Abstract: In order to improve the network security situation assessment performance, this paper proposes assessment model（KNN-SVM） which integrates the K Nearest Neighbor with Support Vector Machine. The network security data set is input to the Support Vector Machine to learn and finds support vector set. When the distance between the sample of network security situation and the optimal classification hyper plane is bigger than threshold, the Support Vector Machines are used to assess the network security situation, otherwise the K Nearest Neighbor is used to assess the network security situation to solve the defects and  reduce the error rate of SVM. The simulation results show that, compared with the single SVM, KNN-SVM improves network security situation assessment accuracy and has more stable performance.

Key words: network security situation, Support Vector Machine（SVM）, K Nearest Neighbor（KNN） algorithm, index system

摘要： 为了提高网络安全态势评估性能，提出一种K近邻和支持向量机相融合的网络安全态势评估模型（KNN-SVM）。将网络安全数据集输入到支持向量机学习，找到支持向量集，对于待评估网络安全态势样本，计算其与最优分类超平面间的距离，如果距离大于阈值，采用支持向量机进行网络安全态势评估，否则采用K近邻进行评估，以解决支持向量机对超平面附近样本易错分的缺陷，减少SVM的误判率。仿真结果表明，相对于单独SVM，KNN-SVM提高了网络安全态势评估正确率，而且性能更加稳定。

关键词: 网络安全态势, 支持向量机, K近邻算法, 指标体系