The accuracy of historical situation values is required for traditional network security situation prediction (NSSP). There are discrepancies in the correlation and weighting of the various network security elements. To solve these problems, a combined prediction model based on the temporal convolution attention network (TCAN) and bi-directional gate recurrent unit (BiGRU) network is proposed, which is optimized by singular spectrum analysis (SSA) and improved quantum particle swarm optimization algorithm (IQPSO). This model first decomposes and reconstructs network security situation data into a series of subsequences by SSA to remove the noise from the data. Furthermore, a prediction model of TCAN-BiGRU is established respectively for each subsequence. TCAN uses the TCN to extract features from the network security situation data and the improved channel attention mechanism (CAM) to extract important feature information from TCN. BiGRU learns the before-after status of situation data to extract more feature information from sequences for prediction. Besides, IQPSO is proposed to optimize the hyperparameters of BiGRU. Finally, the prediction results of the subsequence are superimposed to obtain the final predicted value. On the one hand, IQPSO compares with other optimization algorithms in the experiment, whose performance can find the optimum value of the benchmark function many times, showing that IQPSO performs better. On the other hand, the established prediction model compares with the traditional prediction methods through the simulation experiment, whose coefficient of determination is up to 0.999 on both sets, indicating that the combined prediction model established has higher prediction accuracy.

As the network environment gets increasingly complicated, network security [

The traditional methods for situation prediction are time-series analysis, gray theory, etc. Time-Series Analysis is a method that arranges situational data from different periods according to their chronological order. It can fully explore the potential interdependence law between the situation data and use it to establish a dynamic model to achieve real-time monitoring and prediction of the situation data. This method is a quantitative prediction, and the principle is relatively simple. Suppose the situation has some potential connection with the previous times. In that case, the situation in the past N periods can be used to predict the situation in the following period. Commonly used models are Moving average (MA), Auto-Regressive (AR), and hybrid models. Li et al. [

In recent years, artificial intelligence has been introduced by all walks of life as the direction of industry development, without exception for NSSP. The application of neural networks to the NSSP field has been the current focus of researchers. Compared to conventional approaches, the neural network efficiently approximates and fits nonlinear time sequence data and produces promising scenario prediction outcomes. Preethi et al. [

Based on the above analysis, studying NSSP is significant to information security. As a computer research branch with a late start of development, many problems still need to be solved.

The existing data are from the natural environment, the data are time series, and there is noise, while there are correlations and essential differences between network security factors.

A single prediction model, which cannot thoroughly learn the characteristics between the data, has a poor prediction effect.

The problem of difficult model hyperparameter selection for NSSP using neural networks and the significant impact of hyperparameter selection on model effectiveness.

To more thoroughly investigate the relationship between different network security components and situation prediction, a model of NSSP based on the TCAN-BiGRU optimized by SSA and IQPSO was proposed in this paper. Considering that multi-attribute security indicator data were used as data support in this paper, the network security situation data sequence was decomposed into a series of subsequences by SSA. In addition, the IQPSO was adopted based on the TCAN-BiGRU to determine the network hyper-parameter, further improving the model’s performance. The main contributions made in this paper are as follows:

The network security situation data sequence was decomposed and reconstructed into a series of subsequences by SSA to mine the correlation between data to eliminate noise and improve the prediction accuracy to the maximum extent.

TCAN-BiGRU was established. The improved CAM was combined with the temporal convolution network (TCN) to highlight the features significantly influencing the situation value. BiGRU network can further learn the before and after state of the data. Combined models can better learn the features of network security situation data and improve prediction accuracy.

The hyperparameter of the network model was optimized via the IQPSO to improve the model’s prediction accuracy and reduce prediction errors.

Other sections of this paper are as follows: Section 2 details the overall arrangement of this paper and the methods proposed in each section. Section 3 describes the improvement of quantum particle swarm optimization and the application of hyper-parameter optimization. Section 4 discusses experiments and results. Section 5 summarizes the work herein and expectations for future work.

For the purpose of better understanding the variations in correlation and significance between various network security elements, this research suggests a security scenario prediction model based on TCAN-BiGRU optimized by SSA and IQPSO. The SSA input layer, the TCAN encoder layer, and the BiGRU network prediction layer comprise most of the network model in this model.

In 1978 [

Embedding

The security data from the China National Computer Emergency Response Technology Coordination Center (CNCERT/CC) [

Decomposition

SSA adopts singular-value decomposition (SVD). In the defined matrix

Let

Grouping

The subscript set

Reconstruction

The reconstruction is mainly performed by the diagonal averaging method, which converts each matrix

The original sequence

The TCAN encoder layer is the superposition of the three-layer temporal convolution neural (TCN) network module and the channel attention module. Its structure is shown in _{k} _{d}_{1}_{2}_{,} and _{3}

Bai et al. [

This paper introduced TCN into NSSP. When its causal convolutions are used, it may successfully guarantee that information about the current situation is not “leaked” from the future to the past, maintaining the accuracy of the data. Using dilated convolutions can enable TCN to receive more comprehensive historical data with fewer layers and a more extensive receptive area. Network overfitting may be successfully stopped using the ReLU activation function, Dropout, and identity mapping network. Specifically, assuming that for a 1D sequence with an input of

As the TCN’s receptive field depends on the network’s depth (

In reality, there is much redundant information in the time sequence information of network security situations. The performance of extracting model information will be disturbed if the redundant and essential information is equally treated. The attention mechanism has been one of the mainstream methods and research hotspots in current deep learning. It has been extensively used in various domains, including natural language processing, picture recognition, voice recognition, and other fields. The CAM is often used in computer vision to extract the mutual information between channels. The TCN herein is 1D convolution. As a result, the CAM should be improved. As shown in ^{th} layer. ^{th} layer of the network. ^{th} dimension channel of the output feature map.

The output features _{i}_{i}

The BiGRU network prediction layer mentioned herein comprises three layers bi-directional gate recurrent unit (BiGRU) network. The number of neurons in the three layers is ln1, ln2, and ln3, respectively. All three layers BiGRU network are used to learn the before-and-after relationships of the network security situation. However, it is difficult to thoroughly learn the before-and-after relationships by relying only on a single-layer BiGRU network. Deepening the number of neural network layers can make the learning more adequate and improve the model prediction accuracy. Meanwhile. to avoid overfitting, a dropout layer was introduced after each layer BiGRU network to improve the neural network’s performance. Its structure is shown in

The gate-recurrent unit (GRU) [_{t}_{t}

where, _{t}_{t−}_{1} and _{t}

The calculation equations for the GRU network are:

In NSSP, the network’s current state is related to the before and after state. The state information from after to before cannot be obtained if only TCAN is used. The BiGRU network was introduced herein to improve the prediction effect for NSSP.

BiGRU is formed by the forward and reversed superposition of GRUs. Its structure is shown in

To determine the hidden layer status output

The TCAN-BiGRU model proposed herein adopts the Ranger21 optimizer algorithm [

Particle swarm optimization (PSO) is a population-based optimization algorithm [_{1} and _{2} are learning factors. _{1} and _{2} are two random numbers within the [0, 1] range. ^{th} particle. ^{th} particle. ^{th} particle, and the optimal fitness value in that position.

It is simple to slip into the local optimum trap because of classical PSO’s lack of randomization in particle location changes. In order to maximize the unpredictability of particle location by eliminating the traveling direction characteristic of particles, Sun Jun introduced quantum particle swarm optimization (QPSO) [

The wave function ^{th} particle. Equation provides its formulation _{j}

Initializing a population randomly in the typical quantum particle swarm optimization leads to a swift fall into the optimum local solution trap. It has a slow rate of convergence. With logistics mapping, the population is started in a chaotic order. In order to increase the efficiency and convergence rate of this method, the optimized variables are handled with the ergodicity of chaotic motion for optimum solution search.

The Logistics mapping is as follows:

The genetic algorithm is the source of the crossover operator. In the genetic algorithm, the crossover operation is used to exchange information between the chromosomes’ genes to keep good genes and allow them to develop into better genes. To broaden the population and enhance the algorithm’s ability to leap out of the local optimum, the longitudinal crossover operator was added to the QPSO in this study.

An arithmetic crossing between two distinct dimensions of a particle in a population is known as a “vertical crossover.” The problem that elements of different dimensions have different value ranges is solved by normalization. Meanwhile, each operation only generates one progeny particle, and only one dimension is updated.

Assuming that _{1}^{th} and _{2}^{th} dimensions are involved in vertical crossover, the mean solution _{1}^{th} dimension offspring of the _{1}^{th} and the _{2}^{th} dimension of the individual particle

The conventional crossover operator chooses the crossover probability _{c} _{c}_{c}_{c}_{1} and _{c}_{2} are constants. _{avg}

The IQPSO is shown in

In practical applications, different selections of hyperparameters will affect the training results of the model. The five hyperparameters in the model (number of neurons of the three-layer BiGRU, batch size, and optimizer’s learning rate) were optimized by the IQPSO in this paper to find the optimal solution to the model parameters. The algorithm flow is as follows:

To verify the optimization ability and feasibility of the algorithm improved herein, this paper selected four test functions comparing this algorithm with the genetic algorithm (GA), traditional particle swarm optimization (PSO), traditional quantum particle swarm optimization (QPSO), crossover particle swarm optimization (CPSO) and crossover quantum particle swarm optimization (CQPSO) in different dimensions. The specific test functions are listed in _{1} and _{3} are low-dimensional unimodal functions. _{2} and _{4} are high-dimensional unimodal functions. _{5} and _{7} are low-dimensional multimodal functions. _{6} and _{8} are high-dimensional multimodal functions. Unimodal functions only have one optimum global point and no local extreme point, primarily for the test function convergence rate. The performance of functions that jump out of the local extreme point in many dimensions is observed using multimodal functions with numerous local extreme points.

SN | Function name | Function formula | Dimension | Domain of definition | Optimum value |
---|---|---|---|---|---|

Schwefel’s | 5 | 0 | |||

30 | 0 | ||||

Step | 5 | 0 | |||

30 | 0 | ||||

Alpine | 5 | 0 | |||

30 | 0 | ||||

Griewing | 5 | 0 | |||

30 | 0 |

The parameters in algorithms and functions in the test were set as follows: The population size was 30. The maximum number of iterations was 200. The shrinkage and expansion coefficient was 0.6. The maximum crossover probability was 0.8. Each benchmark function was selected to run independently 50 times to avoid excessive accidental errors. The optimum values, means, and standard deviations were taken as evaluation indexes. The optimum value is the highest or most favorable value of a particular variable or set of variables. A mean is an average of a set of numerical values or quantities. Standard deviation (SD) measures how spread out numbers are in a data set. The experimental results are shown in

Algorithm | Optimum value | Mean | SD | |
---|---|---|---|---|

GA | 1.179E − 03 | 1.736E − 01 | 2.813E − 01 | |

PSO | 3.386E − 10 | 4.002E − 01 | 1.960E + 00 | |

QPSO | 5.645E − 02 | 2.103E + 00 | 2.164E + 00 | |

CPSO | 1.011E − 11 | 7.403E − 11 | 5.883E − 11 | |

CQPSO | 0.000E + 00 | 0.000E + 00 | 0.000E + 00 | |

IQPSO | 0.000E + 00 | 0.000E + 00 | 0.000E + 00 | |

GA | 4.423E + 00 | 1.162E + 01 | 3.618E + 00 | |

PSO | 5.687E + 01 | 1.091E + 02 | 2.618E + 01 | |

QPSO | 2.567E + 01 | 5.530E + 01 | 2.056E + 01 | |

CPSO | 2.773E − 06 | 2.217E − 05 | 2.408E − 05 | |

CQPSO | 0.000E + 00 | 1.042E − 13 | 2.210E − 13 | |

IQPSO | 0.000E + 00 | 3.631E − 14 | 1.260E − 13 | |

GA | 2.756E − 04 | 6.721E + 00 | 2.336E + 01 | |

PSO | 7.081E − 18 | 2.926E − 16 | 6.654E − 16 | |

QPSO | 1.815E − 01 | 1.052E + 02 | 1.209E + 02 | |

CPSO | 8.601E − 22 | 2.624E − 19 | 5.639E − 19 | |

CQPSO | 0.000E + 00 | 0.000E + 00 | 0.000E + 00 | |

IQPSO | 0.000E + 00 | 0.000E + 00 | 0.000E + 00 | |

GA | 3.549E + 02 | 1.444E + 03 | 1.018E + 03 | |

PSO | 1.151E + 04 | 3.308E + 04 | 1.105E + 04 | |

QPSO | 2.895E + 03 | 1.143E + 04 | 5.316E + 03 | |

CPSO | 1.329E − 11 | 1.807E − 10 | 2.482E − 10 | |

CQPSO | 2.829E − 27 | 1.862E − 24 | 3.215E − 24 | |

IQPSO | 8.078E − 28 | 2.568E − 26 | 6.697E − 26 | |

GA | 4.073E − 07 | 2.639E − 02 | 9.343E − 02 | |

PSO | 2.047E − 19 | 2.586E − 18 | 3.293E − 18 | |

QPSO | 5.151E − 03 | 1.403E + 00 | 2.659E + 00 | |

CPSO | 2.729E − 23 | 1.964E − 21 | 4.335E − 21 | |

CQPSO | 0.000E + 00 | 0.000E + 00 | 0.000E + 00 | |

IQPSO | 0.000E + 00 | 0.000E + 00 | 0.000E + 00 | |

GA | 1.334E + 00 | 1.096E + 01 | 8.915E + 00 | |

PSO | 1.231E + 02 | 3.142E + 02 | 1.110E + 02 | |

QPSO | 2.694E + 01 | 9.791E + 01 | 4.704E + 01 | |

CPSO | 3.377E − 14 | 1.201E − 12 | 1.211E − 12 | |

CQPSO | 6.942E − 29 | 8.962E − 27 | 1.949E − 26 | |

IQPSO | 0.000E + 00 | 1.628E − 28 | 3.936E − 28 | |

GA | 5.863E − 02 | 1.700E + 00 | 2.434E + 00 | |

PSO | 2.464E − 02 | 1.030E − 01 | 5.637E − 02 | |

QPSO | 1.142E − 01 | 2.019E + 00 | 2.088E + 00 | |

CPSO | 8.216E − 15 | 1.098E − 01 | 5.315E − 02 | |

CQPSO | 1.616E − 07 | 5.068E − 02 | 2.686E − 02 | |

IQPSO | 0.000E + 00 | 1.555E − 02 | 1.308E − 02 | |

GA | 4.014E + 00 | 1.351E + 01 | 6.839E + 00 | |

PSO | 3.908E + 01 | 2.884E + 02 | 1.146E + 02 | |

QPSO | 2.400E + 01 | 1.021E + 02 | 4.404E + 01 | |

CPSO | 1.093E − 09 | 6.062E − 02 | 1.728E − 01 | |

CQPSO | 0.000E + 00 | 1.073E − 03 | 3.599E − 03 | |

IQPSO | 0.000E + 00 | 0.000E + 00 | 0.000E + 00 |

In the two low-dimensional unimodal functions, CQPSO and IQPSO found the theoretical optimum value of 0 when solving _{1} and _{3} functions. Meanwhile, the SD was also 0, showing the algorithm’s advantages. In the two high-dimensional unimodal functions, CQPSO and IQPSO found the theoretical optimum value of 0 when solving the _{2} function, but the mean and SD of IQPSO were smaller than CQPSO’s. When the _{4} function was solved, the optimum value, mean, and SD obtained by IQPSO were improved by at least one order of magnitude compared with those obtained by the other five algorithms. The stability was higher than that of other algorithms. In the two low-dimensional multimodal functions, the advantages of CQPSO and IQPSO were higher and more stable for the _{5} function solution than the other four algorithms. Only IQPSO could reach the theoretical optimum value for the _{7} function solution, but its ability was equivalent to that of the other five algorithms. In the two high-dimensional multimodal functions, IQPSO could find the theoretical optimum value when solving the _{6} function, but its stability needed improvement. When solving the _{8} function, IQPSO could reach the theoretical optimum value, and the SD was 0. Besides, only CQPSO could find the theoretical optimum value, but its stability must be revised.

According to the research, unimodal functions had greater solution accuracy than multimodal functions for each method. In comparison to high-dimensional functions, low-dimensional functions have greater solution accuracy. IQPSO demonstrated superior optimization accuracy and stability than the other five methods, independent of unimodal or multimodal and high-dimensional or low-dimensional functions.

Experiments were carried out on eight functions with six algorithms to compare the convergence rate of six algorithms intuitively. The eight average convergence curves in

The eight graphs above clearly show each algorithm’s fitness value changes in the optimization process. In these graphs, the convergence rate of IQPSO is relatively higher, and its convergence accuracy is much higher than that of other algorithms, showing the advantages of algorithm improvement.

A statistical test should be carried out for the performance evaluation of enhanced algorithms, according to Ref. [

Function | GA | PSO | QPSO | CPSO | CQPSO | |||||
---|---|---|---|---|---|---|---|---|---|---|

3.3111E-20 | + | 3.3101E-20 | + | 3.3111E-20 | + | 3.3111E-20 | + | NaN | = | |

4.4381E-18 | + | 4.4381E-18 | + | 4.4381E-18 | + | 4.4381E-18 | + | 2.7407E-4 | + | |

3.3111E-20 | + | 3.3111E-20 | + | 3.3111E-20 | + | 3.3111E-20 | + | NaN | = | |

7.0629E-18 | + | 7.0629E-18 | + | 7.0629E-18 | + | 7.0629E-18 | + | 1.3375E-12 | + | |

3.3111E-20 | + | 3.3111E-20 | + | 3.3111E-20 | + | 3.3111E-20 | + | NaN | = | |

6.9868E-18 | + | 6.9868E-18 | + | 6.9868E-18 | + | 6.9868E-18 | + | 2.4991E-13 | + | |

7.0502E-18 | + | 5.9606E-17 | + | 7.0502E-18 | + | 2.6493E-13 | + | 1.1435E-11 | + | |

3.3111E-20 | + | 3.3111E-20 | + | 3.3111E-20 | + | 3.3111E-20 | + | 2.5398E-4 | + |

It can be seen from _{1}, _{3}, and _{5} functions is “=.” This is because CQPSO has good optimization performance. IQPSO and CQPSO can find the optimum value.

Two data sets were selected for experiments to verify the situation prediction algorithms proposed in this paper. The two sets of data are specified as follows:

Data I: The experimental data obtained from the network environment built in Ref. [

Data II: The experimental premise was the weekly security situation data that the CNCERT/CC publishes. From the website’s 30^{th} issue in 2012 to its 29^{th} issue in 2022, 522 issues of weekly situation data were chosen as the foundation for experimental verification. The data were mainly evaluated from five perspectives. The scenario evaluation approach from Ref. [_{i}_{i}_{max} represents the maximum number of this security threat in the 522 issues of data selected. _{i}

Number of hosts infected with network viruses in China | Total number of tampered websites in China | Total number of websites implanted with a backdoor in China | Number of counterfeit pages of websites in China | Number of new information security vulnerabilities |
---|---|---|---|---|

0.30 | 0.25 | 0.15 | 0.15 | 0.15 |

Data normalization can reduce the variance of features to a specific range, reduce the influence of outliers, and improve the convergence rate of the model. This paper normalized the characteristic data to the interval [−1, 1] by the min-max normalization method. The calculation formula is as follows.

The TCAN-BiGRU model and all the experiments were carried out under the TensorFlow deep learning framework. The specific experimental environment [

Experimental environment | Specific configuration |
---|---|

Operating system | Windows 11 |

CPU | Intel(R) Core(TM) i5-11300H @ 3.10 GHz 3.11 GHz |

Memory | 16 GB |

Hard disk | 500 GB |

Development framework | TensorFlow 2.8.0 |

Development language | Python 3.9.12 |

To evaluate the effect of the prediction models proposed herein, three parameters, the mean absolute error (MAE), the mean square error (MSE), and the coefficient of determination (

In the above three equations,

To verify the effectiveness of the Ranger21 algorithm selected in this paper, it was compared with Adam [

It can be seen from the figure that compared with the Adam algorithm, SGD algorithm, and Adagrad algorithm, the Ranger21 algorithm has a higher convergence rate for network training. Moreover, its prediction fitting degree is higher than that of the other three optimization algorithms. Experimental results showed that the Ranger21 algorithm could promote the optimization of network training.

To better realize the prediction effect, the IQPSO was adopted in this paper to optimize these hyper-parameters to find the optimal solutions to model parameters. The IQPSO-associated parameters were set as follows: The population size was 5; the number of iterations was 30; the shrinkage and expansion coefficient was 0.6; and the maximum crossover probability was 0.8.

To increase the convergence rate and prevent the aimless search of particles in the search space, the bounds of optimization parameters are now set as follows: The number of BiGRU neurons is taken in the [10, 500] range. The batch size is taken in the [100, 1000] range. The optimizer’s learning rate is taken in the [0.0001, 0.005] range.

The training results of the TCAN-BiGRU model optimized by IQPSO are shown in

The parameters of the network model optimized by the IQPSO are shown in

Model parameter | Parameter setting | |
---|---|---|

Data I | Data II | |

Optimization algorithm | Ranger21 | Ranger21 |

Learning rate | 0.00033 | 0.0001 |

TCN convolution kernel | 3 | 3 |

Inflation factor | 1/3/9 | 1/3/9 |

Number of neurons of BiGRU | 110/339/131 | 356/205/350 |

Batch size | 112 | 232 |

The model provided here was tested against both conventional machine learning techniques and deep learning techniques, such as the BP, LSTM, GRU, TCN, BiGRU, and IQPSO-TCAN-BiGRU models, to see how well it performed in the NSSP.

After the SSA of the network security situation value, it was embedded, decomposed, grouped, and reconstructed into six subsequences. The results are shown in

It is commonly accepted that the high-frequency component, such as subsequence 4, subsequence 5, and subsequence 6, shows the random effect of the network security situation based on the subsequence characteristics of the decomposed network security scenario data sequence. Several low-frequency elements, including subsequences 1, 2, and 3, can be seen as periodic elements of the network security status data sequence since they exhibit strong sinusoidal fluctuation characteristics. The network security situation’s low-frequency portion is a trend indicator that may be used to identify the long-term trend in network security.

To evaluate the predictive ability of models as a whole, the MAE, MSE, and ^{2} of different models were calculated. The results are listed in

Prediction model | Data I | Data II | ||||
---|---|---|---|---|---|---|

MAE | MSE | MAE | MSE | |||

BP | 2.515E-02 | 1.359E-03 | 0.903 | 1.334E-02 | 2.531E-04 | 0.931 |

LSTM | 1.745E-02 | 4.002E-04 | 0.971 | 6.135E-03 | 5.731E-05 | 0.984 |

GRU | 1.039E-02 | 2.600E-04 | 0.981 | 6.222E-03 | 5.960E-05 | 0.984 |

TCN | 1.429E-02 | 4.607E-04 | 0.967 | 8.758E-03 | 1.252E-04 | 0.966 |

BiGRU | 1.031E-02 | 1.574E-04 | 0.989 | 6.239E-03 | 4.740E-05 | 0.987 |

IQPSO-TCAN-BiGRU | 5.770E-03 | 8.671E-05 | 0.994 | 5.929E-03 | 4.169E-05 | 0.989 |

SSA-IQPSO-TCAN-BiGRU | 1.711E-03 | 1.019E-05 | 0.999 | 8.786E-04 | 1.160E-06 | 0.999 |

The predicted and true values of the SSA-IQPSO-TCAN-BiGRU model and BP, LSTM, GRU, TCN, BiGRU, and IQPSO-TCAN-BiGRU prediction models are compared in

The models make predictions while taking into account both the accuracy of the forecast and the amount of time needed to run the model, i.e., the time for model training and the time for the prediction. The complexity of the model, the number of iterations, and the batch size all affect how long it takes to run.

Prediction model | Data I | Data II | ||||
---|---|---|---|---|---|---|

Train/s | Predict/s | Sum/s | Train/s | Predict/s | Sum/s | |

BP | 0.0856 | 0.0019 | 0.0875 | 0.182 | 0.0898 | 0.2718 |

LSTM | 26.15 | 1.51 | 27.66 | 75.44 | 5.18 | 80.62 |

GRU | 39.59 | 1.08 | 40.67 | 80.59 | 6.08 | 86.67 |

TCN | 40.1 | 0.26 | 40.36 | 80.12 | 5.37 | 85.49 |

BiGRU | 46.96 | 1.16 | 48.12 | 85.53 | 6.17 | 91.7 |

IQPSO-TCAN-BiGRU | 418.94 | 0.77 | 419.71 | 659.76 | 6.76 | 666.52 |

SSA-IQPSO-TCAN-BiGRU | 632.7 | 2.71 | 635.41 | 812.3 | 6.25 | 818.55 |

As can be seen from

Multi-attribute security indicators were fused based on network security situation data. In this paper, SSA was introduced into network security prediction. A series of subsequences were obtained by embedding, decomposing, grouping, and reconstructing the network security situation values obtained weekly. Afterward, the prediction model of the TCAN-BiGRU network was established for each subsequence. Finally, the prediction results of subsequences were superposed to obtain the final NSSP value. Meanwhile, the QPSO was improved. The chaotic map and crossover operator were introduced to ensure population diversity. Besides, adaptive crossover probability was adopted to improve the algorithms’ convergence accuracy and rate. In this paper, it was proved with different data and by multiple experiments that the model has strong feature extraction ability, high prediction accuracy, and prediction efficiency when network security situation data are processed, whose coefficient of determination is up to 0.999 on both sets, indicating that the model proposed herein is effective and practical. In subsequent studies, the cutting-edge deep learning model and swarm intelligence optimization algorithm will be focused on further improving the effectiveness of this model in actual applications.

This work is supported by the National Science Foundation of China (61806219, 61703426, and 61876189), by National Science Foundation of Shaanxi Provence (2021JM-226) by the Young Talent fund of the University, and the Association for Science and Technology in Shaanxi, China (20190108, 20220106), and by and the Innovation Capability Support Plan of Shaanxi, China (2020KJXX-065).

The authors declare that they have no conflicts of interest to report regarding the present study.