Research On Overall Network Security Situation And Real-time Network Security Situation Assessment Technology Based On Multi-source Data Analysis

The Internet is becoming more and more important in our lives and brings much convenience to us,but at the same time,it also causes many security problems.In recent years,as cyber-security incidents occur more and more frequently,people pay more attention to the establishment of network security defense mechanisms.But the traditional security mechanisms,such as intrusion detection system and firewall,have many problems.For example,they could cause a large amount of alarms,they are independent of each other and lack of cooperation,and they don't have a unified defense system to grasp the security situation of the whole network comprehensively and accurately.So,how to make an overall assessment of the security status of the network is an important problem for the network security managers.In order to solve the problems of traditional network security technologies,people come up with a new technology called Network Security Situation Assessment(NSSA).The network security situation assessment technology could solve the problems of traditional security defense mechanisms.NSSA makes a comprehensive analysis on the multi-source cyber-security data,and uses the feature fusion algorithms and specific threat assessment models,to complete the overall assessment of the network situation,and finally provides reliable decisions for the network security managers.This thesis firstly introduces the concept and background of network security situation assessment,and secondly introduces the existing network security and feature fusion technologies.Then,this thesis establishes a network security model and uses some feature fusion technologies to make a comprehensive and accurate assessment of the overall security situation and the real time security situation.The main work of this thesis is listed as follows.(1)In view of the uncertainty and integration difficulty of the network security events,we firstly set up a three-layer evaluation index,then put forward the overall of situation assessment technology based on the implicit Markov model,PageRank algorithm and D-S evidence theory,finally,the validity and accuracy of this method are verified by comparative experiments;(2)In view of the strong real-time characteristics of network security situation,we put forward a real-time situation assessment method based on a threat propagation model,which has obvious situation changes for the real-time threat and could assess the potential threats,and the validity,accuracy and real-time of the proposed method are verified through comparative experiments.(3)Based on the overall situation assessment and real-time situation assessment technology,a network security situational awareness system has been developed for a national Power Grid Corporation.Then two specific examples are used to prove their respective functions and advantages and more comprehensive and efficient roles under the mutual cooperation.