Research On Network Security Situation Evaluation And Forecast Method

As the network structure and the types of network attacks become more and more complicated. How to evaluate network security comprehensively and accurately predict network security situation in time become the main problem for network security protection. Network security situation awareness (NSSA) is a new technology for network security protection. It can provide effective evaluation for network security situation, help network administrator make accurate decision in time and lower the network security risk and loss.For NSSA, there are three key technologies:data mining, situation evaluation and situation prediction. Mining process need to digging out security events effectively with high accuracy; and situation evaluation should be objective and comprehensive; what is more, accurate prediction result can help administer make correct decision. Based on these requirements, innovation of each key technology is proposed in this thesis, and the following work has been done.Firstly, an advanced C4.5algorithm based on Rough set theory has been proposed in this thesis. C4.5algorithm is an effective mining method with high accuracy, but it has to scan the data set repeatedly when mapping the decision tree. Thus, the mapping efficiency is affected by the data set volume. Rough set theory is used to filter out redundant attributes before classification to improve mapping efficiency, and the obtained relevancies between attributes can help to speed up the pruning process.A parameter threaten weight has been introduced to indicate threat value changed under continues attacks in this thesis, which has22sorts. The threaten weight is determined based on entropy theory. Meanwhile, the evaluation parameter includes threat level of attack, system vulnerability and number of attack packets.The thesis uses fuzzy Markov chain to predate security situation. A fit fuzzy membership function can lead to accurate prediction result. The thesis uses generation algorithm to find the best fuzzy membership function and makes the prediction result more accurate.The simulation is realized based on KDD99. The simulation results indicate the advanced C4.5method has good efficiency with high accuracy. The evaluation result primly meets" the higher the security value is, the more risks the network entity has". The fuzzy Markov chain predicts the network security situation accurately and can well protect the network security.