| With the development of network technology, network conditions are becoming more and more complex and a healthy ecological environment of Internet is facing enormous threats and challenges. The emergence of network security situation awareness opens a new era in the field of network security and makes great upgrading and innovation to the traditional IDS and firewall.The new technology brings more intelligence to the network security scope, such as data mining,big data and so on. Meanwhile, it brings people's more beautiful expectation and longs for information security into the network security field. The emergence and development of this technology will be a great forwarding in network security, it will not only make network information more secure, but also liberate the network administrators from the complex network of affairs.This thesis studies two aspects, including the technical analysis and the engineering application of network security situation fusion awareness. In the section of technical analysis,we focus on studying the framework and the fusion awareness method of the fusion awareness technology. In the section of engineering application, this thesis attempts to design and develop a network security situation technology with typical awareness functions.The technical analysis includes three components. Firstly, we propose a network security situation model based on dynamic threat assessment to guide our technical analysis and engineering practice and clear the logical relationship between model and component composition. Secondly, we use of K-means clustering algorithm to classify the original data to reduce the probability of occurrence of fusion conflict and propose a D-S optimal data fusion algorithm based on the distance vector to improve the accuracy event recognition. Finally, we try to solve the problem of quantitative evaluation of network security situation and we propose a dynamic threat assessment method based on network security situation fusion and construct a three level assessment method based on the traditional hierarchical assessment. The quantitative evaluation method not only has better assessment accuracy but also make the theoretical preparation and feasibility validation for engineering practice.In engineering application section, we focus on the development of network security situation awareness technology and fuse the idea of situation awareness into the design of network technology framework. The development language, the graphical interface, the database which we use as well as other kinds of preparation about our technology development are also describe in detail under the support of theoretical research and the proposed model. Furthermore,we actualize the protocol analysis, the host scanning and other safety features. Then we show themethods which combination MySQL database with Snort sensor data collection. At last, we use the original network security event information, the visualization tools, the methods based on dynamic threat perception to show the evolution of network security situation in a fine-grained manner. Through the work we do mentioned above, we provide a new technique for controlling and administrating the security situation of the monitored network. |
PDF Full Text Request