| Along with the advent of the information age,various technologies have innovated.Internet applications emerge one after another,the scale of cyberspace expands,and the network structure becomes more complex.In recent years,the rise of short videos and live broadcasts has brought new convenience and fun to people;people are more and more inseparable from the Internet in production and livelihood.The development of science and technology brings the diversification of cyberspace and frequent and diverse cyberattacks and threats.Therefore,it is urgent to seek more efficient network security protection measures suitable for complex network structures.Network Security Situation Awareness(NSSA)arises at the historical moment and has become the focus of network security research.At present,the technical research of NSSA mainly focuses on the two stages of situation assessment and situation prediction.However,some existing NSSA evaluation and prediction methods can no longer meet the requirements of network security managers for the accuracy of NSSA due to the time-varying,nonlinear and other reasons of current network security.To further improve the accuracy of assessment and prediction in network security situation awareness,this thesis proposes the network security situation assessment method based on spectral clustering analysis and the network security situation prediction method based on GA-GWO-SVM.Firstly,this thesis constructed the network security situation evaluation system and quantified some secondary indicators from the three dimensions of asset operability,system vulnerability,and security risk,combined with 14 secondary factor indicators.It effectively solves the problems of incomplete selection of situational elements and the single dimension of the indicator evaluation system,which facilitates network security managers to measure network security situations from multiple dimensions comprehensively.Secondly,this thesis uses the spectral clustering algorithm to solve high-dimensional complex clustering problems and applies it to network security situation assessment.According to the index evaluation system’s element selection and quantification rules,the identified critical abnormal and typical data are quantitatively calculated to obtain the situation value.Then the current network security situation is evaluated based on the situation grade assessment table.It achieves a more reasonable division of normal and abnormal data and effectively improves the accuracy of the situational assessment.Finally,to improve the performance of the support vector machine in prediction,this thesis improves the construction method and parameter selection of its kernel function.In this thesis,a hybrid kernel function based on linear combination with the Gaussian kernel and the polynomial kernel is implemented,and the Gaussian kernel bandwidth,polynomial kernel order,and linear combination coefficients in the new kernel function are optimized by using the gray wolf optimization algorithm combined with the genetic operation.At the same time,to make up for the defects in the optimization process of the gray wolf optimization algorithm,this thesis uses the Circle chaotic map to generate the initial gray wolf population and adopts the nonlinear decreasing convergence factor,which greatly improves the optimization performance of the algorithm.Combined with the network security dataset CIC-IDS2017 in real scenarios,this thesis divides 240 experimental samples to verify the proposed method.The experimental results show that the network security situation assessment method based on spectral clustering analysis can reflect the network situation truly and effectively and is more accurate than the traditional clustering analysis.The support vector machine(SVM)situation prediction method based on GA-GWO optimization can realize the prediction of the network situation.Compared with the improved prediction model based on other optimization algorithms,it has higher prediction accuracy. |
PDF Full Text Request