The Research And Realization Of Adaptive Prediction Technology On Network Security Incidents

With the increasing number of attacks in large-scale networks, massive alerts have been generated by networking security infrastructures, such as firewalls, intrusion detection subsystem, etc. It brings difficulties to administrators on security and safety situation awareness, and the corresponding measures could not be taken timely. Therefore, it becomes a hot spot issue of network security research that how to evaluate the network security situation efficiently. Network security situation assessment can be categorized with three-levels: the acquisition, analysis and prediction. As an important element, network security situation prediction also begins to attract more attention.Network security incident is the abnormal activity form threats against the online application, which usually reflected in a variety of network alarm data generated by security devices and security log data generated by various applications and in the main current are IDS alerts. On the requirements of Prediction of network security situation, this paper will get the frequency of network security incidents as objects of prediction. Traditional prediction methods trying to set a single global prediction model, but as the kind of network security incidents is diverse, its data model is partial and multi-mode. In this paper, we will analyze a type of network security incidents or specific network security incidents, its frequency - that is, the number occurring in a period of time - has distinct temporal characteristics, and is non-linear. There are researches showing that the series data are chaotic time series. This paper will use the chaotic time series analysis methods analyzing and predicting it.As each model is usually ask the user with relevant expertise and can configure the model parameters based on the application environment to achieve better prediction results, to some extent it limited the application of prediction techniques. This article uses an intelligent optimization algorithm to optimize the prediction model parameters, making the model to automatically find the optimal parameters without relying on user pre-set and do the best prediction. The main contents are as follows:1) Using appropriate time series prediction methods predict the frequency of network security incidents.2) Using intelligent optimization algorithms optimize time series prediction model. Genetic algorithm is a general algorithm to solve the search problem, it can be used for a variety of common problems, but it may be too early to converge to the local best value. This paper presents an improved adaptive genetic algorithm, by improving the crossover and mutation operators, making the crossover and mutation probability function changes according to the individual fitness. Comparative experiments show that the improved genetic algorithm can ensure the evolutionary direction and speed up the convergence. 3) Finally, design and realize an adaptive prediction system for network security incidents using B/S structure. The system has multi-dimensional and multi-model prediction capabilities of network security incidents, and needn't user to configure model parameters, the practical application results show that the prediction accuracy of the system achieved a relatively good prediction results, the prediction results can be used as an important basis for important decisions and network defense support.