Research On Network Security Situation Awareness Algorithms Based On Deep Learning

With the development of science and technology,applications of internet more and more extensive,the science and technology plays an increasingly important role in people’s products and practices,at the same time,more and more complex network attacks bring new risks and challenges in people’s daily life,even threat person’s development of economy and social.But existing monitoring method can only monitor network singly,which can’t reply more complex and diverse network attacks,the advantages of network security situation awareness which can comprehensively and accurately monitor network make it become key direction of now research.This paper innovatively designs two network security situation awareness algorithms based on deep learning,and establishes corresponding network security situation awareness system,concrete work is as follows.1.Based on CNN and exponentially weighted D-S evidence theory,a network security situation awareness algorithm with multi-source fusion is designed to comprehensively monitor network condition.To construct the algorithm framework,and refine the core module.In the traffic detection module,the traffic detector Netflow and the intrusion detection detector Suricata and Snort are taken as a tool to grab basic traffic characteristics and malicious activity characteristics respectively;in the attribute extraction module,key attributes are extracted by applying statistics method,malicious activities are highlighted by relying on alarm messages;in the decision engine module,CNN as an engine is employed to identify various kinds of attacks,it takes full advantages of convolution kernel to feature extraction and feature fusion,which can promote precisely recognize attacks performance;in the multi-source fusion module,exponential weighted D-S evidence theory is used to effectively integrate the output of each decision engine,to further improve the identification rate of attack types;in the situation assessment module,by virtue of weight coefficient theory to quantify threat level,the hierarchical analysis method is applied to accurately get security situation of the whole network.Experimental results show that: situation awareness algorithm proposed by this paper can improve the accuracy of attack identification which can reach up to 92.76%,it is better than most published research achievements,the improvement of accuracy makes a great impact on accurately calculating and intuitively reflecting security situation of the whole network.2.Based on Adaboost-GRU,a network security situation awareness algorithm is innovatively designed.For ulteriorly elevate attack identification accuracy,decision integration module of frame central link is concerned,the dimension of solving problem is expanded.Decision engine,which uses time dimension as entry point,scientifically chooses GRU as attack identification engine with the help of multiple experiment to construct two layes of GRU network,the algorithm builds on detecting data of Tranalyzer、Snort、Suricata,the output of attribute extraction as input of GRU network,it uses the long and short term memory function of GRU,which fully taps into timing characteristic of traffic to improve attack identification capability.Model integration introduces Adaboost ensemble learning algorithm,improves the fusion effect from two dimensions of sample update and model weight allocation,enhances the weight of misclassified samples to improve attack identification capability by increasing the weight of models with low error rates to realize the adaptive adjustment of model weight.Experimental results show that: Adaboost-GRU algorithm can improve attack identification accuracy to 94.01%,this algorithm achieves accurate calculation of network security situation.3.For visualizing security situation of the whole network,this paper constructs a network security situation awareness system,including user management,traffic analysis,attack analysis,and situation assessment.User management module is mainly responsible for permission setting of user,it can assign different operating authorization for various users;traffic analysis module based on detecting results of different detections employs statistical analysis method to extract core attributes and visualizes traffic data represented by core attributes;attack analysis module instantiates network security situation awareness algorithm based on CNN and exponentially weighted D-S evidence theory,it shows attack identification accuracy of pre-fusion and post-fusion and appears whole attacks distribution from a global perspective;situation assessment module takes hierarchical analysis method as means,accurately calculates situation of service,host and network,real-time displays variation trend of service,host and network situation in different time.This system provides a more accurate and convenient method for network management to monitor network situation and retrospect network attack.