Research On Network Security Situation Assessment Method Based On Knowledge Graph And Graph Neural Network

With the continuous development and application of Internet and mobile communication technologies,network security is increasingly becoming one of the biggest challenges in the Internet era.The increasing importance of the impact of new technologies such as cloud computing,big data,Internet of Things and 5G,as well as the dramatic increase in hardware devices and network systems,which has led to an increasing exposure to network security.In addition,cyber attacks continue to evolve towards trends such as huge scale,complex forms and diversified attack targets,reducing the effectiveness of conventional defense tools against complex cyber attacks.These circumstances lead to the network being exposed to dangerous situations.Network security situation assessment technology is able to assess the current network security situation by acquiring important situation factors in network data,detect and prevent security threats in a timely manner,and thus reduce the impact and loss of security incidents on organizations.Network security situation assessment technology is currently the most popular active defense technology for network security,and has become a research hotspot in the field of network security.Aiming at the problems that traditional network security situation assessment methods are difficult to effectively integrate and extract situation element information and do not fully learn the spatial structure information of features,which leads to limited assessment performance,the main research works are as follows:(1)To address the problems of poor interpretability of assessment results and inefficient extraction of situation elements by current network security situation assessment methods,a network security situation assessment model based on knowledge graph is designed,which consists of data collection layer,data processing layer,graph construction layer and intelligent situation assessment layer.Among them,the graph construction layer and the intelligent situation assessment layer are the core parts of the model.Finally,the corresponding prototype system is designed according to the proposed model,and the structure of the system is described in detail.(2)To address the problem of lacking a unified knowledge description framework for network security situation data with high-dimensional,redundant and heterogeneous characteristics,which leads to large-scale redundant data affecting the efficiency and accuracy of situation assessment,a knowledge graph construction method for network security situation elements is proposed.The method first establishes the ontology of network security situation elements from four dimensions: attack,vulnerability,device and traffic,and then constructs the knowledge graph of network security situation elements based on the ontology,and stores the knowledge graph data in the Neo4 j graph database.Finally,the query efficiency comparison experiments are conducted for Neo4 j,MySQL and Mongo DB databases respectively to compare the query time of different databases for single query and traversal query,and the results show that Neo4 j graph database has the highest query efficiency and stable performance,which can store and query the knowledge graph data efficiently.(3)Since the current network security situation assessment methods ignore the correlation relationship between situation elements,and the assessment process lacks the representation learning of spatial structure information in situation features,which leads to the limited accuracy of situation assessment.Therefore,a network security situation assessment method combining Graph Convolutional Network(GCN)and Multilayer Perceptron(MLP)is proposed.The method first uses GCN to learn the spatial structure features of the situation elements,then uses MLP to enhance the learning of node features for the samples with a small number of category,and finally uses a pooling layer to fuse the node features to obtain the evaluation results.Through comparison experiments,the results show that the proposed MLP-GCN method in the paper outperforms other comparison methods and improves the accuracy of network security situation assessment.