Exploration of a network security situational awareness model based on multisource data fusion.

With the continuous expansion of the network scale, network technology is also constantly developing. However, with the continuous deterioration of the security environment, the problem of network safety is improving. The traditional single security method has greatly improved the network's stability, but due to the lack of effective cooperation, it becomes increasingly difficult to understand the state changes of the entire network at all times. In such a large environment, research on network security situational awareness can obtain theoretical value and has certain application prospects. The current understanding of cybersecurity situational awareness is not deep enough. Most cases are built in a single-source environment and cannot accurately reflect the perception of attack phases and sequences. To solve this problem, a new model of network safety situation awareness based on multisource data fusion was proposed. The model can effectively perceive the attack stages and sequences and provide an early warning, which is of great importance to improve the network security situation awareness and maintain the network security environment. On the basis of extracting the degree of dissimilarity, in this paper, the fusion-based method is used to generate the attack trajectory, thus forming the multisource data fusion and reconstruction algorithm and finally forming the network security situational awareness model. Compared with the single-source data fusion and reconstruction algorithm, this method has better performance. The final result shows that when the original number of alarms was 1237, after multisource data fusion, the number of alarms was reduced to 124. Moreover, on the basis of multisource data fusion, the detection rate of the number of alarms reached 86.67%, which was 26.67% higher than that of single-source data fusion; the false alarm rate was 5.63%, which was 1.19% lower than that of single-source data fusion. In addition, when using the trajectory reconstruction method to reconstruct the trajectory, the accuracy of the multisource data fusion algorithm was also 1.18% higher than that of the single source, and the completeness also increased by 2.53% compared with the single source. Therefore, the proposed algorithm has higher efficiency, and it is helpful to establish and study the network safety situation consciousness model. [ABSTRACT FROM AUTHOR]