Design And Implementation Of The Network Security Situation Awareness System Based On Network Flow

With more and more types of network intrusion,more and more equipment is invested to maintain network security.In the face of many complex security information,security managers have limited ability to understand and cannot understand the overall network security status in a short time.In order to help security managers to quickly grasp the overall security situation information of the network in a short time,network security situation awareness technology is used to extract and fuse the security information of various security devices in the network,and finally get a situation value about the network security situation value.The traditional security situation awareness technology mainly generates situation information by directly fusing IDS alarm information and various security logs.However,as the network scale expands,the correlation analysis complexity required for data fusion increases,which will reduce the speed of situation information generation.The security situation analysis based on network flow has the advantages of ensuring the integrity of security information,reducing intermediate processing links and deploying traffic bypass collectors.Therefore,this paper chooses to conduct security situation analysis based on network traffic.The main work of this article includes the following three aspects:Firstly,this paper establishes a general anomaly detection model and optimizes the model in three aspects,so that the recall rate of the rare attack types r2 l and u2 r reaches 45.0% and 14.0%,which is relatively high in the same literature level.The anomaly detection model is based on five classifiers trained on the support vector machine and KDD CUP99 dataset.In this paper,the three aspects of the anomaly detection model are optimized as follows: First,a feature extraction method based on abnormal proportion analysis is proposed to extract effective feature combinations for five classifiers;Second,the sampling technique is used to train each classifier's training set.The sample distribution is optimized;the third is to optimize the parameters of each classifier based on the simulated annealing algorithm.Secondly,this paper proposes a calculation method for the security situationunderstanding process and optimizes the analytic hierarchy process used in two aspects.The two aspects of the analytic hierarchy process are optimized as follows: one is to use the fuzzy relative comparison matrix to calculate the weight to further reduce the subjectivity of the person in the process of giving the relative weight;the second is to automatically correct the relative comparison matrix based on the induction matrix,Make the system more automated.For the prediction of security situation,this paper is implemented by a back propagation neural network trained based on historical situation value.Finally,this paper designs and implements a security situation analysis system based on network traffic.Based on the requirement analysis and system design of the security situation analysis system,the implementation method of each functional module in this paper is proposed,and the practicality of the system is verified by functional testing and non-functional testing.The test results show that the system administrator can learn the current situation value and attack behavior in the network through the system at the first time.