Abstract: With the rapid development of network technology, the network security problem has become increasingly serious, the traditional network security technologies-vulnerability detection mechanisms, malicious code detection technology, firewall technology, intrusion detection technology, information security risk management technologies-which has the poor real-time and false positives and false negatives. They may introduce new vulnerabilities and cannot react the quantitatively of the current security situation. At the same time, the increasing complexity of network structure also brings new challenges for network security management. System administrator cannot solve network security problem timely and effectively. Therefore, how to achieve effective combination of situation analyses and defense technology for network security becomes a hot issue recently. In order to solve this question, this paper proposes a framework based on ant colony of intelligent network security situation awareness (ant intelligence situation awareness, AISA) and the key technology needed to achieve that. An agent inserted between the administrator and the host can be used for information collection, situation analysis, situation assessment and self-defense. In the process of network security situation awareness, ant colony algorithm can be resorted to and the pheromone guides the movement of the Agent to achieve an effective integration of network security situation analysis and self-defense techniques. Experiments show that the framework realizes a real-time network security awareness and quantitative perception, which can reduce the labor of administrators and improve management efficiency of the network security.

Key words: ant intelligence, network security situation, defense