Network Security Situation Awareness Based On Subspace Clustering And Multi-source Fusion

Situational awareness is considered a powerful method to solve cybersecurity problems.Based on the current network situation research,this paper proposes situational awareness based on network flow data and multi-source fusion,and uses the Holt-Winter method developed by BP neural network to predict the future situation.Most of the current threat detection data sources are IDS alarms.The fluidity of network data packets makes it difficult to apply common clustering methods.This paper proposes a BSC-RP threat detection method for subspace clustering of streaming data.First,the network flow data detected from the network ingress router is collated.Secondly,clusters are obtained by online attribute interval division and off-line subspace tree clustering.Finally,the obtained clusters are marked according to the majority voting method to obtain normal data and various types of attack threat data.The advantage of the algorithm is that during the construction of the subspace tree,operations are performed between each layer interval,the number of intervals to be performed is reduced,the amount of operations is significantly reduced,and the flow data high-speed flow characteristics are more suitable.At the stage of situation assessment,the existing fusion methods and hierarchical methods were analyzed.The existing assessment methods did not consider the factors affecting the situation values well,and did not consider the impact of the operation of the administrator and users on the situation values and threats to the next shift..For this reason,this paper proposes a situation assessment method for multi-source data fusion game.Firstly,the factors affecting the revenue of each party in the game process are analyzed.Then,the threat events,network administrators and users' tripartite game transfer analysis are performed on the detected threat events to obtain the comprehensive situation value of the network.The prediction of the current situation is still in the immature stage.Most of the prediction methods consider the situation value as having certain statistical characteristics,and then construct a statistical model to describe this characteristic and derive the next situation state value.In fact,the situation value distribution was actually Not necessarily stable.For this reason,the situation value is regarded as the time series distributed on the time axis.The situation values are divided into stationary components and non-stationary components.Secondly,the Holt-Winter method is used to predict the linear trend at the next moment of the situation value through quadratic exponential smoothing,and three-time exponential smoothing is used to predict the seasonal value of the situational value,that is,the periodic law.Then three-layer BP neural network is used to predict the random components.Finally,the Holt-Winter predictor and the neural network predictor were weighted to get the predicted situation.