Research On Key Technologies Of Network Security Situation Evaluation And Prediction

With the rapid development of the Internet,network security problems are becoming more and more serious.Detecting and handling network security incidents in time is beneficial to the healthy operation of the entire Internet ecosystem.The traditional network security technical protection measures mainly include: firewall,intrusion detection,and encryption technologies,these technologies are mainly passive defense methods against network attacks.In order to detect the threats of the network in advance and minimize the damage to the network system,network security situation awareness technology emerges as the times require.This technology can fuse different aspects of network security elements,and realize threat perception of network systems through key technologies such as information fusion,situation evaluation and situation prediction.It can make a reasonable prediction of the future network security situation,which is conducive to the next decision analysis and improve the network management efficiency.This paper focuses on the two key technologies,situation evaluation and situation prediction,to research.At first,it introduces the development status of the two key technologies.According to the existing problems and deficiencies,this paper explores the two key technologies on a typical LAN.The main achievements are as follows:In the current network security situation evaluation(NSSE)model,only a large number of IDS alert information is utilized without combining target system configuration information,asset value information,and vulnerability information.A hierarchical situation evaluation model based on alert verification and fuzzy reasoning is proposed for this problem.The model innovatively adds the fuzzy reasoning layer based on the original attack,service,host,and network system four-layer structure.The model first uses the fuzzy comprehensive evaluation method to proceed the alert verification process,and combines the specific target system information to calculate the correlation information of each alert,so as to obtain the alert success rate.Then,establishing appropriate fuzzy rules for the three elements of the alert: alert frequency,alert severity,alert success rate.Using fuzzy reasoning to achieve the complex nonlinear mapping relationship between the three with getting a comprehensive alert value.Finally,calculating the situation values of the service,the host,and the entire network system.The experimental analysis based on the Honeynet dataset shows that this evaluation method effectively eliminates the effects of false alert information and the obtained evaluation results are more comprehensive and accurate than the traditional methods.Aiming at the poor applicability and low precision of traditional network security situation prediction(NSSP)algorithms,a long-short-term memory(LSTM)neural network prediction algorithm based on particle swarm optimization(PSO)is proposed to solve the problem.Firstly,the algorithm uses the gated memory unit of LSTM neural network to control the ratio of input information and memory information reasonably,and solves the problems of memory “forgetting” and gradient disappearance in the original recurrent neural network(RNN).Considering the difficulty in determining the network parameters and converging to the local optimal solution easily during the LSTM neural network training process,PSO algorithm is used to automatically optimize the weight of the network,which enabling the network to converge quickly to a global optimum.Comparing with other prediction algorithms,it is verified that the accuracy and convergence of the proposed prediction algorithm have a better effect.