Cybersecurity Situation Awareness Based On Machine Learning

In today's society,the attack targets of cyber attackers are not limited to cyber attacks on ordinary users.They have already shifted their targets to a network environment with relevant backgrounds such as enterprises,governments,and countries.Therefore,the cyber security situation faced by governments and enterprises is becoming more and more serious.Through the network security situational awareness technology,it can more fully pay attention to the current network security status and development trend,and effectively evaluate the current network status to provide a reliable data basis for security personnel.The existing cybersecurity situation awareness technology integrates the intrusion detection system,log files,firewalls,equipment and facilities and other information data into a normalized operation through data fusion,and then performs further situation assessment and prediction based on the unified data.There is a lack of relevant methods for cybersecurity situational awareness systems for specific network security events.Based on this,depending on the research of cybersecurity situation awareness,this thesis studies the algorithm design for specific network security event detection,and conducts situation assessment and situation prediction of current network security status through the detection of security events.The security incident detection methods and situation assessment prediction methods involved in this thesis are based on machine learning and deep learning.The main security incident detection methods and situation prediction methods involved include the following aspects:(1)SQL injection attack detection,based on deep learning,using word2 vec and GRU.By applying this method,the accuracy is 0.917,the precision is 0.901,the recall is0.919,the F1-Score is 0.911.(2)DGA malicious domain name detection,based on machine learning,using multifeatures and LightGBM.By applying this method,the accuracy is 0.933,the precision is0.936,the recall is 0.956,the F1-Score is 0.945.(3)Malicious script detection,based on machine learning,using multi-dimensions features and XGBoost.By applying this method,the accuracy is 0.936,the precision is0.924,the recall is 0.941,the F1-Score is 0.932.(4)Situation assessment,based on the weight calculation of security events.(5)Situation prediction,based on deep learning,combined with LSTM and BiLSTM.By applying this method,the RMSE of train set is 0.717,the RMSE of test is0.806.This method can get the better result when comparing with the method of LSTM.The effectiveness of the algorithm model is verified by experiments,the obtained results are generally higher than the method designs of the references.and the prototype system of cybersecurity situation awareness is realized based on the detection of these network security events.The functions of the prototype system mainly include traffic collection and analysis,security event detection,situation assessment and situation prediction.Through testing,the prototype system can run stably in a high-speed network environment,meeting the needs of real-time assessment of situation and situation prediction.