Network Security Situation Prediction Based On Support Vector Machine

With the popularity of computers, Internet has entered all aspects of social life and production, followed by a network security has become the focus of widespread concern. Network security situational awareness provided solution to effectively deal with network security issues in complex network environments and massive malicious attacks log files, a comprehensive analysis of the various parts of the attacks against the network system, from a macro perspective to assess the network security situation, and in predict the future network security situation information on this basis. In order to more accurately predict the development trend of network security situation, the proposed prediction method network security situation based on Support Vector Machine (SVM).In recent years, the support vector machine as the latest theoretical achievement of statistical learning theory, and become a research hotspot of experts and scholars at home and abroad, is widely used in machine learning research. In this paper, researched the theoretical basis of support vector machine and then based on experimental data object of study choose the Gaussian kernel as the support vector machine kernel function in this paper. And based on Gaussian kernel, choose a multi-classification algorithm to build support vector machine. The core of network security situation predicted base on support vector machine is detected each sensor and monitor system log file processing network components of non-normal events in a whole network system and then using scientific and effective evaluation methods to deal with time-series data into security posture. To improve the performance of support vector machine further, we used simulated annealing algorithm to find the most suitable for the support vector machine model slack variables and penalty factor and other parameters.In this paper, support vector machine model is run on R platform and the KDD99 of MIT Lincoln Laboratory as experimental data sets to validate the performance of predictive model. Experiments show that network security situation prediction system based on support vector machine has a higher security posture of the network viable degree, then comparing the results of prediction which parameters are calculated by simulated annealing algorithm and cross validation, show that the simulated annealing is better than cross validation and support vector machine default parameters for improve the prediction performance of the prediction system for network security situation. So prediction methods for the network security situation based on support vector machine have high credibility. So this method has certain practical significance and applications value to practical network security situational awareness.