CyberSecuritySituationEvaluationMethodBasedon#br#
AssociationAnalysisandHiddenMarkovModel

doi:10.3969/j.issn.1006-2475.2018.06.007

Abstract

Abstract: MostofthecurrentnetworksecuritysituationassessmentmethodsbasedonHMMarefocusedonthestudyofHMMparameters,ignoringtheimpactofobservationvaluesonevaluationaccuracy.Thispaperisbasedontheaggregationofalarminformation,takesattackmodeasabasisforassociation,combinesthevulnerabilityinformationofnetworkassets，identifiestheattackphaseofthehostandconvertsittothethreatlevelofthehost,andfinally,usesHMMtoevaluatethesecuritysituationofthehostandnetwork.ExperimentbasedonDARPA2000datasetshows,comparedwiththegeneralHMMmethod,thismethodcanreflectthemulti-stepcharacteristicsoftheattack,anditcanmoreaccuratelyreflectthechangeofnetworksituation.

Key words: multi-stepattackspattern, associationanalysis, hiddenMarkovmodel, cybersecuritysituationevaluation

CLC Number:

TP393.08

WUJian-tai,LIUGuang-jie,LIUWei-wei,DAIYue-wei. CyberSecuritySituationEvaluationMethodBasedon#br# AssociationAnalysisandHiddenMarkovModel[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2018.06.007.

References ［15］

［1］	BassT.Instrusiondetectionsystemsandmultisensordatafusion:Creatingcyberspacesituationalawareness［J］.CommunicationsoftheACM，2000，43（4）：100-105.
［2］	陈秀真，郑庆华，管晓宏,等.层次化网络安全态势量化评估方法［J］.软件学报，2006，17（4）：885-897.
［3］	章丽娟,王清贤.模糊层次分析法在网络安全态势评估中的应用［J］.计算机仿真，2011，28（12）：138-140.
［4］	董博，王雪.基于变量分组贝叶斯网络的安全态势评估方法［J］.微型机与应用，2016，35（7）：60-62，66.
［5］	张勇，谭小彬，崔孝林,等.基于Markov博弈模型的网络安全态势感知方法［J］.软件学报，2011，22（3）：495-508.
［6］	rnesA,ValeurF,VignaG,etal.UsingHiddenMarkovModelstoevaluatetherisksofintrusions［J］.LectureNotesinComputerScience,2006,4219:145-164.
［7］	HaslumK,MoeMEG,KnapskogSJ.Real-timeintrusionpreventionandsecurityanalysisofnetworksusingHMMs［C］//2008IEEEConferenceonLocalComputerNetworks.2009:927-934.
［8］	方研，殷肖川，孙益博.基于隐马尔科夫模型的网络安全态势评估［J］.计算机应用与软件，2013，30（12）：64-68.
［9］	席荣荣，云晓春，张永铮,等.一种改进的网络安全态势评估方法［J］.计算机学报，2015，38（4）：749-758.
［10］	李明伟，雷杰，董静,等.一种优化的实时网络安全风险量化方法［J］.计算机学报，2009，32（4）：793-804.
［11］	王泽芳，袁平，黄晓芳,等.一种新的多步攻击场景构建技术研究［J］.西南科技大学学报，2016，31（1）：55-60.〖JP〗
［12］	EndsleyMR.Towardatheoryofsituationawarenessindynamicsystems［J］.JournaloftheHumanFactors&ErgonomicsSociety,1995,37(1):32-64.
［13］	杨豪璞，邱辉，王坤.面向多步攻击的网络安全态势评估方法［J］.通信学报，2017，38（1）：187-198.
［14］	KavousiF,AkbariB.AutomaticlearningofattackbehaviorpatternsusingBayesiannetworks［C］//IEEEInternationalSymposiumonTelecommunications.2013:999-1004.〖JP〗
［15］	FreiS,MayM,FiedlerU,etal.Large-scalevulnerabilityanalysis［C］//Proceedingsof2006SIGCOMMWorkshoponLarge-scaleAttackDefense.2006:131-138.

[1]	XIAO Hang, LI Peng, MA Hui-ping, ZHU Feng, . RFID System Security Analysis Model Based on Stochastic Petri Net [J]. Computer and Modernization, 2023, 0(09): 105-114.
[2]	DAI Rui-feng. Model Construction of College Network Security System Based on SSL Virtual Technology [J]. Computer and Modernization, 2020, 0(08): 122-126.
[3]	ZHANG Yu1,2, GUO Chun1,2, SHEN Guo-wei1,2, PING Yuan3. An IDS Alerts Preprocessing Method Based on Information Entropy [J]. Computer and Modernization, 2020, 0(05): 111-.
[4]	JIANG Wan-ming1,2, GUO Chun1,2, JIANG Chao-hui1,2. A Low-rate DDoS Attack Detection Method Based on BiLSTM [J]. Computer and Modernization, 2020, 0(05): 120-.
[5]	CAO Yong-ming. A Fuzzy Keyword Search Encryption Scheme Without Secure Channel [J]. Computer and Modernization, 2020, 0(04): 42-.
[6]	WANG Yao, LI Wei, WU Ke-he, CUI Wen-chao. Application of Fusion Model of GBDT and LR in Encrypted Traffic Identification [J]. Computer and Modernization, 2020, 0(03): 93-.
[7]	QIN Lu-lu, ZHOU Li-jing, WANG Min. A Conditional Proxy Re-encryption Supporting Multi-keyword Search [J]. Computer and Modernization, 2020, 0(01): 100-.
[8]	ZHOU Li-jing, WANG Min, QIN Lu-lu . CP-ABE Scheme with Attribute Revocation Under Environment of Multi-attribute Authority [J]. Computer and Modernization, 2019, 0(11): 60-.
[9]	SONG Zi-hua1,2, GUO Chun1,2, JIANG Chao-hui1,2. A Fast Trojan Detection Method Based on Network Traffic Analysis [J]. Computer and Modernization, 2019, 0(06): 9-.
[10]	WU Dong1,2, GUO Chun1,2, SHEN Guo-wei1,2. An Alert Correlation Method Based on Multi-factors [J]. Computer and Modernization, 2019, 0(06): 30-.
[11]	ZENG Qi, HAN Xiao, CAO Yong-ming. Integrated Public Key Encryption and Public Key Encryption with Keyword Search [J]. Computer and Modernization, 2019, 0(04): 103-.
[12]	MI Qian-kun1, WU Bin2, DU Ning1,QIN Xi1. Information System Security Risk Assessment Based on Incomplete Information Game Model [J]. Computer and Modernization, 2019, 0(04): 118-.
[13]	LIAN Geng-xiong . Trusted Mobile Application Market Based on Blockchain [J]. Computer and Modernization, 2019, 0(03): 58-.
[14]	SUN Yuan, LIAO Xiao-ping. Abnormal Data Detection Method Based on Intelligent Bat Algorithm [J]. Computer and Modernization, 2019, 0(03): 62-.
[15]	HAN Xiao, ZENG Qi, CAO Yong-ming . An Efficient Proxy Re-encryption Scheme with Keyword Search [J]. Computer and Modernization, 2019, 0(03): 117-.

CyberSecuritySituationEvaluationMethodBasedon#br# AssociationAnalysisandHiddenMarkovModel

Knowledge

Abstract

Cite this article

share this article

References ［15］

Related Articles 15

Recommended Articles

Metrics

Comments