Research And Implementation Of Network Security Situation Awareness Model Based On Deep Learning

With the rapid development of computer technology,network security incidents occur frequently,and network attacks are becoming more and more rampant.Traditional security defense technologies are relatively passive,difficult to deal with unknown attacks,and lack of connection with each other,which has certain limitations.Situational awareness has been a popular direction in the field of network security in recent years.It monitors and comprehensively analyzes security incidents and attack behaviors in the network,evaluates the risks existing in the information system and predicts the future security status of the system,realizes the security management of the information system,and helps administrators take corresponding security measures.At present,the common network security situation awareness architecture is based on Markov theory to complete element collection and situation assessment,and then realize situation prediction through deep learning related models.However,this type of model still has some limitations in the detailed implementation.Most of the network situation assessment methods are too hierarchical and differentiated,which cannot well reflect the impact of the underlying data on the situation.Some situation prediction methods based on deep learning models also have the problem of insufficient feature extraction capabilities.In addition,the selection of input data and other issues will also affect the accuracy of situation prediction results.In order to solve these problems,this paper designs and implements a network security situational awareness model based on deep learning.The main research contents and contributions are as follows:(1)A situation assessment model based on hidden Markov and scalable security incident propagation network is proposed.Through hidden Markov,the security situation changes of the information system in the time series are determined;by building Scalable Security Incident Propagation Network,security incidents are no longer used as a single situation assessment indicator.Instead,the network topology and node vulnerability are included in the assessment scope,which enhances the correlation between security incidents and each node in the information system;Based on the Scalable Security Incident Propagation Network,the corresponding node weight distribution algorithm is proposed,which accurately reflects the impact of the node’s level in the network on the overall situation,and realizes the security situation assessment of the overall network.The experimental results show that after matching the corresponding information system network topology by appropriately changing the scaling step size,the evaluation results of the model have certain accuracy and usability;(2)Propose a security situation prediction model based on Improved Long Short-Term Memory.By considering the impact of additional factors on the situation prediction results,the data structure of the input layer of the model is designed and changed,and the weights are assigned to different feature factors in the sequence by adding a self-attention layer to the LSTM model,which improves the accuracy and stability of network security situation prediction.The experimental results show that the model is superior to the current common benchmark models in the field of deep learning in terms of training convergence speed,model loss rate and model error performance,and has certain accuracy and usability.