Research On Hierarchical Network Security Situation Awareness Based On Information Fusion

With the Internet popularization, new technologies like Internet of things, big data, cloud computing got rapid development. Network security is facing serious threats. Most of existing security equipments which detected a particular aspect of defense are working in independence. Their defects and limitations gradually exposed. Network Security Situation Awareness(NSSA) emerges as the times require and it has gradually become a research focus in network security field. NSSA has the capability of grasping security situation from macroscopic perspective by fusing security elements and using the characteristics traditional detection tools have. With the fuctions of analysis and forecast on the security situation trends that NSSA provided, the administrator can protect and reinforce system in effective manner to ensure that network is running in safe environment.According to the characteristics of network structure, this paper presents a hierarchical network security situation awareness(H-NSSA) based on information fusion by summing up the representative research both here and abroad. We have obtained the following results:1. On the basis of summing up previous research results, we put forward an H-NSSA model based on information fusion. According to function demand the model are divided into seven levels which are "collection- pretreatment- storage- fusion- evaluation- prediction-visualization". The duty and key technology of each level are briefly introduced.2. This paper draws on the experience of network security risk assessment mechanism which divided into three submodules, including asset evaluation, vulnerability evaluation and threat evaluation. The evaluation index and quantization algorithm of each submodule is offered in detail.This paper devises a process for evaluating network security situation.3. The proccess of threat evaluation are further divided into reliability evaluation, support evaluation and severity evaluation. The quantization algorithm and technology of each stage is equally revealing. In order to prove the effectiveness of the theory proposed above, we give example analysis and simulation experiments.4. This paper proposes a prediction model based on optimize conflicting evidence D-S evidence theory. The tendency of safe and danger probability can be calculated instead of absolute prediction for the future situation. For this study the mindset of prediction is more reasonable and instructive for administrator to defence attack and protect network.An H-NSSA support platform has been established in laboratory. We tested the main function module around service center which help administrator perceive security situation and its tendency. NSSA plays an important role in network information security assurances. The platform verifies the feasibility and validity of the research.