Research Of Network Security Situation Awareness Based On D-S Evidence Theory

In the long-term social development process,people have found that the rational use of the Internet can change their lifestyles and make people's activities more and more convenient.However,as the scope of network applications continues to expand and the frequency of use continues to increase,It also causes frequent occurrences of incidents that interfere with network security,which has an impact on network security.Network security situational awareness was thus born,which includes two parts: assessment and prediction,and can accurately predicting the development of the situation while assess the security situation of the network environment,so that security personnel have a basis to take appropriate defensive measures.It is thus clear that correctly assessing the cybersecurity status and predicting the development of the situation in a short period of time is an important part of the action to maintain the cybersecurity environment.The specific research of this thesis is as follows.(1)After the research on network security posture,this thesis constructs a multi-level network security posture index assessment system from various aspects to provide the basis for a comprehensive and correct assessment.(2)This thesis builds a network security situation assessment model that combines D-S evidence theory and Elman neural network,in which Elman neural network is optimized by genetic algorithm.By analyzing the D-S theory of evidence,this thesis proposes two improvements to smoothen out the problems that have been clearly identified.First,in order to solve the shortcoming that the traditional assignment model of the BPA has subjective dependence,the method of using Elman neural network to obtain the basic probability assignment function is proposed so as to improve the objectivity of BPA.Meanwhile,Introduction of genetic algorithm for Elman neural network to ensure accurate BPA values can be obtained.Secondly,an evidence correction step is added to the traditional D-S evidence theory to correct the evidence based on Pearson coefficient and average probability value to optimize the problem of inaccurate decision results caused by conflicting evidence.Finally,the fusion rules of D-S evidence theory are used to fuse the support of the four first-level postures for different security levels to derive the final cybersecurity posture assessment results.(3)A model for predicting network security posture using gated recurrent units optimized by a particle swarm algorithm is established.Using DEIPSO algorithm to improve the GRU's meritseeking ability,which is obtained by introducing the idea of differential evolution algorithm into the PSO.In order to reduce the error of prediction results from the real value,a model constructed by combining the proposed DEIPSO algorithm with GRU is used for network security situational prediction.(4)To confirm whether the cyber security situational awareness model proposed in this thesis is available and whether the results are correct,some data from the NSL-KDD dataset are selected for simulation experiments.At the same time,the simulation results are compared with the results obtained from some models that are not optimized,and it is concluded that the model proposed in this thesis improves the accuracy of evaluation and prediction results.