Abstract
In recent years, raw security situation data cannot be utilized well by fully connected neural networks. Generally, a cyber infiltration is a gradual process and there are logical associations between future situation and historical information. Taking the factors into account, this paper proposes a framework to predict network security situation. According the needs of this framework, we improve Long Short-Term Memory (LSTM) with Cross-Entropy function, Rectified Linear Unit and appropriate layer stacking. Modules are designed in the framework to transform raw data into quantitative results. Finally, the performance is evaluated on KDD CUP 99 dataset and UNSW-NB15 dataset. Experiments prove that the framework built with the improved LSTM has better performance to predict network security situation in the near future. The framework achieves a relatively practical prediction of network security situation, helping provide advanced measures to improve network security.
Highlights
Various networks play an indispensable role in modern society
Bayesian Network (BN) and Hidden Markov Model (HMM) are widely used as network security situation awareness methods based on probability statistics
Security situation is related to timeseries data, so Long Short-Term Memory (LSTM) is theoretically feasible for situation prediction
Summary
Various networks play an indispensable role in modern society. In Cyberspace, situation awareness is an important approach to ensure network security. Endsley et al first introduced the concept of situation awareness explicitly in 1988 [1] It is defined as the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning and the projection of their status in the near future. The function of the second layer is comprehension and evaluation, which aims to interpret the extracted data as information related to current network security status. Projection, the third layer of situation awareness, is to predict the evolution of network security situation in the near future, based on current situation information. It is necessary to learn how the network state will evolve and what cyber-attacks may occur This is the aim of security situation prediction. The contributions of this paper are as follows: (1) We propose a framework to predict network security situation, which realizes the transformation from raw data to quantitative results.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have