Research And Implementation Of NSSA Technology Based On Knowledge Graph

With the rapid development of current highly networked society,people are facing increasingly severe challenges in the field of cyberspace security.Network Security Situation Awareness(NSSA)regards cyberspace as its background to observe,understand,and predict entities and events.It aims to analyze and mine effective cyber threat intelligence from internal and external data,which are massive and fragmented.And knowledge graph has its unique advantages in big data analysis and decision making.It can assist in understanding big data,gaining overall insight into big data,and providing decision support.Therefore,this thesis studies the application of knowledge graph in the field of network security situation awareness.First,this thesis proposes a knowledge-graph based network security situation awareness model,KG-NSSA(Knowledge-Graph-based NSSA).The KG-NSSA model provides an asset-based network security knowledge graph construction scheme.Based on the network security knowledge graph,it addresses and solves two classic problems in the field of network security situation awareness: network attack scenario discovery and situation understanding.Among them,the asset-based network security knowledge graph combines the asset information of the monitored network,fully considers the monitoring of network traffic,and provides support for the subsequent implementation of network security situation awareness technology.Second,the attack scenario discovery scheme given by KG-NSSA is different from the traditional alert-based attack scenario discovery.This scheme overcomes the drawbacks of the traditional alert aggregation process and alert correlation analysis process,which is susceptible to a large number of redundancy and false positives.Completion of attack discovery and attack correlation with similarity calculation can effectively reflect specific network attack behavior and mining attack scenarios.Based on the completion of the attack scenario discovery,the situation understanding scheme given by the KG-NSSA model applies the network attack events described by the graph model to the network situation understanding,which can effectively reflect the network attack scenario in the asset node situation.Finally,based on the KG-NSSA model,this thesis constructs a network security knowledge graph and implements a network security situation awareness system based on the knowledge graph.The network security situation awareness technology proposed in this thesis is verified by simulation experiments.The verification results show that the network security situational awareness technology implemented in this thesis can effectively mine attack scenarios and complete situational understanding,and has improved accuracy and efficiency compared with traditional methods.