An evaluation method of network security situation using data fusion theory

Network security situation awareness can effectively grasp the macro-security situation of the network, but the evaluation process still face problems such as single data source and big accuracy deviation. Therefore, this paper proposes a network security situation awareness model and method based on D-S theory. Using PCA clustering, the model preprocesses alarm information and eliminates useless alarm information to reduce time costs in evaluation. Based on improved D-S evidence theory, multi-source alarm data fusion rules are established to improve accuracy in event detection. Three situation awareness indicators of vulnerability, threat, and asset importance are set up to quantify the situation indicators and form an intuitive situation display. The experimental comparison analysis indicates that the model proposed herein can accurately assess the network security situation. © 2020 Totem Publisher, Inc. All rights reserved.