Abstract
A network security situation assessment system based on the extended hidden Markov model is designed in this paper. Firstly, the standard hidden Markov model is expanded from five-tuple to seven-tuple, and two parameters of network defense efficiency and risk loss vector are added so that the model can describe network security situation more completely. Then, an initial algorithm of state transition matrix was defined, observation vectors were extracted from the fusion of various system security detection data, the network state transition matrix was created and modified by the observation vectors, and a solution procedure of the hidden state probability distribution sequence based on extended hidden Markov model was derived. Finally, a method of calculating risk loss vector according to the international definition was designed and the current network risk value was calculated by the hidden state probability distribution; then the global security situation was assessed. The experiment showed that the model satisfied practical applications and the assessment result is accurate and effective.
Highlights
With the widespread use of Internet technology, network security has gradually attracted public attention
In 1988, Endsley firstly proposed the concept of situation awareness [7]; Bass proposed the concept of network situation awareness, which includes element extraction, situation understanding and situation assessment, and other contents and gave the concept of network situation awareness model [8]; Lakkaraju et al got data mining technology as a network situation awareness of the key technologies [9]; Elshoush fused the elements which were extracted by data mining technology and used the fusion into intrusion detection, but it was difficult to avoid false alarm because of its huge number of data [10, 11]
Rough the analysis of the network security situation assessment model at home and abroad, it is found that there are still many problems in the study of network security situation assessment: the state transition matrix is generally obtained by the experience of administrators, with strong subjectivity, and it is influenced by the administrator’s own ability; secondly, due to the lack of two parameters of network defense capability and risk loss, it is easy to lead to the calculation deviation of the hidden state vector sequence in the evaluation model when the observation vector sequence is generated
Summary
With the widespread use of Internet technology, network security has gradually attracted public attention. Rough the analysis of the network security situation assessment model at home and abroad, it is found that there are still many problems in the study of network security situation assessment: the state transition matrix is generally obtained by the experience of administrators, with strong subjectivity, and it is influenced by the administrator’s own ability; secondly, due to the lack of two parameters of network defense capability and risk loss, it is easy to lead to the calculation deviation of the hidden state vector sequence in the evaluation model when the observation vector sequence is generated. E system fuses a variety of security detection data, extracts the main attack logs from the network security equipment to form the observation vector sequence, corrects state transition matrix by the real-time state, forms the hidden state probability distribution sequence by using the improved Viterbi algorithm, combines the network topology and the network asset information with the hidden state probability distribution to calculate the current network risk value, and assesses the global security situation of the current network, making the analysis and processing ability of network security products improved to a great extent in multiple index
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
