Research On Network Security Situation Quantitative Evaluation And Prediction Method

With the increasing of the sharing, openness and scale of the computer network, traditional single point defense is difficult to meet the needs of the current network security, so network security situational awareness as a new way of self-defense is proposed. Situation elements can be obtained from a large number of information. The overall security of the network is evaluated and predicted effectively. Situation assessment and situation prediction are the key part of situation awareness. This thesis mainly studies the quantitative evaluation and prediction based on radical basis function(RBF) neural network. We have research in the following two aspects.First, in order to reflect the situation of network security assessment performance fully and accurately, a new network security situational awareness model based on information fusion was proposed. Network security situation is the result of fusion three aspects evaluation. In terms of attack, to improve the accuracy of evaluation, a situation assessment method of DDoS attack based on the information of data packet was proposed. In terms of vulnerability, a improved CVSS was raised and made the assessment more comprehensive. In terms of node weights, the method of calculating the combined weights and optimizing the result by SQP algorithm which reduced the uncertainty of fusion was raised. To verify the validity and necessity of the method, a testing platform was built and used to test through evaluating 2000 DARPA data sets. Experiments show that the method can improve the accuracy of evaluation results.Second, In order to improve the prediction accuracy of network security situation based on RBF neural network, an optimization algorithm of RBF neural network based on affinity propagation(AP) clustering and differential evolution(DE) was proposed. Firstly, the AP clustering was used to optimize the center and the number of hidden layer. Secondly, AP clustering was used to get the population diversity(PD), the scaling factor and the crossover probability of DE were adaptively changed with the PD for the optimized width and connection weights of RBF neural network. In order to avoid falling into the local optimum and jump out of the local extreme point, the elite individual and PDs' centers of each generation population were searched by chaotic search. The simulation results show that the APDE-RBF algorithm can enhance the generalization ability, and it also has high prediction accuracy for the network security situation.