Design And Implementation Of An Network Security Situation Awareness System

With the development of the times,the Internet has been integrated into the various fields of society.While it has brougt great convenience to people,at the same time also it brought hidden dangers.Network security incidents and vulnerabilities are endless,in order to maintain network security,different network security devices came into being.Initially,the functions of network security devices are specific to specific security events.But with the development of social needs,the complexity of network and security incidents adds to the burden on network administrators.In addition,the poor correlation between network devices causes the administrator to be aware of the state of the network as a whole.Network security situation is to help network administrators to grasp the overall network security status and to predict the future security situation,to provide a basis for security decisions.Based on the previous research on the network security situation,this paper proposes an index-based network security situational awareness system.By collecting the basic operating information of the network equipment and the vulnerability reported by the vulnerability scanning device and the security event reported by the intrusion detection equipment as the data source and put forward the index,then a hierarchical network security situation assessment model is proposed,and the fuzzy analytic hierarchy process(FAHP)is uesd to determine the weight.Autoregressive Integrated Moving Average(ARIMA),WDR-ARIMA based on wavelet decomposition,BP neural network model and wavelet neural network model are used to predict the potential value of the future.The main work of this paper is as follows:1.Read the network security situation awareness related literature and konw the relevant theory and technology.The design of the network security situation sensing system is given,including data collection,database selection,database table design,index extraction,evaluation model setting,weight rule setting,visualization of index,development Language,framework,and development environment.2.Based on the proxy mode,the basic operation information of the device node is collected,the vulnerability scanning platform is set up to the vulnerability information in the network,and the intrusion detection system is set up to collect the network security event information.3.Research on situational awareness model,including ARIMA,BP neural network,wavelet neural network,and proposed a WDR-ARIMA prediction model based on wavelet decomposition and reconstruction technology to improve ARIMA.Lastly,we used three models to test the predictive performance.