Research On Real-Time Risk Assessment Methods For Information Systems Based On Hidden Markov Models

With the rapid development of computer networks, more and more companies and government departments offer services and run business through information systems, information systems security become a hot issue. Risk assessment can implement safety management effectively and find the focus point of security problems in different periods and environments. The assessment result can help strengthen the safety management of the system. Therefore, to ensure system safety, it is important to conduct risk assessment to the information systems. However, most of existing risk assessment methods are static methods. A few dynamic methods are limited to external factors and ignore internal factors, such as security configurations failure, artificial improper operation, system upgrades, etc.Here we introduce a real‐time method to network risk assessment that takes both external and internal factors into consideration. First, we apply intrusion detection system and configuration verification system to detect external and internal threats respectively. Then, to speculate system changes, a matrix that combines external and internal threats is added to hidden Markov models. Finally, new state transition probability matrixes are automatically generated based on the changes, which remedies the deficiency of static transition matrix in the original models.Meanwhile, we designed and developed real‐time information security risk assessment system based on the mentioned algorithm. In the system, we introduce the Snort intrusion detection system to monitor external attacks and design configuration verification system based on the information security protection standard to check internal configurations of hosts. Subsequently, we transfer the external and internal threats data to the main system. According to the assessment algorithm the main system calculates the real‐time value‐at‐risk and actively analyzes the external and internal threats, providing effective corrective recommendations reports.This dynamic real‐time assessment method can evaluate network information systems in a simple, effective and comprehensive way. And at the same time, it can analyze threats and security situations of information systems comprehensively and quantitatively. The experimental results show that the improved algorithm can improve the accuracy and reliability of the assessment results, and also promote the safety level of information systems to some extent.