Ontology Modeling Of Network Security Situation Awareness

The traditional network security protection scheme(such as firewall,intrusion detection systems(IDS),Anti-virus,etc.)process network intrusion information separately and there is not any information sharing and cooperation among them.When the multi-scale network attacks broke out,the traditional protection measures seem to be inadequate.So in order to improve the ability of global network monitoring,emergency response and prediction of network security,the network security situation awareness is proposed.Network security situation awareness can globally and macroscopically evaluate the security situation of network in real time and predict the development trend of the network security on the basis of the multi-source and heterogeneous network security factor information.In order to solve the difficulty of the description of the network security situation awareness domain description difficult,the heterogeneousness of the network security factor information,we comprehensively analyze the advantages and disadvantages of the current researches and propose a network security situation awareness model based on ontology and user-defined rules.In order to describe the network security situation comprehensively and effectively,this paper analyzes the existing network security indicators,and puts forward three aspects which include survivability,threat and vulnerability to describe the network security situation.According to the process of ontology modeling,this paper first summarizes the information elements reflecting the indicators of network security,abstracts and classifies them,and extracts the attributes and relations between them.And then a network security situational awareness model composed of context,attack information,vulnerability information and network traffic information is constructed.This model can solve the problem of multisource heterogeneity of situation elements and cannot be shared and reused.In addition,in order to make up for the defects of ontology description ability,this paper introduces user-defined rules based on SWRL and SPARQL.User-defined rule not only enhances the reasoning ability of ontology model,but also can respond to different needs of users to design different reasoning rules.After the construction of network security situation awareness ontology model,this paper uses scenario analysis method to verify the ability of detecting complex attacks and the ability of predicting the network threat.And the analysis proves the validity and superiority of the network security situation awareness model based on ontology and user-defined rules.