is obvious.Then, a combined model which is based on an improved grey GM (1,1) prediction model and support vector machine (SVM) regression prediction model is used as an intranet network security situation prediction model. And the prediction result is showed by graphs. Also combined model prediction shows higher accuracy than single model verified by an example.Finally, on the basis of these studies, an intranet security situational awareness system has been designed by using Microsoft Visual Studio 2008 development platform, implements modules like network topology discovery, network asset identification, threat management, vulnerability management, traffic monitoring, evaluation, query management, log management, trend forecasting, log management and user management. In a laboratory environment, intranet network security situational awareness system of this paper has been tested, and the results of intranet network security situation assessment and prediction have been analyzed. Results show that the index system, method of situation assessment and trend prediction method are put forward by this paper is reasonable and feasible.The innovations of this paper are as follows:1. The quantitative evaluation index system of intranet network security situation is established in this paper.2. The framework of intranet network security situational awareness is established and the prototype system of it is designed and implemented.3. An intranet network security situation prediction model which is based on support vector machine (SVM) regression prediction and the improved grey GM (1,1) model is established and its effectiveness was verified through example analysis.