Research On Network Security Situational Awareness Technology Based On Software Defined Networking

The rapid development of information technology made the network increasingly complex and diversified,which brought great challenges to the security management of the network.The single use of "prevention","detection","tolerance" network security management technology was difficult to ensure that the network run in a safe state.In order to reduce the losses caused by network attacks as much as possible,a technical measure that could help network managers grasp the current security situation of the network,understand the future evolution trend of the security situation and respond in a timely and comprehensive manner was needed.The concept of network security situation awareness(NSSA)gradually aroused the interest of researchers,and they hoped to use it to solve the above demand.However,the research on the network security situation awareness is still in the exploration stage,and the ability of situational awareness remains to be improved.We studied the impact of security issues from the two aspects of internal vulnerability and external attack,aiming at improving the ability of network security situation awareness.The following work was done:Aiming at the effect of SDN network vulnerability propagation and its suppression strategy,we proposed a formal model of SDN network vulnerability propagation based on Bio-PEPA.First,we analyzed the basic semantics of Bio-PEPA,and illustrated that it was suitable for describing the SDN network with obvious hierarchical structure and was suitable for analyzing the dynamic vulnerability diffusion problem.Secondly,we modeled the existing vulnerabilities in SDN networks by layers,and constructed a formal model of intra-layer(horizontal)and inter-layer(vertical)vulnerability diffusion in SDN network.Based on this,we analyzed the diffusion mechanism of vulnerability in both horizontal and vertical dimensions in SDN network,so as to better suppress the spread of vulnerability in SDN network.To improve the accuracy of the network security situation awareness,a security situation automatic awareness model based on accumulative data preprocess and support vector machine(SVM)optimized by covariance matrix adaptive evolutionary strategy(CMA-ES)was proposed.Firstly,we used the hierarchical quantification analysis method to quantify multi-source security situation information for macro situation values,and constructed time series.Secondly,considered the irregularity of network security situation values,the situation value data was superimposed and normalized,and the regularity of data was enhanced,and the model was easy to build.Finally,CMA-ES was applied to the self-selection of SVM parameters,to make the prediction model more accurate,and the prediction results were displayed by data reduction,and the ability of situation awareness was improved.In view of visualization of network security situation data is generally poor in interactivity and operability,we used the Ext JS toolkit to dynamically present the calculation results of the model proposed in this paper.At the same time,based on the current needs of network managers,a differentiated visualization scheme based on the overall pie chart,dynamic line chart,multi-element radar chart,and macro situation value meter chart was formed.In addition,the use of Ext JS enhanced the interactivity of the graphical interface,allowing network administrators to intuitively grasp the current and future trend of the network.