| With the continuous progress of the Internet technology,the network is also moving towards large-scale and diversified direction,new means of attack appear constantly,the exising network security protective measures have a great gap with people’s current needs,network security issues become increasingly prominent and serious.In this grim background,the research of network security situation awareness(NASA)technology is of great significance.The NASA through collect situational factors that affect network security status,to assessment and prediction the entire network,the situation assessment is a qualitative and quantitative analysis of the state of network security status,the situation prediction is a linear regression analysis of the future state of network security.In this paper,the Hidden Markov Model(HMM)and Support Vector Machine(SVM)are used to assessment and prediction the network security situation.The specific research is as follows:1.In order to reflect the network security situation more accurately,an improved method of situation assessment based on HMM is proposed.This method uses the output of the intrusion detection system as input,according to the Snort manual to classify the alarm events,and obtain the observation sequence.Then the HMM is built according to the change of the host’s security state with the change of the observation sequence,and the modified simulated annealing algorithm(SA)and Bauw_Welch(BW)algorithm are used to optimize the congifuration parameters of the assessment model.Finally the security situation value of the whole network is obtained by using the method of quantitative analysis.The security situation of each host and the whole network is drawn,which can reflect the security of the host and the network and the trend of change.The simulation results show that this method can effectively improve the convergence rate of the model and the accuracy of the assessment results,and accurately reflect the network security situation.2.In order to further improve the accuracy of the network security situation prediction model,a new method of situation prediction based on adaptive genetic algorithm(GA)and SVM is proposed.This method utilizes the advantages of SVM in dealing with small samples and nonlinear data,but the prediction accuracy of SVM is greatly influenced by the kernel function parameters,an adaptive genetic algorithm is introduced to optimize the kernel function parameters.Firstly,the use of non-uniform mutation of the operation,not noly can improve the global search ability at the early stage of the algorithm,but also can improve the partial search ability in the optimal solution range.Secondly,we adopt the method of dynamic adjustment in the cross and mutation probability,to meet the requirements of the population individual at different stages of the algorithm,and avoid falling into the local optimal,speed up the convergence rate of the algorithm.Finally,the optimal model is used to predict the network security situation value,through the simulation results show that the proposed method can improve the accuracy of the prediction results effectively. |
