| The development of mobile Internet,Internet of things and other technologies has brought massive data,which contains a lot of important information,so network security is becoming more and more important.In order to do a good job of network security defense,on the basis of improving the existing static defense mechanism,through network security situation awareness,we can effectively analyze various network security related data and Threat Intelligence.However,the traditional evaluation and prediction methods are subjective in the face of dynamic network environment,so we need to acquire prior knowledge and deal with massive data It's difficult to manage and depends too much on human resources.Therefore,under the background of the widespread application of machine learning technology,network security situation awareness should also develop in the direction of intelligence and automation.Based on the research of current situation assessment and situation prediction methods,combined with machine learning algorithm and model,aiming at the shortcomings of current situation assessment and situation prediction methods,this paper proposes situation assessment model based on clustering analysis and situation prediction model based on natural gradient lifting tree.In the situation assessment phase,GMM(Gaussian texture)is adopted Model,Gaussian mixture model),which takes Honeynet intrusion detection data as input,analyzes and merges network security situation information such as alarm content and host assets,and then classifies the situation information into five security levels by GMM clustering algorithm and makes quantitative evaluation.Finally,the situation value is output to reflect the.network security situation,and the traditional hierarchical quantification is used The feasibility of the evaluation method is verified.In the situation prediction stage,ngboost(natural gradient)is mainly used Boosting,natural gradient lifting tree)this probability prediction model,by combining gradient lifting tree and natural gradient lifting method,quantifies the uncertainty in network security situation prediction,combines the situation value output in situation evaluation stage with time to construct time series,forecasts it through ngboost and xgboost(extreme)with standard gradient Gradient boosting,the limit gradient lifting tree)and the traditional artificial neural network prediction method are compared to verify its accuracy.The simulation results show that the GMM clustering based situation assessment model can reasonably and effectively quantify the network security situation and reflect the real security situation of the network;the ngboost based situation prediction model can predict the network security situation value for a period of time in the future,which has higher prediction accuracy than the standard gradient xgboost and artificial neural network.Figure[29]table[14]reference[61]... |
PDF Full Text Request