Research And Application Of Network Security Situation Quantitative Evaluation Method

With the rapid development of the Internet,people's work and life are increasingly dependent on the Internet,but people also face many network security issues while gaining convenience.In recent years,cyber security incidents have occurred frequently,causing serious harm to the government,enterprises and individuals.Network security has risen to the level of national security.Traditional network security devices work independently,and the correlation of various security information is not comprehensively analyzed.Therefore,the security of the network cannot be macroscopically recognized.In order to grasp the security status of the network from a macro perspective,the network security situation assessment technology integrates and enhances multiple security defense technologies.Multi-source network security data has been comprehensively analyzed in the network security situation assessment,and certain feature fusion algorithms and reliable threat assessment models are used to evaluate the overall situation of the network,finally the decision of network security personnel is supported.A hierarchical network security situation quantitative evaluation model,which solves the problem that other evaluation models have insufficient evaluation accuracy in the face of multiple attack scenarios,based on attack scenarios is proposed in this thesis after combing the theoretical basis of the existing network security situation quantitative evaluation technology and analyzing the existing network security data analysis technology and fusion technology.Firstly,a new network security situation assessment model is established.The network security situation is divided into network layer,host layer and scene layer,and the quantitative relationship between each level is obtained through analysis.Secondly,the environment information-based alarm filtering method and the asset-oriented alarm aggregation method are adopted and the original alarm information is transformed into attack scenario information through association analysis.Thirdly,the accuracy of the hidden Markov model for network security state determination is improved by optimizing the determination of the state transition matrix in the hidden Markov model after analyzing the network attack and defense model and the conditions for successful attack.In addition,a method for determining the weight of network nodes based on fuzzy analytic hierarchy process and PageRank algorithm is proposed,which solves the subjective problem of node weight determination in the network.Finally,according to the situation assessment model proposed in this thesis,the prototype of the network security situation quantitative evaluation system is designed and implemented.Finally,the simulation experiment of the proposed network security situation quantitative evaluation model is carried out.The simulation experiment is carried out by using the LLDOS1.0 data in the DARPA2000 dataset provided by the Massachusetts Institute of Technology,and the experimental results are analyzed.The experimental results show that the network security situation quantitative evaluation model proposed in this thesis can effectively quantify the network security situation,and can effectively identify the security status of nodes in each scenario under multiple attack scenarios.The method has more detailed analysis results.