Research On Network Security Situational Awareness Based On Big Data

With the rapid development of Internet technology,the degree of social information has also increased.The network has become an indispensable part of human life,and the importance of network security has received more and more attention.People use various security technologies to strengthen and maintain the safe operation of the network.However,these security technologies usually only play their specific roles within a certain scope,and there is a lack of collaborative management mechanism between them,resulting in the inability to integrate data effectively.In response to these problems,network security situational awareness,as a new technology to solve a single defense problem,provides a relatively complete comprehensive solution,which has gradually become a hot topic of current research.In the era of big data,security devices such as intrusion detection devices,intrusion prevention devices,firewalls,and system security logs generate data at a fast,large,and diverse structure,making traditional network security situational awareness methods difficult to effectively address this problem.Big data analysis can be used to solve data analysis problems caused by various problems such as massive data and heterogeneous data.Based on big data analysis technology,this paper conducts three aspects: network security situation assessment,network security situation prediction and network security situation visualization.The specific research content is:(1)Network security situation awareness based on SimHash algorithm in the big data environment.Existing network security situational awareness models and algorithms are analyzed in the application to large-scale networks.Aiming at the problem of high complexity of multi-source heterogeneous situational factors applied to large-scale network security situational awareness,firstly,the complex network community structure partitioning algorithm is used to divide the network.Then,the efficiency and quantification of SimHash algorithm are used.Two characteristics of the dissimilarity of node state are analyzed.On the basis of the algorithm,the severity of the node attack is quickly quantified.Finally,the node security situation,module security situation and network security posture are gradually obtained from the bottom up.(2)Network security situation prediction based on Bloom filter and big data.In order to effectively and dynamically predict the attack behavior and quantify the network security situation,a dynamic network security situation prediction method based on big data is proposed.First,using the Bloom filter to filter redundant network security situation elements,and get clean data as the input of prediction.Then,use the vulnerability prediction algorithm to predict the number of future vulnerabilities in real time.Finally,the new vulnerability and Bayesian attack graph Combine,predict the attacker's subsequent attack behavior,and quantify the network security status based on the predicted results.(3)Network security situation visualization in the big data environment.Existing network security situation visualization system has limited storage capacity and computing power,and it is difficult to display the current status to the network management personnel in a timely and effective manner.In response to this problem,the visualization of the network security situation is based on the big data management platform.First,on the basis of open source big data tools,the data is dimension-reduced for subsequent data analysis.Then,the sliding window model is designed to reduce the memory footprint of a large number of data streams during rendering,which improves the stability of the system.Finally,the visualization system is used to demonstrate the assessment and prediction of the network security situation,so that network administrators can more easily understand the network security status.