Network Security Situation Assessment Combining Hypergraph Convolutional Network and Improved Traffic Anomaly Detection Model

In response to the problems of complex data and insufficient correlation analysis in current network security situation assessment, this paper studies the combination of hypergraph convolutional network and improved traffic anomaly detection model. Firstly, Netflow, Snort, and Suricata detectors are utilized for network traffic monitoring and anomaly detection. By analyzing the correlation between selected network characteristics, the nodes and edges in the hypergraph are defined. Based on the complex interaction relationships between entities in the network, a hypergraph model is designed to determine the optimal node weights and connection patterns. Then the constructed hypergraph is input into the hypergraph convolutional network. Advanced feature representations of nodes are learned through the model, and network parameters are adjusted to achieve optimal extraction results. The information extracted by the hypergraph convolutional network is input into the support vector machine, and the accuracy of intrusion detection is improved through boundary partitioning. Finally, a hierarchical network security assessment system is adopted, covering three dimensions: service layer, host layer, and network layer. Simulated attack experiments are conducted for each layer to assess the network security situation of the three-layer architecture and the detection data of three detectors during the same time period. The experimental results indicate that the detection accuracy of the three detectors is 86.4%, 84.1%, and 81.3%, respectively.