The Research On Risk Assessment Methods Based On Analytic Hierarchy Process And Hidden Markov Model

Risk assessment is the foundation and premise of safety management of the network system, and the assessment method is the most key technology of risk assessment processes. The choice of assessment methods will affect the final outcome of risk assessment directly. Therefore, the studying of risk assessment methods is very important for safety management of the network system. The main tasks of this paper are,1. This paper has thoroughly studied risk assessment systems both here and abroad, including the standard and guide of risk assessment, risk assessment models, risk assessment tools, risk assessment methods and so on. This paper has analyzed their respective characteristics, merits, shortcomings and their trend of development by induction and contrast, and at the same time has also determined direction for the research aim of this paper.2. Because the traditional risk assessment method, Analytic Hierarchy Process (AHP), is deeply subjected to the artificial factor, results don't consist with each other while scaling multifactor weight, influencing the accuracy of the conclusion and the dependability of the analyzing results. This paper builds up a hierarchy risk assessment model based on"network-host-service-evaluation factor", and advances a new AHP based on interval judgment matrix to evaluate the risk grade of the network. Concrete procedures are that, considering the given interval judgment matrix, firstly, makes it consistently approximate a digital judgment matrix, then brings an analytic hierarchy process of adjusting judgment matrix forward, finally, gains approximate weight of every layer's elements. Experiments and examples have validated that this method can quantize the risk condition accurately and automatically.3. At present, the overwhelming majority network security risk assessment methods take the warning of intrusion detection systems and crack scanning as primary data, therefore, the result of risk assessments is closely linked with intrusion detection systems. But some inevitable flaws of present intrusion detection systems, such as simple point breakdown, false negatives, false positives and so on, surely bring some wrong judgments to the risk assessment. This paper proposes distributed intrusion prevention systems based on Hidden Markov Model (HMM), not simple point intrusion detections. The main method is that, first, collecting network data by mobile agents of distributed intrusion detection systems, and the collected data are provided as inputs to the HMM, then HMM figures out the risk condition of the node, and at the same time updates the intrusion detection rules immediately. The method has improved the traditional intrusion detection system's performances, lowered the rate of false positives and the omission rate, and also has provided a more precise data collection and real-time data updating for real-time risk assessment based on HMM. This paper also constructs a model of a HMM-DIPS network, validates the feasibility of this system by carrying out experiments.4. Most traditional assessment methods are static, and they would expect risk to stay at the most critical security state. It goes against reflecting the security state of current network immediately and dynamically. Based on the HMM-DIPS, this paper proposes a real-time risk assessment method based on HMM. When the critical degree of real-time risk changes, the risk assessment method can immediately reflect the risk rank of the current network and the host, and at the same time can also forecast future risk condition. The real-time risk assessment method based on HMM has fairly strong adaptability and expansibility, so it can apply to risk assessment of the network, hosts, systems and services.