A Network Security Situation Analysis framework based on information fusion

摘要

With the rapid development of the Internet, the network structure becomes larger and more complicated and attacking methods are more sophisticated, too. To enhance network security, Network Security Situation Analysis (NSSA) technology is a research hot spot in the network security domain. But at present, the NSSA framework and model which not only analyze the affected results of the network security but also the process how the network security is affected are less. In this paper, a novel NSSA framework is presented. The framework includes two parts: calculate the Network Security Situation Value (NSSV) and discover intrusion processes. NSSA quantitative assesses the impact on network security caused by attacks upon Analytical Hierarchy Process (AHP) and hierarchical network structure. Based on attack classification, intrusion processes discover the process how network security is affected. At last from the experiments results, NSSV exactly changes as attacks take place and the accurate intrusion processes are discovered. The applicability of the framework and algorithms are verified.