Network security situation awareness is a new technology for network security monitoring and early warning, and is a hot spot in the area of network security. In this paper, the artificial immune technology is applied to the study of network security situation awareness, and a model is presented and implemented. The paper adopts the artificial immune-based intrution detection technology to real-timely monitor network attacks, and introduces vaccination mechanism to effectively improve the real-time network attack detection abilities of network hosts. In addition,the paper puts forward the concept of network group according to idiotypic immune network theory, and establishes a real-time and quantitive network risk assessment sub-model based on antibody concentration. The changes of antibody concentration are not only related to intrusion intensity, but also to interactions with antibodies in the same network group. To predict future network security situation trends,the paper adopts time-series prediction mechanism based on cloud models. Theoretical analysis and experimental results show that the model is effective to network security situation awareness with advantages of real-time and high accuracy.
