Design And Implementation Of Situation Awareness System Based On Machine Learning

In recent years,our country’s information and communication technology has developed vigorously,and the scale of the Internet network has increased to an unprecedented level.With this comes the security threats that network assets and data face all the time.The development of information technology and the Internet has made the network environment more and more complex.The open network environment has become a breeding ground for hackers.The variability of information system access methods makes it more difficult to detect network attacks.Network security incidents happened in enterprise and institution are endless.The situation of network security protection is getting more and more serious.The existing situational awareness system is mainly based on the analysis of the association rules of the situational element indicators.Each association rule can only match a specific network attack.It is necessary to manually add rules in order to deal with dynamically changing network attack methods,and its scalability and flexibility are weak.The situational awareness system based on machine learning can establish an end-to-end mapping model of situational elements and perception results.The situational awareness is highly accurate.Expanding the data set can expand the types of network attacks that can be identified,and the data-driven supervised learning method does not need to be highly dependent on network security domain knowledge like traditional association rule analysis methods,which can reduce the development and maintenance costs of situational awareness system.This paper proposes a security situation awareness system based on machine learning.Based on the integration of network security elements,it evaluates and predicts the network security situation in real time from a macro perspective,and provides a basis for the decision analysis of network security administrators through an intuitive and comprehensive situation visualization interface.The situation assessment method proposed in this paper uses the self-attention mechanism to extract the timing related information of situation elements and use the conditional random field to calculate the timing global optimal situation value sequence,which effectively improves the recognition recall rate of high-risk attacks and the recognition accuracy of high-frequency attacks;The situation prediction method is aimed at the time-consuming problem of serial data processing of LSTM model.It implements parallel calculation by eliminating the dependence of LSTM gating unit on the historical hidden state and uses a custom Cuda kernel function to reduce program data movement overhead and running delay.Experiments prove the situation The prediction model can converge quickly,the model’s single training time is reduced by 25%compared with LSTM,and it has better prediction accuracy under the same running training time;the situation awareness system implemented in this paper can collect security equipments’event logs data,transmission equipments’flow connection data and equipments’hardware status data,applicating the situation assessment and prediction methods to perceive the network security situation,the system user interface intuitively displays various network operation indicators and security situation assessment and prediction results in the form of charts,and provides query,filter and sort functions of data.