| Network security situation awareness is a brand-new security concept.This technology can integrate data collected by network monitoring equipment,and at the same time use data mining,deep learning and other related technologies to provide security situation assessment and risk prediction for the network environment.In addition,the reasonable use of network security situational awareness is expected to break through the embarrassing situation of the traditional network security system fighting independently and only being able to defend passively,thereby promoting the entire security system to more proactively capture situational elements,evaluate and predict situational conditions.As security data gradually exhibits multi-source and heterogeneous characteristics,currently,situational awareness solutions including data collection,data association,situation analysis and other processes are difficult to deal with complex security data,and there are existing visualization systems for deploying such situational awareness solutions.The problem of "emphasizing perception and ignoring presentation".Therefore,in the process of evaluating and predicting security data using a visualization system,the system may not be able to present valuable information to users,which affects the application and promotion of situational awareness systems to a certain extent.To address the above issues,the main contributions of this thesis are as follows:First,the overall process of network security situational awareness is described,which is divided into three stages: data integration,data analysis and data presentation.In the data integration stage,the collection and cleaning process of network security data is outlined.In the subsequent data preprocessing process,aiming at the association organization method of data,an entity recognition model and an entity relationship extraction model based on knowledge graph are proposed to improve the reliability of security data and data processing efficiency,and the proposed method is verified.Secondly,in the data analysis stage,the framework of the situation assessment method based on the Bayesian attack graph is introduced,and the assessment indicators and quantification standards of the situation elements are briefly described.At the same time,a situation prediction method based on Self-Attention and GRU is proposed to solve the problem of "the lack of correlation between the key information of the past moment and the current moment" in the previous situation prediction scheme,and the method proposed in this paper is compared and verified with the previous scheme.Finally,in the data presentation stage,in view of the problems existing in the traditional network security visualization platform,the requirements of each functional module are analyzed,and combined with Web development technology,a network security situational awareness visualization with complete functions,strong user interaction,friendly visual experience,security and stability is designed platform.Some functional modules were displayed and tested,and the test results indicated that they could meet the predetermined performance standards. |
PDF Full Text Request