Research On Networks Security Situation Predicting Based On Multi-models Combined By D-S Evidential Theory

As information technology continues to evolve, the scale of the network is greatly expanded and insecurity problems also increase. Although the traditional safety equipment and safety testing method has been widely used, none provides clear information on network security for the network administrators in a macroscopical view. As all important part of network security technology, security situation awareness plays a key role on ultimate decision-making. At present, security situation awareness becomes hot for its research, but is not mature yet. The studies on security situation prediction of it are still in a start. Because of the randomness and uncertainty of the network security, this reduces the accuracy of the traditional single prediction model.In terms of the shortcomings of the single prediction model, the D-S evidence theory is introduced to the network security situation prediction to form a combined multi-model prediction. Because different types of prediction methods have their own characteristics, the paper selected three prediction methods---time series prediction method, gray prediction method and neural network prediction method. First, the three prediction models are established to predict the network security situation and then analyze the results obtained. On this basis, the D-S evidence theory is used to combine the three prediction results to get the weight of each single prediction model in the combination prediction model. Finally, through simulative experiments, the prediction results based on the combination of the three prediction models are obtained. The results show that the results of the combined prediction model are more accurate than that of a single prediction model.In this paper, the combined multi-model prediction method, through a data combination, weakens the effects of each single prediction model on the prediction results. Combination prediction method combines each information effectively. Therefore, combination forecasting model is more comprehensive than single model, in some extent, compensate for the limitations of single model. There is no limit to the number of single prediction models, so the model expandability is much better.Network security situation prediction involves a very wide range of knowledge. This paper only focuses on the study of combined multi-model prediction. Future study will be given to the choice and optimization of single prediction models. Further study also will be given to the optimization of the combined algorithm. Through the study of network security situation prediction, administrators can have a better understanding to the security trends and patterns in order to make the correct security policy and better improve the network security performance.