Elsevier

Computers & Industrial Engineering

Volume 125, November 2018, Pages 764-775
Computers & Industrial Engineering

Study on network security situation awareness based on particle swarm optimization algorithm

https://doi.org/10.1016/j.cie.2018.01.006Get rights and content

Highlights

Abstract

The research of network security situation assessment has made great progress, but with the advent of the era of big data, the results of these studies show its limitations and shortcomings, it is difficult to meet the network security under the big data environment needs. Aiming at the network security situation awareness in large data environment, the network security situation awareness index system is firstly established, and the index factors are selected and quantified, and then the situation value is calculated to construct the network security situation awareness system. For the selection and quantification of index factors, we select multi-source data in large data environment, and propose a parallel reduction algorithm based on attribute importance matrix to reduce data source data attributes. For the calculation of the situation, the traditional wavelet neural network learning method is easy to fall into the local minimum, the wavelet neural network parameters are optimized by particle swarm algorithm, and then the wavelet neural network based on particle swarm optimization is applied to calculate the situation value. The simulation results show that the algorithm has fast convergence speed and good fitting effect.

Introduction

With the wide application of big data, big data resource of the country is faced with various security threats and domestic factors, concerning the national economy, social stability, national security interests data resources once hostile forces at home and abroad use will cause data loss, tampering, and destruction (prism incident, SONY video), means a sovereign state digital signals can keep national security loopholes (Ropeik & Gray, 2002). In our country, the security situation under the big data environment is very serious. This is because one is the network infrastructure and basic hardware and software system (server, database and other related products to foreign monopoly) heteronomy; two is the site and application vulnerabilities, backdoor three network attacks emerge in an endless stream; is more abundant, the terminal malware, malicious code is a hacker or hostile forces against large data platform, one of the main means to steal data.

At present, more and more network attack is started from the terminal, the terminal penetration attack also has become the main form of cyber warfare between countries, and aiming at large data platform for advanced persistent threat (APT) attack is also very common. Therefore, the network security state under the big data environment potential for effective perception, evaluation and prediction where is the primary security big data resources security.

The research of network security situation assessment has made great progress, but with the advent of the era of big data, the results of these studies show its limitations and shortcomings, it is difficult to meet the network security under the big data environment needs, embodied in: one is to predict the existence of “threat of attack intention path prediction.” the lack of motivation to predict defects. Two, there is a lack of network security situation assessment method aiming at data protection in large data environment. Three, the effective network attack and defence Countermeasures results evaluation methods are lack.

Based on the above reasons, this paper intends to study the technology of network security situation assessment in large data environment. The innovation points are shown as follow:

First, the evaluation method of network security situation under the big data environment: first, to establish a network security situation evaluation index system for the selection and quantification of factors, then the situation value calculation to build the network security situation assessment system.

Second, the selection and quantification of index factors. In this article, we select multi-source data in large data environment. In order to ensure the unity of multi-source data in quantitative, an attribute reduction data parallel algorithm of attribute importance based on matrix is proposed. And then, the fuzzy evaluation method is used to evaluate the attributes after data reduction, and then make the two reduction, and then process the reduced data to achieve the unification of multi-source data.

Third, for the calculation of situation value, a method of situation value calculation based on particle swarm optimization is proposed. The scheme is to establish the wavelet neural network, determine the position vector of the particle swarm, initialize the position vector of each particle and randomly generate the velocity vector; update each particle's position and speed values, and calculated after each iteration of fitness value; repeated training, until the particle swarm global optimal fitness value is less than a predetermined value, and finally get the global optimal solution, output calculation of wavelet neural network.

Section snippets

Related research work

Network security situation, factor extraction and security situation assessment are the core contents of network security situational awareness; the research status and problems of these two aspects are as follows.

Network security situational awareness concept

Prediction of situation awareness in the origin of the thoughts of ancient military confrontation in the enemy offensive and defensive posture, the technique was used for the first time in space flight due to pilot study, by observing the flight scene, carries on the understanding to meet the situation and make timely response and decision according to the specific circumstances, this series of activities constitute the framework of consciousness in the pilot in the brain, then in the field of

Situation factor extraction based on parallel reduction

Network security situation element extraction is the key to accurately find the abnormal information in the network, extract the essence of situational factors is an attribute selection process, namely the reduction algorithm to remove the redundant attributes, to extract the essential factors of network security situation information network. Network information completely situational factors has the characteristics of large amount of data and the attribute number and different types of

Network security situation value calculation

The steps of network security situation assessment are as follows: firstly, the network security situation evaluation index system is established, and then the situation value is calculated, thus the network security situation evaluation system is constructed. Based on the established evaluation index system, this paper studies the calculation method of situation value, including two parts: the selection and quantification of index factors and the calculation of situation value.

For the

Fuzzy wavelet neural network model

With the actual situation of uncertain fuzzy system theory can be used (0, 1) between the exact number of expressed, this is mainly used for the risk assessment of uncertain input into wavelet neural network input. Neural network has self-learning, adaptive and fault tolerance features of (Hou, Wang, Gao, Hou, & Wang, 2017). Wavelet neural network, wavelet transform and neural integrated network, the basic element and the whole structure on the basis of the theory of wavelet analysis, can

Fuzzy processing of input layer

Wavelet neural network input for quantitative data, information systems for the situation assessment, situation factors index is usually uncertain data, generally described by the qualitative method. Based on this reason, this paper uses fuzzy evaluation method to quantify (Jia et al., 2016, Li et al., 2016). Model analysis fuzzy system of situational factors as the input indicators qualitative situation elements, the output of fuzzy system for the distribution of situational factors (0, 1) in

Article swarm optimization algorithm

The set particle is searched and positioned in a D dimensional target search space, and finally the optimal solution is found. The population consists of M particles, (Zhang, Peng, & Du, 2012). The particle is represented as a vector of D dimensions Xi=(xi1,xi2,,xiD), whose speed is Vi=(vi1,vi2,,viD) (i = 1, 2, m). It is brought into its objective function, and the fitness is calculated, and the merits of each particle are measured according to the size of the fit. The optimal position of

Wavelet neural network algorithm based on particle swarm optimization

The traditional wavelet neural network has the ability of self-learning and adaptive (see Dou, Ji, & Gao, 2016; Dou, Ji, & Gao, 2016; Pan, Deng, & Zhang, 2013; Pan, Deng, & Zhang, 2013, and so on), but it is very easy to fall into local minimum, the low success rate of the search, the network training error is large, slow convergence speed, cannot get the global optimal solution Yildiz (2012). This paper uses particle swarm optimization wavelet neural network, to overcome the shortcomings of

Experimental data set and environment

In this paper, the experimental data from the data set of NSL-KDD data sets, NSL-KDD data set is refined data sets of KDD99 data set, which contains 41 attributes and 1 tag attributes, attribute: Probe, DoS, U2R, R2L and Normal in five types of experimental environment: Microsoft Windows7 operating system, 500 MHz processor, 512 MB memory, experimental tools include: ROSETTA, MATLAB2010a, WEKA3.9.

Performance index

In this paper, the recall rate and false alarm rate (as the evaluation index of detection

Conclusion

In this paper, the evaluation of network security situation in large data environment is studied. The method of situational factor extraction and situation value calculation is put forward and validated.

In the situational factor extraction method, by analysing the factors of network security situation presents a parallel reduction algorithm based on attribute importance matrix, this method solves the problem of classical rough set model can only handle small amounts of static data in the

Acknowledgements

Authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped, improve the quality of this study. This work was supported in part by The National Natural Science Fund under Grant No. 61672206 and supported in part by Hebei Science Supported Planning Projects No. 17K50703D and No. 15214706D.

References (30)

  • X.Z. Chen et al.

    Quantitative hierarchical threat evaluation model for network security

    Journal of Software

    (2006)
  • Endsley, M. R. (1988, October). Design and evaluation for situation awareness enhancement. In Proceedings of the human...
  • Endsley, M. R., & Rodgers, M. D. (1994, October). Situation awareness information requirements analysis for en route...
  • Jia, X., Liu, Y., Yan, Y., & Wu, D. (2016). Network security situational awareness method based on...
  • D. Li et al.

    Situation element extraction of network security based on Logistic Regression and Improved Particle Swarm Optimization

  • Cited by (56)

    View all citing articles on Scopus
    View full text