Network Security Situation Awareness Based On Network Simulation

With the improvement of network technology and widely spread of network application, network security incidents that cause network anomaly occur frequently, the ability of traditional single defense equipment to protect network security has become stretched. In this context, network security situation awareness technology(NSSA) emerged. NSSA has great importance in improving abilities to respond on emergences, reduce losses of network attacks, reveal abnormal intrusions.Network simulation is an important means of network research, and simulation technology is maturing, using network simulation for NSSA has become an urgent problem. However, there are three problems to be solved: 1.There is a big gap between network simulation and real network; 2.The process of network simulation is very complex and so that the efficiency of security situation prediction is not high; 3.There is no one security situation understanding method for network simulation.This paper implements a NSSA method based on network simulation, and the solution of the above three problems are discussed in detail.In order to make network simulation closer to real network, network simulation add firewall and intrusion detection system two security technology that most commonly used in real network; at the same time, nodes in network simulation have performance parameters like the network hosts.In order to improve the performance of network simulation, this paper use abstract packet-forwarding to reduce the discrete event of packet-forward in network simulation. Abstract packet-forwarding is consists of compute queue and continuous multihop processing. Compute queue can reduce the process of packet in/out buffer queue; continuous multihop processing can reduce the number of discrete events that need to be processed by multihop computed in one time, and choose whether to continuously process according to link congestion for that while ensuring the accuracy of network simulation, reduce the simulation time.In order to get the accurate value of network security situation from network simulation, this paper presents a floating weight performance correction method of network security situation understanding. Firstly, this method puts forward three rules for extracting security events from network simulation, and then computes the theoretical threat of nodes by using the threat degree of security events. Secondly, get the final security situation by using performance correction. Thirdly, get the float weight by the use amount of service, and compute the value of network security situation with nodes’ fix weight and float weight.Finally, this paper verifies the feasibility of this method through network simulation experiment. Using the abstract packet transmit method, the time to process 50 seconds network simulation tasks reduce from 32 seconds to 23 seconds; the efficiency of simulation speeds up 28%; the efficiency of awareness is 54%.