摘要
针对目前日益复杂的网络安全环境,提出一种基于隐马尔可夫模型(HMM)的态势评估方法。以入侵检测系统的输出(报警事件)为处理对象,采用隐马尔可夫随机过程作为分析手段,建立描述网络系统受到攻击后安全状态转移的隐马尔可夫模型;在此基础上,通过Baum-Welch(BW)算法对模型参数进行优化,使用量化分析方法得到整个网络态势的定量评价。通过实验验证了该方法能比较准确地反映网络的安全态势,具有良好的应用前景。
To cope with the increasingly complex environment of network security,a situation assessment method based on hidden Markov model(HMM)was proposed.The output of intrusion detection system(alarm events)was used as the object,a hidden Markov random process was taken as an analytical tool,and a HMM was established to describe the security state transition after the network system attack.On this basis,the model parameters were optimized using Baum-Welch(BW)algorithm,and a quantitative assessment of the situation of the entire network was obtained with quantitative analysis method.The results of the experiment show this method can more accurately reflect the network′s security situation,and it has a favorable application prospect.
出处
《计算机工程与设计》
北大核心
2015年第7期1706-1711,共6页
Computer Engineering and Design
基金
国家自然科学基金项目(61271260
61102062)
关键词
网络安全
报警事件
隐马尔可夫模型
量化分析
态势评估
network security
alarm events
hidden Markov model(HMM)
quantitative analysis
situation assessment
