Research On Network Security Situation Evaluation Based On Resource Information Evidence Reasoning

With the rapid development of computer technology,the technology of attack is rapidly updated and measures of attack become more and more complex.The country and society are affected by network security events.Traditional network security technology is facing many problems that the entire network security situation can't be controlled exactly.The network security situation assessment can grasp the changes of the network security situation as a whole.It can help administrators to analyze the network security situation and provide the basis for them to make correct decisions.It plays an important role in improving the ability of network monitoring and emergency response.At the same time protected information security.Therefore,the network security situation evaluation possesses important significance.This topic studies on network security situation evaluation.This thesis analyzes the research status of domestic and international network security situation evaluation technology and points out that the former studies often ignore the threat posed by the peak of normal behavior to the network.In view of the shortcomings,this thesis studies the method of network security situation evaluation based on the resource information evidence reasoning.This method comprehensively considers the influence of normal behavior and attack behavior on network security,and combines the network resource elements to evaluate the network security situation,it makes the evaluation results more realistic.Firstly,this thesis studies the network traffic classification method.In order to reflect the network security situation exactly,it need to assess the threats by normal behavior and aggressive behavior comprehensively.Therefore,before the network security situation assessment,network traffic should be classified quickly and accurately.The traffic,CPU and memory index are used as the characteristic attributes,and then the improved kNN algorithm is used to classify the traffic.Compared with the traditional kNN algorithm,it reduces the time overhead.Through cutting the sample set reasonably to reduce the number of training samples which need to be compared,and achieves the purpose of improving the efficiency of classification.Secondly,this thesis discussed the network security situation evaluation method by evidential reasoning rule on the basis of the traffic classification.According to the correlation analysis of network resources,the density of the traffic,CPU,memory and disk resource indicators are selected as the situation elements.Next,uses evidential reasoning rule to make logical inference,and analyze synthetically the impact of the normal behavior and the attack behavior on the network security.Then the evaluation results of the overall network security situation are obtained,and calculating the security situation quantitatively.Finally,the network security situation value is obtained.It can provide a reference for network administrators.The results show that the network traffic classification method based on improved kNN can effectively improve the classification speed under the premise of ensuring the accuracy of classification.At the same time,the network security situation evaluation method based on resource information evidence reasoning has a good evaluation effect,and the results of evaluation can reflect the changes of network security situation exactly.It provides a new method for the study of network security situation evaluation.