The Research On Network Security Situation Evaluation Based On Multi-source Events Fusion

With the rapid development of mobile Internet,big data and cloud computing technology,network information security faced a greater challenge,the network attack behavior become new normal.In view of the single and isolated problem of the current defense measures(such as firewalls,IDS,etc.),the network security situational awareness is studied in this paper.At present,the research on network security situation awareness is not mature,and there are two major technical problems: Firstly,how to accurately extract valid events from the multi-source and uncertainty security alerts to provide reliable data support for network security evaluation;Secondly,How to get a reasonable and scientific network index weighting coefficient to achieve an accurate evaluation on network security situation.In order to solve the above problems,this paper proposed a network security situation assessment method based on multi-source event fusion,and has carried on the following research on data fusion and situation assessment.The key of data fusion is to eliminate redundant information and false alarm information,and simplify the amount of information to be processed.In view of the low recognition rate of the former algorithms(such as Bias' s reasoning,neural network,etc.)in identifying redundancy and uncertain events,this paper combined the attribute similarity algorithm with the DS evidence theory algorithm to realize the data fusion.Attribute similarity algorithm completed the merge of redundant events by comparing the similarity between events.DS evidence theory algorithm is not affected by a priori information,and can identify the false positives caused by uncertainty.Finally,the simulation experiment is carried out by using DARPA 2000 data sets,and the effectiveness of this method is verified.In the hierarchical quantitative assessment model,the security evaluation of the network was realized through the weighted fusion situation in each layer of network.Given the lack of comprehensive consideration of the factors that affect the host node in the weighted process,this paper presented a host of evaluation index system by combining with services,assets and location factors.And aiming at the problem of index coefficient distribution randomness and one-sidedness in the multi-level and multi-index evaluation process,a method of fuzzy comprehensive evaluation algorithm combining with analytic hierarchy process algorithm was proposed to determine the weight of the host,so as to obtain the scientific and reasonable index weight coefficient.Finally,the applicability and generality of the method was verified by using the DARPA 2000 data sets.On the basis of verifying the validity and applicability of the data fusion and situation assessment method,combined with the actual experimental data,a situation assessment system was designed and implemented.This paper give the detailed design of the key modules and analyzed the situation of the results.The analysis shows that the situation evaluation model that is proposed in this paper can make an accurate assessment of the network security situation,and can provided a reliable basis for administrators to grasp the risk status of the network and timely take safety measures.