Design And Implementation Of Network Security Situation Awareness System Based On Attack Chain

With the advent of the Internet age,the scale and application fields of the Internet continue to expand.Nowadays,the Internet has been integrated into various fields of society,which brings great convenience to people's work,study and life.At the same time,all kinds of network security problems follow.Network attack is more and more frequent,network damage is more and more serious.These network threats show the characteristics of profit-making,strict organization and clear objectives,which greatly hinder the development of social economy and the deployment of national strategy,and gradually evolved into a global focus.In this context,it promotes the development and progress of network security situation awareness technology,and gradually becomes a hot field of network security.Network security situation awareness technology plays a huge role in improving the active defense ability of the network.By comprehensively grasping the network security status and development trend,it can effectively evaluate the possibility of security incidents,and real-time monitor network attacks to alleviate the harm caused by them.The effective combination of network security situation awareness technology and traditional security equipment detection method can discover potential malicious intrusion behavior,improve the network system's counter attack ability and emergency response ability.Based on the study of the network security situation theory of the industry's predecessors,this paper analyzes and designs a prototype system of network security situation awareness based on attack chain,from the collection of basic data to situation assessment,to situation prediction,and finally presents the network situation to the network security officers clearly and intuitively.This paper mainly studies the following three aspects:1.A set of new situation assessment technology is developed,and the situation index system and hierarchy assessment model are established from the perspective of attack chain.The calculation method of attack chain factor is proposed.This paper describes the network situation from six aspects: detection,attack,invasion,early warning,harmfulness and availability,and designs a new method of situation quantification.2.For the purpose of situation prediction,and according to the characteristics of situation evaluation results,a set of prediction method of Elman Neural Network optimized by adaptive Genetic Algorithm is proposed.Due to the relevance of situation assessment results,this paper adopts Elman neural network prediction algorithm,and then makes two-step improvement and optimization.Because ElmanNeural Network prediction adopts the error propagation method of gradient descent,the result is easy to fall into local minimum,so the genetic algorithm with global optimal search ability is used to improve Elman Neural Network.And because the crossover rate and mutation rate of Genetic Algorithm are not very adaptive,the crossover rate and mutation rate of adaptive Genetic Algorithm are designed.In the design of experimental data,the results of one-dimensional situation assessment are divided into multi-dimensional input data and one-dimensional output data according to the way of sliding window.Compared with Elman Neural Network and Genetic Algorithm optimization Elman Neural Network,it is proved that the prediction method of adaptive genetic algorithm optimization Elman Neural Network is more superior and more suitable for the situation prediction studied in this paper.3.On the basis of situation assessment and situation prediction,a whole set of situation awareness prototype system is designed.From the collection of network elements to situation assessment and prediction,the situation of the network is presented on the interface in a visual way.And the system test is completed.