Research On Network Security Situation Awareness Technology Based On Index System

With the popularity of the Internet, the emergence of cloud computing and the rapid development of the Internet of Things, security issues become increasingly prominent. Security vulnerabilities and security incidents are notably. Network security incidents have occurred occasionally such as network worms, hackers dragging databases, 0day exposure and privacy data leakage. Network security is becoming the focus of many nations, enterprises and individuals. Traditional network security devices not only have single source of data but also work independently, they have been unable to meet the needs of current network development.Network Security Situation Awareness(NSSA) arises and gradually becomes a research focus in network security field. NSSA has the capability of grasping security situation from macroscopic perspective by fusing security elements and using the advantages of traditional network security technology. With the fuctions of analysis and forecast on the security situation trends that NSSA provide, the administrators can make right decisions to protect the network.This paper gains innovative products described as follow:1) By studying the achievement of classic situation awareness model, a network security situation awareness model based on index system is proposed in this paper. According to the function, the model is divided into seven modules which are "data collection- indicators extraction- index system establishment- data storage- assessment- prediction-visualization". Then, the function of each module and its key technology realization are introduced briefly.The model has laid a solid model foundation for this paper. 2) For the assessment module, a network security situation assessment method based on T-S fuzzy neural network is proposed. The whole situation of the network has four child situations: threat situation, fragile situation, stable situation and disaster situation.We use T-S fuzzy neural network to assess the four child situations respectively.Then the AHP is used to get the whole situation. It proves that the method is feasible and effective by a simulation experiment. Moreover, the method has the function of preliminary traceability. 3) For the prediction module, a network security situation prediction method based on improved support vector machine is proposed. We construct a modification function which is suitable for time series data to improve traditional support vector machine. In simulation experiment, it proves that the method in this paper is effective in improving the accuracy of network security situation prediction. 4) Based on the above theoretical results, a prototype system of situation awareness based on index system is implemented in this paper. After introducing the overall and detail design of the prototype system, we set up test environment to test the rationality and function of the system. The results of this study can provide an important reference for the further research and application of network security situation awareness.