Research On Key Technologies Of Network Security Situation Assessment And Prediction

At present,with the prosperous development of the Internet,network security issues are becoming more and more serious.Traditional defense methods are relatively passive,difficult to deal with unknown attacks,and lack of contact with each other,unable to share data.In order to solve these problems,researchers built a new generation of network security defense system based on situational awareness technology.It extracts and processes the elements of the network security situation,evaluates the network security status,and predicts its development,so as to help network administrators formulate reasonable and efficient defense measures,achieve active defense,and minimize the harm caused by network attacks.The thesis mainly studies the network security situation assessment and prediction.The thesis first sorts out the development status of this field,then conducts targeted research and experiments based on the current problems,and draws some innovative results and conclusions.The specific research work and contributions are as follows:(1)The acquisition of network security situation elements is the basis of situation assessment and prediction,and its accuracy is directly related to the effect of subsequent links.However,the acquisition of network security situation elements usually requires the analysis and processing of high-dimensional and complex network audit data,and the effects of different characteristic attributes in the data on the accurate acquisition of situation elements are also different from each other,so traditional algorithms are often difficult to obtain good performance.To solve this problem,the thesis first optimizes the traditional KNN algorithm based on the attribute weighting of the analytic hierarchy process and the method of model integration,and names it WKNN(Weighted KNN)algorithm,and uses it to complete network attack classification tasks,thereby extracting network attack element data.Experiments show that it can effectively improve the accuracy and stability of network attack classification.Then,considering that most of the current network security situation prediction research is to improve specific algorithm models,and lack of research on the predictability of the situation itself,the thesis uses entropy theory and other mathematical tools to conduct a theoretical analysis of the predictability of the network security situation.First,based on the close correlation between the network security situation elements and the network security situation,the thesis analyzes the most uncertain network attack elements,derives and calculates the upper and lower limits of the predictability,and concludes that the network attack elements have a high predictability.Next,the thesis uses the same method to analyze the network security situation sequence,and the experimental results show that it is also highly predictable,thus confirming the feasibility of network security situation prediction.(2)Among the many current network security situation assessment models,the situation assessment model based on deep learning has the best effect,but there are still problems that the situation elements are not fully utilized and the dynamics of the situation elements are not considered sufficiently.In response to this problem,the thesis uses technologies such as the attention mechanism in the field of deep learning to improve the existing situation assessment model,and proposes a situation assessment model called MCALSTM-CNN(Multi Channel Attention LSTM CNN).The model first uses the multi-channel attention LSTM module to process the situational element data of different types at multiple time points,and extract the dynamic characteristics of the network security situation.Then the multi-channel feature data is weighted spliced and fused based on the attention module to obtain the overall feature data,and the impact of various security elements on the current security state is evaluated through the weight of each channel.Finally,through the one-dimensional convolutional layer and the feedforward neural network,the feature data is further merged to obtain the network security situation value.Experiments have proved that the situation assessment model proposed in the thesis has improved accuracy and F1 value compared with other models,and can accurately complete the situation assessment task.(3)At present,most network security situation prediction algorithms directly model and predict the situation value sequence.However,due to the simple model,it is difficult to effectively extract the complex laws in the data,and the situation element data is not fully utilized.In response to the problem,the thesis uses the components of deep learning to build a predictive model called Conv Trans-TCN(Convolutional Transformer TCN).The model first uses the causal convolution multi-head self-attention module to construct the feature extraction part.It can effectively model the long-term dependencies in the sequence,and match the local patterns of the sequence,thereby optimizing the feature extraction effect.Then the model uses the TCN module to construct the information fusion part to complete the fusion of the characteristic data.Finally,the situation prediction value is obtained through the feedforward neural network.Experiments have proved that the model proposed in the thesis has advantages over other models in terms of prediction accuracy and prediction stability,and can obtain accurate situation prediction results,providing network administrators with an effective reference for the future network security situation.