Research On Multi-source Data Fusion Analysis For Situation Awareness

Networking is now very popular in our lives,but network security problems occur frequently,so the establishment of network security defense mechanisms has been very urgent.Traditional network security defense technologies have the characteristics of singularity and passivity,which can not meet the security needs of the contemporary network environment.Network security situational awareness is the integration and enhancement of multiple security detection technologies,which can monitor the complex environment of the network.Therefore,this paper analyzes and fuses the data from multiple sources for network security situation awareness by using a variety of safety detection technologies and constructing situation assessment indicators,so as to monitor and manage network security accurately and in real time.The main work of this paper is as follows:1)The multi-source and multi-dimensional cyber security situational awareness model is proposed.The shortcomings of the existing models include:single data,lack of collaborative linkage,unable to intuitively and efficiently understand the overall network security situation.Therefore,the multi-source and multi-dimensional hierarchical network security situation awareness model is designed to deal with these problems.The whole model architecture includes five layers,which are data collection layer,data preprocessing layer,anomaly analysis layer,security situation assessment layer and situation visualization layer.It can find potential network behaviors in large-scale network environment and make analysis and judgment of the current situation.2)A multi-source data association analysis method based on the Apriori algorithm is put forward.The relationship between network traffic,asset information,log information,system operation status is analyzed by the Apriori algorithm.The key elements were extracted to prove the reasonability of the evaluation index setting.3)The multi-level evaluation method based on coefficient of variation index weight is also presented in this paper.After data fusion and correlation analysis,the cyber security posture evaluation index system is formed according to the index construction process.The subjective assessment method of AHP,the objective weight assessment method of CV,and a combination of the two methods are compared to make the assessment results more exact.4)The prototype system of network security situation awareness is designed and implemented.The practicability of the above models and methods are proved by the experiment and practice.Through practical verification,the multi-source data fusion analysis technology for situation awareness can collect massive multi-source data,process in stages and store data efficiently,detect attacks quickly and in real time,accurately analyze the relationship between each other and the trend of the whole situation.This system can accurately perceive known intrusions,quickly perceive unknown threats,and keenly perceive their own vulnerability.