Network Security Situational Awareness By PCA Technology

Network situational awareness is a prerequisite for network security.This thesis focuses on the network security situational awareness of the backbone network.The situational awareness would have a large delay for the backbone network by using the huge data generated from a firewall or IDS(Intrusion Detection System)detection.Most of the abnormalities in the network can be reflected in the traffic flow,so this thesis uses the traffic flow data to study the network security situation awareness for the backbone network.This thesis first analyzes the network security situation awareness model and the state of art of the related researches in perception,situation assessment,anomaly type identification,situation quantification,and situation prediction.Then,used the Principal Component Analysis(PCA)method to extract the principal components of the traffic flow matrix,and divided the space defined by the traffic matrix into normal subspaces and abnormal subspaces.And the situation assessment is performed for the abnormal and the normal subspaces combined with the Q statistics and T~2 statistics respectively.If the network is abnormal,the specific type of abnormality is identified by calculating the abnormal contribution rate.Third,this thesis quantifies the security situation of the backbone network based on the situation assessment and the type of abnormality and uses numerical values to explicitly indicate the current risk status of the backbone network.Finally,this thesis uses the Gaussian stochastic process regression method based to predict the quantitative value of the network security posture of the backbone network on Bayesian reasoning,to prevent risks in advance by sensed the possible abnormalities in the network at the future moment.The method used and modified in this thesis can significantly improve the efficiency of backbone network security situational awareness.Benchmark for verification is to use the data sets standardized by the international technical community.It shows that the accuracy of the method proposed can be increased as high as 99.17%,and the error detection rate is lower than 4.8%.On the other hand,compared with the relative entropy method,the accuracy rate of abnormal type recognition is improved by 10%.In terms of situational quantization value prediction performance,compared with the deep short learning LSTM(Long and Short Term Memory)network prediction error,the prediction error is reduced by 63%.