Abstract:
Security situational awareness has become a hot topic in the area of network security research in recent years, which attracts the interest of more and more domestic and foreign researchers. The existing security situational awareness methods are analyzed and compared in detail. Considering the characteristics of multi-source information in network security research, a new network security situational awareness model based on information fusion is proposed. This model fuses multi-source information from a mass of logs by introducing the modified D-S evidence theory, gets the values of nodes security situational awareness by situational factors fusion using attacks threat and vulnerability information which network nodes have and successful attacks depend on, computes the value of network security situational awareness by nodes situation fusion using service information of the network nodes, and draws the security-situation-graph of network. Then, it analyzes the time series of the computing results by ARMA model to forecast the future threat in network security. Finally an example of actual network datasets is given to validate the network security situational awareness model and algorithm. The results show that this model and algorithm is more effective and accurate than the existing security situational awareness methods.