Research On Network Security Situation Elements Extraction And Prediction Methods

The continuous progress of mobile communication and Internet technology,as well as the vigorous development of a series of emerging technologies such as cloud computing and big data,which accelerate the transformation of cyberspace,the increasingly complex topology leads to the explosive growth of network traffic,and the endless emergence of network attacks have made network security the first to bear the brunt.Network security situation awareness technology can make up for the defects of traditional security protection technology.By extracting the situation elements that cause the network situation to change,security assessment and analysis can be performed on them,so as to detect network attack threats and anomalies in time,and provide the ability to predict the network change trend.It aims to systematically and overall grasp the development of the network from a macro perspective,so as to discover and actively defend against network attacks in advance.This paper focuses on two aspects of network security situation elements extraction and situation prediction,aiming at the problems of existing methods,and carries out research work,the main research work of this paper is as follows:(1)Facing the current large-scale network environment,drawing on hierarchical thinking and combining big data parallel processing technology,a network security situational awareness system model based on the Spark platform is proposed.The model is divided into data collection layer,data preprocessing layer,network security situation awareness layer and visualization layer from bottom to top.Among them,the network security situation awareness layer is the core of the whole model.It consists of three parts:situation element extraction,situation assessment and situation prediction.Combined with Spark big data technology,provides effective support for the rapid processing of massive situational data.In addition,a corresponding prototype system is designed based on the proposed model.(2)In order to solve the problem of low accuracy and poor efficiency in obtaining network security situation elements in large-scale network environments,this paper proposes a parallel network security situation elements acquisition method based on the Spark platform.First,employs the Deep Belief Network to learn the deep connections between features from the original data so as to reduce the dimensionality of features,and then applies the reduced data to Random Forest for achieve the extraction of situation elements.This method is based on the Spark platform,which greatly improves the execution efficiency in the entire network security situation element acquisition process.Experimental results show that,compared with other methods,this method achieves fast and accurate acquisition of network security situation elements on the basis of maintaining high accuracy and low false alarm rate,and has outstanding robustness and generalization performance.(3)In order to solve the problem that the traditional network security situation prediction method is difficult to adapt to the large-scale network environment and the prediction fitting effect is not good,this paper proposes a situation prediction method based on bi-directional long-short term memory(Bi-LSTM)neural network according to the time series characteristics of situation prediction data and Sparrow search algorithm.Firstly,the Bi-LSTM neural network is suitable for processing time series to establish the prediction model,and then the sparrow search algorithm is used to realize the automatic optimization of the super parameters of Bi-LSTM neural network,so as to solve the problem that the performance of the model is affected by setting parameters for human experience.Through comparative experiments,the results show that,compared with other methods,the sparrow search algorithm can significantly improve the convergence speed of the prediction model,and further improve the accuracy of prediction.