Research On Network Security Situation Assessment Model Based On Dynamic Bayesian Network

The scale of information systems is increasingly large and the connection is complex.Network attacks against key information infrastructure are continuous.Realtime assessment of the network security situation of large-scale and complex information systems is an urgent problem that the industry is facing.Most of the existing situation assessment models are built based on known vulnerabilities and CVSS scores,but most of the known vulnerabilities are blocked by network security boundary protection devices,resulting in poor applicability of the model and inaccurate identification of risk categories;At the same time,model algorithms generally have situations where the inference time is too long and difficult to apply in practical situations when the scale of information systems is too large.To solve the above problems,a new network security situation assessment method is proposed.The dynamic Bayesian network is used to infer the overall situation of the network,evaluate the possible attack location,identify the attack type using the Bayesian Transformer,and give the corresponding parallel scheme.First,based on the residual risk theory,the dynamic Bayesian network is combined with the attack graph,and the structural model is constructed based on the trust relationship between hosts,residual risk description,firewall protection strategy and other information.The parameter model is constructed using the graded protection evaluation unit score and the biased quantification theory.Time variables are introduced to expand the static Bayesian network into a dynamic Bayesian network,and the risk probability of each node is inferred in real time.Secondly,the Transformer model for risk category recognition is optimized,and a Bayesian Transformer model based attack category recognition method is proposed.Bayesian theory is introduced to estimate the posterior distribution of parameters in the self attention mechanism layer,feedforward layer,and embedding layer in the model,thereby improving the accuracy of network attack recognition.Finally,the parallel analysis of the direct computing reasoning algorithm and the Bayesian Transformer model of the dynamic Bayesian network is carried out.The parallel improvement is carried out from different levels,and the parallel operation on the GPU is used to speed up the calculation.The comparative experimental analysis results show that this method can effectively identify the degree of risk and types of network attacks in information systems,and significantly reduce the inference operation time within the accuracy error range of the prediction results.Compared to the serial algorithm,which achieved an acceleration ratio of 2.65 and 3.902 on two types of models,the accuracy(PRE),detection rate(TPR),and F1 score achieved 97.9%,97.4%,and 97.4%,respectively,It has good practical value for real-time situation analysis of large-scale information system network security.