摘要
现有的安全评估方法大部分是基于系统设计和周期性数据进行人工分析的,针对这些方法实时性差的问题,将隐马尔可夫模型(HMM)应用于网络安全评估中,提高了安全评估的实时性.该方法的优点在于可以利用现有的网络监控和入侵检测系统进行个体或大型网络的安全评估,使用多代理系统结构,根据代理软件搜集到的观察信息序列,得知隐藏的安全状态,最后结合具体实例和实验数据说明了该模型的可行性及高实时性.
Current risk assessment methodologies focus on manual risk analysis of networks during system design or through periodic reviews. Most existing approaches are not suitable for real - time use. In this paper, we introduce an approach to network security assessment which is based on Hidden Markov Models to improve the ability of real - time. The benefit of our approach is the ability to enable the assessment of risk building upon existing network monitoring and intrusion detection systems, both on a system -wide level, as well as for individual objects. We assume a muhiagent system architecture, can know hidden security status according to the observations sequence, every agent receive and process the observations provided by the sensors, and the information system or network security is dynamically evaluated based on these data. Finally, the approach is evaluated using real -life data, to illustrate its feasibility and high real -time capability.
出处
《哈尔滨理工大学学报》
CAS
2008年第6期42-45,共4页
Journal of Harbin University of Science and Technology
关键词
安全评估
入侵检测
隐马尔可夫模型
security assessment
intrusion detection system
hidden Markov model
