Research On Multi-Source Network Security Situation Awareness Method Based On Spatial-Time Dimension

With the popularity of the Internet,network security has become an important factor which affects social stability and security.Network security situation awareness technology is focused on network security development,which perceives security status and future development trends specifically and comprehensively.At present,the research of network security situation awareness technology is becoming more and more mature,but there are still some problems:firstly,the research lack of the study on the influence of security data source which is used to forecast values on situations and the feedback of elements' protection;Secondly,the research ignore the impact of relationship between each factor and host potential values on the forecast data.In addition,the roles of the hosts in the offensive-defensive scene and relationship between them should be taken into account for the hosts'importance during the process of network security situation fusion.For those reasons,this thesis studies the analysis and prediction method of data processing in network security situation awareness firstly,which processe and predict selected multiple data sources respectively before corresponding protection.Then we propose the multi-source network situation awareness method based on spatial-time dimension to assess and predict network security trends.The main research contents are as follows:1.In order to improve the accuracy of intrusion detection,an intrusion detection(HRGA-IDS)method is proposed to reduce the level attribute for the typical data source named as intrusion threat set.Firstly,the data is preprocessed and the subspaces are delimited;Secondly,the bilayer evolution model of the cultural algorithm is used to control the evolution of rough set-genetic algorithm in order to form a targeted reduction set.Finally,we design level Bayesian classifier to verify the algorithm performance.Experiments show that the algorithm can improve the accuracy of the Bayes classification to 98.21%,and it is better to identify the intrusion categories whose traffic characteristics is not obvious such as R2L and U2R.2.In order to dig out the internal relations of vulnerability and predict future characteristics,the vulnerability text mining algorithm based on PSO-K-means and vulnerability analysis(VAPA)algorithm are proposed for the typical data source-vulnerability set.Firstly the PSO-K-means algorithm is used to cluster the vulnerability and get the keywords;Secondly,VAPA algorithm is used to predict future characteristics.Experiments show that the PSO-K-means algorithm's accuracy enables up to 90.16%.Moreover,VAPA method can predict the number and the classes of vulnerability in a future time step.3.Based on the two points of view above,this thesis proposes a network situation awareness method based on spatial-time dimension.Firstly,the data processing results are fused in the time dimension,which is dynamically modified and predicted by the interrelationship between the hosts.Furthermore,by combining with network topological structure and attack graph,we can calculate the importance of the host in offensive-defensive scenario under the spatial dimension,which can calculate the value of network security situation among the whole network.Experiments show that the accuracy of situation prediction compared with the existing method is increased by 10.6%,which proves the method can effectively calculate and predict network security situation.