Network Security Situation Awareness Method Based On Deep Forest And BiGRU

With the continuous development of Internet technology and network applications,people’s life and social development have gained a lot of convenience,but at the same time,a large number of network security risks have emerged.The traditional network security defense technology mainly adopts passive defense against network attacks,which is unable to comprehensively and timely analyze and manage network security.Network security situation awareness is divided into situation element extraction,situation assessment and situation prediction.Through real-time perception,analysis and early warning of security events and attack behaviors in the network,network security situation awareness has stronger timeliness,adaptability and comprehensiveness,enabling network managers to actively defend the network environment and improve network security defense capability.This paper combines network security situation awareness with deep learning,which can further improve the accuracy and effectiveness of network security situation awareness.The main research contents are as follows:(1)Aiming at a large number of high-dimensional data of network security situation elements in complex network environment,combined with various indicators of network threat,vulnerability,disaster tolerance and stability,carry out reasonable classification and quantification,and finally form a more comprehensive,scientific and effective hierarchical index system of network security situation elements,providing a basis for network security situation assessment and prediction.(2)Aiming at the characteristics of high-dimensional and non-stationary network security situation element data,a network security situation assessment method based on Improved Deep Forest(IDF)is proposed.Firstly,the obtained multi-source situation factor data was fused and quantified into effective features more suitable for intermediate linked forest in deep forest.Then the features are input into the multi-granularity scanning module to extract the features with strong characterization.Finally,XGBoost is used as the base learner to input the feature vector into the cascade forest module after feature optimization for layer by layer training to complete the network security situation assessment.Compared with traditional situation assessment methods,this method can assess network security situation more accurately.(3)Aiming at the problem of accuracy degradation caused by noise information interference and network degradation caused by the increase of network layers in network security situation prediction,a hybrid network security situation prediction model integrating Deep Residual Shrinkage Networks(DRSN)and Bidirectional Gating Recurrent Unit(BiGRU)is proposed.Firstly,DRSN and BiGRU are used to extract abstract spatial features and temporal features respectively.Then the Discriminant Correlation Analysis(DCA)algorithm is used for feature fusion.Finally,it is input into the BiGRU model for network security situation prediction.Compared with traditional situation prediction methods,the proposed method is more effective for network security situation prediction.