| With the rapid development of the Internet and the network technology, the attack means and methods are becoming more complex, and various types of attack are emerging one after another. The existing security measures cannot guarantee the security, the reliability and the normal operation of the network system. In order to deal with the issues that the traditional security technology difficult to face with, Network Security Situation Awareness(NSSA) is put forward, so as to solve the problems of single data source, high false alarm rate and so on. NSSA enhances the dynamic understanding abilities for the network security situation and ensures the safe operation of the network environment. So far, there were a lot of research methods on NSSA had been studied and many fairly good results had been obtained. However, some key problems in NSSA are still needed to be solved, such as model, multisource data collection, multisource fusion, situation awareness and control. Take the above-mentioned problems into consideration, we focus on the awareness and control mechanism of network security situation based on multi-source fusion and the related technologies are also studied in detail.Firstly, a network security situation awareness-control model based on multi-source fusion is constructed. The existing models that are difficult to integrate multi-source data and situation control functions effectively. As a result, there are shortcomings in the aspects of applicability and management. Therefore, network security awareness-control model is researched based on multisource fusion, and the model and module process are described in detail. In view of the diversity of the data sources, multisource data are collected and the preprocessing sub module is designed. According to the uncertainty and conflict of multi-source data, multisource fusion module based on Ant Colony Optimization Dempster-Shafer(ACO-DS) fusion rule is designed, which has the advantages of D-S evidence combination rule for processing the uncertainty problems and the optimization ability of ACO algorithm. Meantime, the situation awareness and control mechanism is added, and control module based on situation awareness is configured. Then, a closed loop feedback structure is formed by the data acquisition, the data fusion and the situation awareness-control.Secondly, a multisource fusion method based on ACO-DS is studied. The data collected from heterogeneous sensors has problem of inconsistency in format, the data are needed to be standardized and normalized for ensuring its format inconsistency. Meantime, take the data dimension and quantity into consideration, a data feature selection method based on the back-propagation(BP) neural network is proposed. Redundant and useless data attributes are deleted by the proposed method. Then the multisource data integration method is studied. In order to meet the demands of accuracy, real-time and robustness in multisource data fusion, ACO-DS fusion rules is proposed with the improved D-S evidence combination rule. It can fuse multisource data in an efficient and accurate manner.Finally, a network security situation regulation approach based on situation awareness is discussed including the situation awareness module and the control mechanism module. According to the scale and the level of network, the hierarchical NSSA model is put forward incorporating with four levels, such as the attack, the service, the host and the network. Then, the security situation can be perceived from the part to the whole, and the situational awareness curve is generated in different levels accordingly. Meanwhile, the situation control mechanism based on Current Situation Value(CSV) is put forward according to the current threat value. Furthermore, the data attributes containing threats are analyzed, and the attributes suffering from attacks is processed at the same time. According to CSV, the close-loop feedback structure is formed and the self-regulatory capability of network security is improved. |
PDF Full Text Request