Network Security Situation Assessment Model Based on Extended Hidden Markov

A network security situation assessment system based on the extended hidden Markov model is designed in this paper. Firstly, the standard hidden Markov model is expanded from five-tuple to seven-tuple, and two parameters of network defense efficiency and risk loss vector are added so that the model can describe network security situation more completely. Then, an initial algorithm of state transition matrix was defined, observation vectors were extracted from the fusion of various system security detection data, the network state transition matrix was created and modified by the observation vectors, and a solution procedure of the hidden state probability distribution sequence based on extended hidden Markov model was derived. Finally, a method of calculating risk loss vector according to the international definition was designed and the current network risk value was calculated by the hidden state probability distribution; then the global security situation was assessed. The experiment showed that the model satisfied practical applications and the assessment result is accurate and effective.

[1]  Tim Bass,et al.  Intrusion detection systems and multisensor data fusion , 2000, CACM.

[2]  Guangming Zhuang,et al.  Dynamic event-based finite-time mixed H∞ and passive asynchronous filtering for T–S fuzzy singular Markov jump systems with general transition rates , 2020 .

[3]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[4]  Daniele Sgandurra,et al.  Automating the assessment of ICT risk , 2014, J. Inf. Secur. Appl..

[5]  Feng Dengguo,et al.  A Network Security Situational Awareness Model Based on Information Fusion , 2009 .

[6]  Beizhan Wang,et al.  A method for HMM-based system calls intrusion detection based on hybrid training algorithm , 2011, 2011 IEEE International Conference on Information and Automation.

[7]  Chanchal Sharma,et al.  ICARFAD: A Novel Framework for Improved Network Security Situation Awareness , 2014 .

[8]  Mica R. Endsley,et al.  Design and Evaluation for Situation Awareness Enhancement , 1988 .

[9]  Abasi A Network Security Situational Awareness Model Based on Information Fusion , 2013 .

[10]  Huwaida Tagelsir Ibrahim Elshoush,et al.  An innovative framework for collaborative intrusion alert correlation , 2014, 2014 Science and Information Conference.

[11]  XiaoFeng Wang,et al.  A fuzzy forecast method for network security situation based on Markov , 2012, 2012 International Conference on Computer Science and Information Processing (CSIP).

[12]  Guangming Zhuang,et al.  Dynamic event-based mixed H∞ and dissipative asynchronous control for Markov jump singularly perturbed systems , 2020, Appl. Math. Comput..

[13]  Guan Xiaohong,et al.  Quantitative Hierarchical Threat Evaluation Model for Network Security , 2006 .

[14]  Vic Grout,et al.  Principles of Eliminating Access Control Lists within a Domain , 2012, Future Internet.

[15]  Tang Jiutao,et al.  HMM-based integration of multiple models for intrusion detection , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[16]  Huwaida Tagelsir Elshoush,et al.  Alert correlation in collaborative intelligent intrusion detection systems - A survey , 2011, Appl. Soft Comput..

[17]  Adam Stotz,et al.  Situation Awareness of multistage cyber attacks by semantic event fusion , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[18]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.