Research On Network Security Situation Assessment Mechanism Based On Hidden Markov Model

With the emerging of the Internet era,network provides a convenient life style in many aspects.However,the network security issues have increased gradually in the same time.Faced with various and complex attacks,Network Security Situation Awareness(NSSA)is proposed which offers an efficient solution to integrate each parts of the security information together.It can assess the network security situation in an overall view and predict the future security state in advance.With the aim of assessing network security situation,and predicting the evolution trend of network security more accurately,we construct the evaluation model based on the network resources and a hidden Markov model is constructed under the support of relationship between the security information and security state,and the network security situation can be evaluated accordingly.Then,the hidden Markov mode and support vector machine are combined to predict the changing of network security situation.The research contents mainly focus on three aspects as follows.(1)The assessment model of network security situation based on resources category is conducted.The existing assessment models do not establish different evaluation indicators for different resources.As a result,these models are not strong enough in the pertinence,and the evaluation results tend to gentle.Therefore,we construct assessment model of network security situation based on resources category and the actual resources in the network are classified where the security factors can be acquired from.According to these security factors,the hidden Markov model is established and we assess the security situation by the model.Meanwhile,the hidden Markov model is fused with regression model of support vector machine and the dual prediction model of NSSA is proposed which can be regarded as a theory foundation for successive research.(2)A network security situation assessment method based on continuous states hidden Markov model is discussed.The subjectivity and the dispersal of probability distribution are critical issues in the process of constructing a hidden Markov model.In addition,the threat evaluation is not prominent and trends to gentle are also challenging topics to be faced with.According to what mentioned above,we put forward an evaluation method based on continuous states hidden Markov model according to the continuity of security information.This model can be regarded as an objective one and it can make the threat in the evaluation results more prominent comparing with other models.Furthermore,the fitness function is introduced into the model updating with the aim of decreasing the refresh rate and enhancing the adaptability at the same time.This model evaluates the network security situation accurately and it also provides a solid support to forecast the future situation in next step.(3)A dual prediction method is proposed which is characterized by the combination of hidden Markov model and support vector machine.In order to solve the problem of low precision and monotone method,we put forward a new prediction method based on hidden Markov model and support vector machine.Firstly,we utilize the hidden Markov model to predict the security level.Secondly,we build support vector machine models for different security levels according to evaluation results.Finally,we choose the model based on predict level result to forecast the future security situation,the method reduces the prediction range and improves the accuracy,and it also provides a new predictable management tool for network security.