Design And Implementation Of Network Attack Situation Detection System Based On Knowledge Graph

With the continuous popularity of computers and smart devices,the Internet has penetrated into all aspects of people's lives,and security problems have become increasingly prominent.In order to ensure network security,detecting and discovering is one of the effective ways to prevent the occurrence of network attacks.At present,most of the main detection models are evaluated for the status of the network.Because the numeric data type is single and can only deal with known problems,the accuracy of detection cannot meet people's needs.Based on the study of existing situation detection schemes and situation detection technologies,this paper combines an existing indicator system and situation detection model,and proposes an attack situation detection scheme based on knowledge graph.Specific work and results achieved include:i.This paper presents a method for modeling network attack events based on knowledge graphs.In view of the characteristics of event description,this paper adopts pattern matching and sequence labeling methods for concept mining,and also,a method for querying related documents is designed to find the non-coherent description concepts in the original text and the relationship between them.Through event mining and relationship mining,event description triples are obtained.The network attack events are abstracted as graph descriptions,which can provide new features for network attack situation detection.ii.Combined with historical event information and Internet news,a design scheme of situation detection system based on knowledge graph is proposed.A new feature is added to the original situation evaluation system and each dimension is included to calculate.The result shows that adding the new dimension of feature can improve the accuracy of situation detection.iii.Based on the evaluation system and situation detection method proposed above,a design scheme of network attack situation detection system based on knowledge graph is proposed.According to the system requirements,the data acquisition module,data processing and storage module,situation evaluate module,situation detect module,central manage module and user interface module are designed and implemented.Real-time situation detection result can be performed,and the current real-time status can be also displayed.