I. Introduction
Along with the network size becomes larger, the structure of network becomes increasingly complex and changeable, so that various network security events emerge in an endless stream, and network security threats also tend to be more diversified, so people pay more attention to the problem of network security. The method to solve security problems of single traditional network is unable to meet the demand. Instead the method to evaluate and forecast the overall situation of network has become a research hotspot in the field of network security. Researches on situation assessment start early and many innovative researches have been made. A network security situation framework is established through multi-sensor data fusion in literature [1]. Literature [2] presents the classical Endsley hierarchical model. Literature [3] puts forward a security situation awareness method for hierarchical network based on IDS alarm logs. Literature [4] presents the network security situation awareness model based on grey Verhulst model. Although above models can give current and past values of network security situation, the network security management is still in a passive state. In order to gain the initiative, network security situation prediction is needed, so as to reduce the data processing pressure of network management, and provide a better basis for decision making. Currently studies on situation prediction are less than those on situation assessment, and classical prediction algorithms include grey model (GM) [5], RBF neural algorithm [6], situation prediction algorithm based on general Kalman filtering [7]. These algorithms can predict the network security situation, but also have some defects. Such as GM(1,1) model is simple and easy to implement, but cannot meet the accuracy requirements of network security situation prediction when the network security situation fluctuates wildly. RBF neural algorithm needs to train the parameters M and N, but for the unexpected network crisis without training samples, predictions cannot be made in time, so it can't satisfy the real-time requirement. General Kalman prediction algorithm makes use of past and current network security situation, and the prediction accuracy is still not high enough, and the adaptability is lacked. This paper selects the key influence factors of network security situation using grey correlation entropy method, and establishes the Kalman prediction model based on the key influence factors. Experimental results show that the algorithm can predict the overall trend of network security situation, and the prediction precision is relatively high. Compared with GM(l, 1) and conventional Kalman method, the algorithm's prediction accuracy is higher; compared with RBF neural network method, the algorithm is more applicable to the real network environment.