Research On Network Security Situation Awareness Based On Improved LSTM Neural Network

Network security situation awareness aims to extract situation elements,evaluate current situation and predict the trend of network security situation comprehensively and accurately.It lays a solid foundation for network security.Current researches focus on improving either the accuracy of logical discrimination or the awareness speed.It is difficult for them to balance processing time series logically and operation efficiency.At the same time,problems such as high implementation complexity and strong subjectivity also exist.To solve related problems,the research in this thesis mainly carries out the following work:1.Improve long short-term memory(LSTM)neural network to analyze and process situation data.It aims to make full use of the logic relationship contained in the serialized data.Cross-entropy function is used to improve the loss calculation process.Rectifier linear unit is used to improve the structure of the LSTM unit,and the fully connected layer is combined with the stacking of LSTM layers to build the deep neural network.The thesis proposes a cross-entropy and rectified linear unit improved three-layer long short-term memory(CRIT-LSTM)network structure.The improvements improves the processing capability and efficiency.2.Considering the characteristics of the structure,the actual needs of situation evaluation and prediction,we propose data preprocessing and data organization methods,a quantification method based on the idea of cyber kill chain,and a presentation method based on a sliding time window.The objectivity and stability of results are guaranteed.3.Construct a network security situation awareness framework based on CRIT-LSTM.The framework processes the original security situation data and directly outputs quantitative curves about network security situation.Modular design and double discrimination engines reduce the implementation complexity and improve stability.The output curves cover two aspects of network security situation,including evaluation and prediction.It can represent detailed changes on a small time scale,which reduces the lag and uncertainty of network security situation awareness.4.The framework is implemented and tested on KDD CUP 99 and UNSW-NB15 data sets.This thesis compares and analyzes the performance of the three models in both training and testing under various indicators.The capabilities of evaluation and prediction in network security situation awareness have been verified separately.The experiment confirms that the framework for network security situation awareness based on the improved LSTM neural network can evaluate the current situation of network security and predict the recent trend of network security better,which has a positive significance for the realization of efficient network security situation awareness...