Design And Implementation Of Network Security Situation Awareness System

In recent years,with the exponential growth of network information,people enjoy the convenience brought by informatization,but also put forward higher requirements for network security.The research on network security situational awareness has become one of the hotspots in the field of network security.Current security defense equipment can not accurately identify network attack behaviors to judge the network threat status,for the characteristics of network attack activities such as complex subjects,diverse means and large data scale.In view of the serious problems above,a network security situational awareness system with simple operation,rapid analysis,and visual results was designed and realized in this work.The system took the security perception of a company internal network as its specific goal.With the help of the new network security situational awareness technology,it was possible to understand the current network security status comprehensively and predicted its development trend.Human intuitions were also tested and supported more efficiently and scientifically by this system,protecting the vast and complex internal network systems in the company.To design and realize the system,four major work and innovation packages have been completed in our work.(1)The needs of the company internal network security were analyzed,and the overall requirements for the system were put forward.Specific business modules were refined including the specific interaction process between users and the system,the functions provided to different users.To describe the data preparation in detail,network security situation awareness,user information management and other functions to be completed in the system,the UML model was established.At the same time,the non-functional requirements possessed in the system were also analyzed.(2)In response to the company needs for network security,the key technologies required for a network security situational awareness system were discussed.In the situation assessment,the situation assessment method based on the improved fuzzy hierarchy assessment method was used to assess the current network security.Intuitive fuzzy sets were introduced to calculate the weights of security indicators more objectively.This approach made up for the over-reliance on subjective judgments in the traditional evaluation process.For situation prediction,the Sparrow Search Algorithm(SSA)was used to optimize the hyperparameters of Long Short-Term Memory(LSTM).The results shown that optimizing the LSTM prediction model based on the SSA can improve the accuracy of situation prediction further.(3)After choosing key techniques for situational assessment and situational prediction,the system was designed as a whole.In the user management module,the user-role-authority mapping relationship was used to implement role-based user authority management successfully.Users with different roles have different system usage rights.In terms of system function design and implementation,the Spring Boot framework was used to describe the implementation of each function in each module.At the same time,the React framework was used to build the user interface and ECharts was hired to visualize the cybersecurity situation.What’s more,database logical and physical table structures were designed and implemented based on system requirements.(4)After completing the coding work of the system,the test cases were completed to analyze the documents according to the requirements.The actual operating environment was deployed in the company.Then,the system was tested exhaustively according to the designed test cases,and the results were recorded.The system test part mainly focused on the main functions of the three major functional modules of the test system.The response time of each function was tested to meet the performance requirements.After that,it has been verified that the logic processing of each function of the system is correct,and the response time of each function meets user requirements,which can be used by users normally.The system is now running online.