Research on Key Method of Cyber Security Situation Awareness Based on ResMLP and LSTM Network.

Cyber security situation awareness, has become a hotpot of research. However, the existing cyber security situation awareness methods are difficult to extract high-order features from network traffic data. In this work, we present an improved cyber security situation awareness method based on ResMLP and LSTM network from a new perspective. Our work focus on cyber attack behavior analysis, that is a key research content of cyber security situation awareness. It introduces the Residual Multi-Layer Perceptrons in deep learning into the network structure of long-short term memory. It can effectively extract the spatial and temporal characteristics of network traffic data, reduce the computational complexity, and improve the accuracy of cyber security situation awareness. Firstly, we extract the spatial features using the ResMLP network. Secondly, we extract the temporal characteristics using the LSTM network. The architecture of the ResMLP network replaces the self-noticing layer with a linear interaction layer, and this design architecture allows the model to guarantee accurate cyber attack behavior analysis performance while balancing the computational cost of the model, which can improve the detection efficiency of the model. Considering that the network data are fed into the model in the form of time series after processing, the model incorporates LSTM networks to avoid the gradient problem while better bringing up the temporal characteristics in the data.The experimental results show that the proposed method can model the future cyber security situation in a network environment more accurately than other similar methods. [ABSTRACT FROM AUTHOR]