| With the continuous improvement of Internet technology and increasingly wide application in real life, traditional security technology is not able to solve the security threats in network. Security has become one of the key factors that limit the development of Internet, so network security situation awareness is put forward. Network security situation awareness is a kind of independent security defense mechanism. According to the network security evaluation index, security situation factors can be efficiently dig out from mass data which affect the normal operation of the network. Administrator can evaluate and predict the network security situation objectively, and implement targeted security defense strategy. This paper aims at the situation factors obtainment and situation evaluation in situation awareness system. The main contents include the following two aspects:First, research on the problem of situation factor acquisition. This paper mainly deal with the problem that the nodes in the wireless sensor networks are poor in processing ability and obtain the network security situation difficultly. A hierarchical network security situational factor acquisition mechanism is proposed. In this mechanism, the hyper sphere classification algorithm of support vector machine is as the base classifier and the non negative matrix factorization is as attribute reduction method. The centroid which is acquired by the fuzzy classification algorithm is as the initialization matrix of non negative matrix factorization. It can solve the problem that the random initialization leads to unstable decomposition and it is easy to fall into local optimum. In the process of acquisition, firstly, the rule learning of classification and attributes is completed in the sink node, and then the classification analysis is completed in the cluster head and sink nodes, which can reduce the performance requirements of sensing node. The simulation results show that this method is of high accuracy and low time complexity. And it can reduce the communication overhead in process of the information transmission.Second, research on the network security situation evaluation. Aiming at the lack of correlation analysis for attack in evaluation process, this paper put forward a kind of multi-step attack security situation evaluation model based on Bayesian network. In this model, by using correlation analysis to dig out multi-step attack pattern and build attack graph, it efficiently solve the problem that multi-step attack correlation rules is much too rely on expert knowledge and difficult to maintenance. Then build Bayesian network based on multi-step attack graph. And define attack will, attack success probability, event monitoring accuracy as the probability attribute of Bayesian network. In risk analysis module, calculate attack risk by combing real-time attack and using Bayesian network posterior probability and cumulative probability. The reliability and timeliness of risk calculating is raised. Finally, through the network security situation evaluation module, make a quantitative evaluation of attacking threat, host security situation and the entire network security situation. The experiment results show that this model can be used for evaluating the correlation of multi-step attack and provide the basis for administrator to analysis real time network security situation. |
PDF Full Text Request