The Research Of Network Security Situation Awareness Model

With the rapid development of computer networks and deepening of the information technology processes, all aspects of people’s lives and work are undergoing tremendous changes. Networks is facing a growing threat, there is a growing emphasis on network security. A growing number of firewalls, intrusion prevention systems, vulnerability scanning systems, and other network security products are applied to the network. As prevention and detection tools, despite these products of network security can get a lot of safety data, but the lack of effective data fusion and evaluation mechanisms makes a lot of alarm, vulnerability information and other data have not been effectively utilized. Network security situation awareness has gradually become a new hotspot in the network security field. Network security situation awareness requires a holistic approach, make use of relevant mathematical methods, processing and fusion the data generated by network security products, evaluating the network security situation accurately,and transforming the evaluation results into easily understood and accepted form.In order to assess the network security situation accurately, this article divid network security assessment into the two aspects of the external threats and their own threat, analyze and improve the evaluation algorithm of these two aspects, fuse the evaluation results of these two aspects and get the value of network security situation, showing the network situation at the interface by using visualization tools. Finally, build an experimental network. Use the network security testing tools to test and analyze the model.The main work of this paper includes the following:1. Research the current alarm data analysis methods, analyzed strengths and weaknesses of these methods. On this basis, proposed alarm analysis method based on improved hierarchical. Experiment and analyze this method.2. Research and improve the calculation methods of the correlation between vulnerabilities in network attack graph. Research the advantages and disadvantages of the Common Vulnerability Scoring System(CVSS), improved assess items of CVSS assessment system, added some assessment items with vulnerability characteristics and remove the irrelevant items, applied the improved CVSS to the vulnerability threat assessment. Experiment and analyze this method.3. Analysis and research advantages and disadvantages of the network security situation assessment model, the previous network security situation assessment model does not take into account the situation of the network itself vulnerabilities. While analyzing and evaluating alarm data, evaluate the threat of network vulnerability. Finally, integration the evaluation results of these two aspects, get the value of current network security situation.4. Design and implement each module of network security situation assessment model, use visualization tools for network security situation be histograms and line charts show, the model was tested in the constructed network environment.