Research On Network Security Situation Assessment Method Based On Deep Learning

With the popularity of the Internet,network technology has been applied to many aspects of life.But at the same time,the network is facing more and more diverse threats,and the harm is more and more serious.Facing the complex network environment,how to effectively solve the network security problem is imminent.Network security situation assessment(NSSA)has become one of the most commonly used and effective solutions.However,traditional methods rely too much on expert evaluation and logical reasoning,and cannot meet the requirements of dealing with massive network traffic and attacks.Deep learning provides a new way to solve the shortcomings of traditional evaluation methods.Firstly,the existing network security situation assessment methods are analyzed and the principle of deep learning and its application in the field of network security situation assessment are described.Besides,the network structure and function of deep autoencoder(DAE)are depicted for subsequent network security situation assessment method based on the deep learning theory foundation.Then,a network security situation assessment method based on deep learning is proposed.A deep autoencoder neural network(AEDNN)model is established to identify various attack types in the network.AEDNN model can classify the current network attacks into binary classification and multi-classification,and take the result of binary classification as the attack probability.The under-over sampling weighted(UOSW)algorithm is designed and applied to the multi-classification of the model,and the multi-classification results of the model are recorded as the attack impact scores.The network security situation value is calculated according to the attack probability and the attack impact score,and the current network security situation level is evaluated based on the situation value.Finally,the test set is input into the AEDNN model,the number of samples identified by the model is counted and the ratio of the number of samples and the total number of samples in the test set is recorded as the attack probability.The number of times each class is predicted by the model is recorded and the impact of each class of attack on the network is analyzed,then the attack impact score is calculated.According to the attack probability,the attack impact score and its predicted times,the network security situation value is calculated,and the network security situation level is evaluated.The experimental results show that compared with other methods,the network security situation value calculated by the proposed method is more consistent with the real situation,which proves the feasibility and accuracy of this method.