计算机科学

计算机科学 ›› 2020, Vol. 47 ›› Issue (7): 287-291.doi: 10.11896/jsjkx.190300045

• 信息安全 • 上一篇    下一篇

基于改进隐马尔可夫模型的网络安全态势评估方法

李欣, 段詠程   

  1. 中国人民公安大学信息技术与网络安全学院 北京100038
  • 收稿日期:2019-03-13 出版日期:2020-07-15 发布日期:2020-07-16
  • 通讯作者: 段詠程(443130851@qq.com)
  • 作者简介:ndlixin@sina.com
  • 基金资助:
    国家重点研发计划(2017YFC0803700)

Network Security Situation Assessment Method Based on Improved Hidden Markov Model

LI Xin, DUAN Yong-cheng   

  1. College of Information Technology and Network Security,People’s Public Security University of China,Beijing 100038,China
  • Received:2019-03-13 Online:2020-07-15 Published:2020-07-16
  • About author:LI Xin,born in 1977,Ph.D,associate professor.His main research interests include cyber security and so on.
    DUAN Yong-cheng,born in 1995,master.His main research interests include situational awareness and so on.
  • Supported by:
    This work was supported by the National Key R&D Program of China(2017YFC0803700)

PDF (PC)

949

摘要: 网络安全态势感知作为网络安全防护措施的有效补充,是近年来的研究热点之一,而准确地评估网络安全状态已成为网络安全领域的一个重要课题。隐马尔可夫模型(Hidden Markov Model,HMM)可用于网络安全态势评估,能实时评估网络状态,但其存在模型参数难以配置、评估准确率较低等问题。因此,文中提出了一种改进隐马尔可夫模型的态势评估方法,将模型Baum-Welch(BW)参数优化算法与人群搜索算法(Seeker Optimization Algorithm,SOA)相结合,利用SOA随机搜索能力强的特点,解决传统参数优化算法容易陷入局部最优解的问题,将优化后的参数代入HMM中,通过量化分析得出网络安全态势值。基于DARPA2000数据集采用MATLAB软件对提出的方法进行实验验证,结果表明,与BW算法相比,所提方法能够提高模型准确率,对网络安全态势的量化更加合理。

关键词: HMM, SOA, 参数优化, 态势感知, 态势评估

Abstract: Cyber security situation awareness,as an effective supplement in cyber security protection measures,is one of the research focus in recent years.In particular,network security situation assessment has become an important research topic in the field of network security.Hidden Markov Model (HMM) can be used in network security situation assessment,which can evalua-te network status in real time,but there are problems such as difficult to configure model parameters and low evaluation accuracy.Therefore,this paper proposes a situation assessment method for improving the Hidden Markov Model,combining the Baum-Welch (BW) parameter optimization algorithm with the Seeker Optimization Algorithm (SOA).Taking advantage of the strong random search ability of SOA,the traditional parameter optimization algorithm is easy to fall into local optimal solution.The optimized parameters are substituted into the HMM,and the network security situation value is obtained through quantitative analysis.Based on the DARPA2000 dataset,this paper uses MATLAB software to verify the proposed method.The experimental results show that compared with BW algorithm,this method can improve the accuracy of the model,and it makes the quantification of the network security situation more reasonable.

Key words: HMM, Parameter optimization, Situation assessment, Situational awareness, SOA

中图分类号: 

  • TP393
[1]GORODETSKY V,KARSAEV O,SAMOILOV V.On-line update of situation assessment based on asynchronous data streams[C]//International Conference on Knowledge-Based and Intelligent Information and Engineering Systems.Berlin:Springer,2004:1136-1142.
[2]ÅRNES A,VALEUR F,VIGNA G,et al.Using hidden markov models to evaluate the risks of intrusions[C]//International Workshop on Recent Advances in Intrusion Detection.Berlin:Springer,2006:145-164.
[3]HASLUM K,MOE M E G,KNAPSKOG S J.Real-time intrusion prevention and security analysis of networks using HMMs[C]//2008 33rd IEEE Conference on Local Computer Networks (LCN).IEEE,2008:927-934.
[4]POOLSAPPASIT N,DEWRI R,RAY I.Dynamic security risk management using bayesian attack graphs[J].IEEE Transactions on Dependable and Secure Computing,2012,9(1):61-74.
[5]CHEN X Z ,ZHENG Q H,GUAN X H,et al.Quantitative hierarchical threat evaluation model for network security[J].Journal of Software,2006,17(4):885-897.
[6]LI W M,LEI J,DONG J,et al.An Optimized Method for Real Time Network Security Quantification[J].Chinese Journal of Computers,2009,32(4):793-804.
[7]ZHANG Y,TAN X B,CUI X L,et al.Network security situation awareness approach based on Markov game model[J].Journal of Software,2011,22(3):495-508.
[8]XI R R,YUN X C,ZHANG Y Z,et al.An Improved Quantitative Evaluation Method for Network Security[J].Chinese Journal of Computers,2015,38(4):749-758.
[9]WEN Z C,CHEN Z G,TANG J.Network Security Assessment Method Based on Cluster Analysis[J].Journal of Shanghai Jiaotong University,2016,50(9):1407-1414,1421.
[10]TIAN J W,TIAN Z,QI W H,et al.Threat Propagation Based Security Situation Quantitative Assessment in Multi-Node Network[J].Journal of Computer Research and Development,2017,54(4):731-741.
[11]ZHAO D M,LIU J X.Study on Network Security Situation
Awareness based on Particle Swarm Optimization Algorithm[J/OL].Computers & Industrial Engineering.https://www.sciencedirect.com/science/article/abs/pii/S036083521830007X.
[12]WANG H,CHEN Z F,FENG X,et al.Research on Network Security Situation Assessment and Quantification Method Based on Analytic Hierarchy Process[J/OL].Wireless Personal Communications.https://link.springer.com/article/10.1007%2Fs11277-017-5202-3.
[13]LIU X W,YU J G,LV W F,et al.Network security situation:From awareness to awareness-control[J].Journal of Network and Computer Applications,2019,139(8):15-30.
[14]WU X,YAN Y S,LIU X R.Program Behavior Anomaly Detection Method Based on Improved HMM[J].Netinfo Security,2016,1(9):108-112.
[15]SRIVASTAVA A,KUNDU A,SURAL S,et al.Credit card
fraud detection using hidden Markov model[J].IEEE Transactions on Dependable and Secure Computing,2008,5(1):37-48.
[16]YANG L Q,MENG K,WANG B,et al.A New Detection Technique of SQL Injection Based on Hidden Markov Mode[J].Netinfo Security,2017,1(9):115-118.
[17]LI F W,LI Q,ZHU J.Improved method of situation assessment method based on hidden Markov model[J].Journal of Computer Applications,2017,37(5):1331-1334,1340.
[18]DAI C H.Seeker Optimization Algorithm and Its Applications[D].Chengdu:Southwest Jiaotong University,2009.
[1] 王兵, 吴洪亮, 牛新征.
基于改进势场法的机器人路径规划
Robot Path Planning Based on Improved Potential Field Method
计算机科学, 2022, 49(7): 196-203. https://doi.org/10.11896/jsjkx.210500020
[2] 吕鹏鹏, 王少影, 周文芳, 连阳阳, 高丽芳.
基于进化神经网络的电力信息网安全态势量化方法
Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network
计算机科学, 2022, 49(6A): 588-593. https://doi.org/10.11896/jsjkx.210200151
[3] 唐亮, 李飞.
基于决策树的车联网安全态势预测模型研究
Research on Forecasting Model of Internet of Vehicles Security Situation Based on Decision Tree
计算机科学, 2021, 48(6A): 514-517. https://doi.org/10.11896/jsjkx.200700158
[4] 周益旻, 刘方正, 王勇.
基于混合方法的IPSec VPN加密流量识别
IPSec VPN Encrypted Traffic Identification Based on Hybrid Method
计算机科学, 2021, 48(4): 295-302. https://doi.org/10.11896/jsjkx.200700189
[5] 邓丽, 武金达, 李科学, 卢亚康.
基于TPE的SpaRC算法超参数优化方法
SpaRC Algorithm Hyperparameter Optimization Methodology Based on TPE
计算机科学, 2021, 48(2): 70-75. https://doi.org/10.11896/jsjkx.200500156
[6] 赵冬梅, 宋会倩, 张红斌.
基于时间因子和复合CNN结构的网络安全态势评估
Network Security Situation Based on Time Factor and Composite CNN Structure
计算机科学, 2021, 48(12): 349-356. https://doi.org/10.11896/jsjkx.210400227
[7] 白雪, 努尔布力, 王亚东.
网络安全态势感知研究现状与发展趋势的图谱分析
Map Analysis for Research Status and Development Trend on Network Security Situational Awareness
计算机科学, 2020, 47(6A): 340-343. https://doi.org/10.11896/JsJkx.190500169
[8] 武玉坤,肖杰,李伟,楼吉林.
融合渐近性的灰狼优化支持向量机模型
Support Vector Machine Model Based on Grey Wolf Optimization Fused Asymptotic
计算机科学, 2020, 47(2): 37-43. https://doi.org/10.11896/jsjkx.190100092
[9] 王海涛, 宋丽华, 向婷婷, 刘力军.
人工智能发展的新方向——人机物三元融合智能
New Development Direction of Artificial Intelligence-Human Cyber Physical Ternary Fusion Intelligence
计算机科学, 2020, 47(11A): 1-5. https://doi.org/10.11896/jsjkx.200100053
[10] 吴英杰, 黄鑫, 葛晨, 孙岚.
差分隐私流数据实时发布中的自适应参数优化
Adaptive Parameter Optimization for Real-time Differential Privacy Streaming Data Publication
计算机科学, 2019, 46(9): 99-105. https://doi.org/10.11896/j.issn.1002-137X.2019.09.013
[11] 胡鑫楠.
基于改进型混沌粒子群优化算法的FIR高通数字滤波器设计
FIR High Pass Digital Filter Design Based on Improved Chaos Particle Swarm Optimization Algorithm
计算机科学, 2019, 46(6A): 601-604.
[12] 衡红军, 王瑞.
航站楼长期运行态势的评估体系
Long-term Operational Situation Assessment System for Terminal Buildings
计算机科学, 2019, 46(5): 310-314. https://doi.org/10.11896/j.issn.1002-137X.2019.05.048
[13] 柴慧敏, 方敏, 吕少楠.
基于态势评估技术的移动机器人局部路径规划
Local Path Planning of Mobile Robot Based on Situation Assessment Technology
计算机科学, 2019, 46(4): 210-215. https://doi.org/10.11896/j.issn.1002-137X.2019.04.033
[14] 张晓凤,王秀英.
灰狼优化算法研究综述
Comprehensive Review of Grey Wolf Optimization Algorithm
计算机科学, 2019, 46(3): 30-38. https://doi.org/10.11896/j.issn.1002-137X.2019.03.004
[15] 王婷婷, 朱江.
基于差分WGAN的网络安全态势预测
Network Security Situation Forecast Based on Differential WGAN
计算机科学, 2019, 46(11A): 433-437.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发