摘要
为了实时评估网络安全风险,建立了用于描述主机安全状态的隐马尔可夫模型,以入侵检测系统的报警信息作为模型输入,计算主机处于被攻击状态的概率。针对攻击报警,提出了一种新的攻击成功概率计算方法,然后结合攻击威胁度计算主机节点的风险指数。最后利用主机节点重要性权重与节点风险指数量化计算网络风险。实例分析表明,该方法能够动态绘制网络安全风险态势曲线,有利于指导安全管理员及时调整安全策略。
The Hidden Markov Model(HMM) for describing host security states was established to evaluate the real time security risk of network,whose input is Intrusion Detection System alers.The probability for host to be attacked was calculated by this model.Aimed at the attack alers,a new calculating method for attack success probability was presented,and used attack threat level to calculate the risk index of the host node.Finally,the importance weight and risk index of all the host nodes were used to calculated the risk of the network quantitatively.The case study demonstrated this method can provide the real-time risk curves of host system for security managers to adjust security policies.
出处
《计算机科学》
CSCD
北大核心
2010年第9期94-96,共3页
Computer Science
基金
国家自然科学基金项目(60873233)
陕西省科技攻关项目(2008-k04-21)资助
关键词
网络安全
风险评估
入侵检测系统
隐马尔可夫模型
Network security
Risk assessment
Intrusion detection system
Hidden markov model