The Evaluation Technology Research Based On The Organizational Identification Of Network Threat

As beneficial to the people's livelihood and the integration of the Internet more and more, the network attack behind the economic interests are more significant, prompting the network hacker organizations continue to grow, more sophisticated and diverse means of attack, network security situation is becoming increasingly grim. Chairman xi in the first meeting of the network security and information held in 2014 the leadership of the group said:"there is no network security has no national security". Network security has become an important strategic issues related to national development and stability.Network threat assessment which is the key basic problem of network security situation appear and attack defense aims to quantify the real damage and potential threat of network attack. With the development of network attack the profit and the organization became the new normal, the traditional single attack oriented individuals or attack the network threat assessment technique to show the ability difference of the attackers and organizational background. On the one hand, the hacker organization mastering a large number of resources and means can completed long-term attack through the organization of labor division coordination. Its harm and hidden are far higher than that of a single individual attack. On the other hand, network intrusion detection system security events generated by the small size and the presence of false positives, the high-speed link environment can generate massive alarm events, individual-oriented single attack threat assessment can not be associated with a coordinated attack behavior of each member organization in attack together, even from the perspective of an individual because of a lack of pre-order behavior regarded as false positives. In this regard, we study how to identify organizational characteristics from a massive attack alarm events, and based on which to evaluate the network security threats comprehensively.The main work of this paper mainly includes three aspects:1. Temporal and spatial relationship of network attack is the key basis for identification of the source of the attack organizational characteristics. However, these alerts, false positive individual more in attack, low quantity of information events, the source of the attack behavior associated performance challenges facing the organization. For this, put forward combining multi step alarm sequence generation algorithm and correlation algorithm of aggressive behavior association and attack source tissue identification method, based on clustering of massive detect attacks, improve the identification performance.2. Based on the source of the attack on the organizational identification, put forward by the AHP analytic hierarchy evaluation method for the model, establishes the evaluation index system of cyber threats, around the attack characteristics put forward 9 evaluation indexes and the characteristics of corresponding index respectively corresponding calculating method is proposed.3. Based on the above key technology, a prototype system is designed and implemented, and to the real network traffic as the data source, the quantization method of attack source organization identification method and the indicators are verified by experiment, the validity of the algorithm is verified.