Research And Implementation Of Security Situation Awareness Technology Based On Network Traffic

With the implementation of cybersecurity classified protection system and standards,active defense and dynamic defense has become the core ideas of network protection.This requires the information system to comprehensively improve its ability to protect against network attacks,to ensure that it can resist non-traditional and complex means of network attacks,to achieve all-directional and all-weather comprehensive monitoring of the network situation,and to achieve the goal of building a high-level network security protection system.This thesis uses network traffic as the data basis to conduct in-depth research on the indicator system,assessment model,prediction model and system implementation of security situation awareness.The main work includes the following:(1)This thesis first constructs a three-layer indicator system according to the characteristics of network situation,and then proposes a network security situation awareness assessment and prediction model based on the indicator system.1)This thesis uses the Catboost model based on Bayesian optimization to evaluate the threat situation.The Bayesian optimization method has the advantages of fewer iterations and faster speed,while the Catboost model has the advantages of preventing overfitting and automatic eigenvalue processing.Therefore,the parameter optimization of Catboost model is carried out by using Bayesian optimization method,and the optimized model is applied to the situation assessment of network threat,so that the current network situation can be accurately evaluated.Through experimental analysis,the model is compared with other situation assessment models,which verifies the superiority of this model in situation assessment.2)In this thesis,the improved LSTM model is used to predict the network situation.Long short-term memory(LSTM)network model in the training can control gradient convergence and has the advantages of long-term memory,bidirectional long short-term memory(Bi LSTM)network model has the advantage of bidirectional analysis of time series.Using these two models to stack the hidden layer of neural network,can increase the depth of hidden layer of neural network and improve the accuracy of prediction of time series.Therefore,relevant parameters of the improved LSTM model are adjusted in this thesis,and the model is applied to the prediction of network state,so that the current network state can be predicted accurately.Through experimental analysis,the model is compared with other situation prediction models,and the feasibility of the model in situation prediction is verified.(2)Aiming at the security problems existing in the current network,this thesis designs and implements the network security situation awareness system according to the proposed functional requirements.The system has the function of security analysis and visual display of the traffic in the network.The system can analyze the security problems in the network,promptly alert the attack behavior in the network,observe the network condition from two different perspectives of the attacker and the defender,and realize the assessment and prediction of the network situation.Finally,through the visual interface,safety personnel will be brought into the closed loop of safety analysis.The ultimate goal of this thesis is to provide security personnel with accurate network situation and future development information through network security situation awareness technology,to achieve effective control of network conditions by security personnel,to assist security personnel in timely discovery of security vulnerabilities and abnormal events in the network,and to enhance the active defense capability against external attacks,thereby reducing the security risk of the system and improving the protection capability of the network.