The Study On The Key Technology Of Network Security Situational Evaluation And Prediction

In the era where the information is the winning algorithm, the network has permeated into every aspect of people’s work and life as an indispensable element. The further enlargement of the network resource sharing, and with the interconnectivity and openness of network environments, resulting in a large amount of sensitive information vulnerable to man-made attacks from all over the world, the endless stream of malicious attacks are constantly threatening the security of the network. Network information security has risen as a major issue related to the country’s political security, economic security, social security and national security. To be able to detect network attacks and harmful behavior, then take appropriate measures to curb the menace and protect the network and host security proactively, the research need of network security situational awareness is increasingly urgent, relevant theories and key technologies have increasingly unique advantages in the field of active defense.First, the current status of network security were described, the existing researches pertinent to the domain of network security situation assessment and prediction were combed and summarized, and then launched the researches focused on the key technologies of index system construction and optimization, and quantitative evaluation and prediction of network security situation, in view of the existing problems and deficiencies. The major contributions of this dissertation are presented as follows:1. To overcome the lack of the low accuracy and bad real-time performance of assessment results, which was caused by the subjectivity of index selection, this paper presented network security situation evaluation index optimization models based on factor analysis and principal component analysis. First, build a mathematical model based on factor analysis and obtain the common factor which can be used to describe the relationship between various indicators, by factor loading matrix, factor rotation, and factor scores and other steps. And then transform the above results by using the model of principal component analysis to remove the existing relationship among the indexes, get more independent comprehensive variables to describe the existing index system. Experiments showed that the calculation time was greatly reduced with the useness of optimized index system for evaluating after optimizing the index by using this model, and also can arrive at a more real-time evaluation results without affecting the accuracy, which greatly improve the assessment efficiency. This model solved the problem, such as high computational complexity, bad real-time performance and reliability of assessment results, and avoided the deficiency out of selecting index by utilizing judgmental methods like expert advice.2. In view of the present problems, such as the low efficiency of quantitative description method and the less-than-ideal accuracy and real-time of the quantitative evaluation model, existing in the field of network security situation evaluation, a network security situation evaluation quantitative model based on the immune theory was proposed. The main idea of this model is considering all network activity as a shape-space by utilizing the certain qualities in common between computer network security system and biological immune system, and all activity being monitored by mature monitor and memory monitor, in which monitors were classified by using the kinship method for the effective realization of the illegal network activity classification and obtained a quantification assessment model of network security situational through monitor evolution, antigen presentation, antigen monitoring and so on. Experiments showed that the model can not only evaluate the individual attack computers face and the attack the whole network suffer, but also specific attack the computer networks face and the overall attack computers undergo, and reflect the current network attack behavior well with the quantitative evaluation results, so that network administrator can grasp the current network situation timely and accurately.3. In view of the low accuracy and poor adaptability of the predicted value with traditional forecast model, an adaptive Verhulst security situation quantitative prediction model of same-dimension grey data filling was proposed. On the basis of grey Verhulst model, first of all, a function to evaluate the dynamic parameter was constructed according to the regular of the ogee, ensured that Verhulst model can be carried out the forecast value on the actual change of situational accumulation curve and always have dynamic adaptability, also overcome the shortage of using traditional model to control the parameter coefficient and improve the precision. And then a plan of same-dimension grey data filling was put forward, updated the original data sequence by using the new forecast results and rebuilt the adaptive grey Verhulst model on the basis of the new sequence, in which the error of the model accuracy caused by unknown interference was reduced and the influence of time factor on the forecast model accuracy was eliminated. Finally, verified by the experiments, the new model can accurately reflect the tendency of the situational threat curve with better adaptability, stability and accuracy, help network administrators to make judgments better and deal with abnormal network behaviors accurately and improve the network security level. Again, the model has a great promotion application value in the field of the quantitative prediction of network security situation.