Abstract:In order to change the current passive network security defense situation depending on traditional network security tools, such as firewall, network vulnerability scanning and intrusion detection etc, the artificial immune technology is applied to network security situation awareness.This technology adopts intrusion detection model based on immune to realize the detection of known and unknown intrusion behaviors, and establishes real-time and quantitative network risk evaluation model based on the corresponding relationship between the antibody concentration variation of biological immune system and the intrusion rate of pathogen. During the trend forecast of network security situation, ARMA model based on time series is adopted to make real time and quantitative analysis and forecast on network security situation and its future trend, in this way, it can reduce the risk of network attack effectively and improve the emergency logistic support ability of network information system. The experiment result shows that this system can adjust network security strategy timely and efficiently, provide overall security guarantee for the system and is a good solution to active network security defense.