Research On Network Security Situation Prediction Method Based On Multi-scale Entropy And Weighted Hidden Markov Model

Network security situational awareness is a reaction to the overall state of network security,it is a complex nonlinear systems,which provides a more comprehensive solution to the problem of network security.Situation prediction is an important part of network security situational awareness,it is not only a reflection of the overall trend of network security,but also the ultimate goal of situational awareness.Situation prediction is the core problem of situation awareness,but its research is not mature yet.Network security incidents are random and uncertain,and the existing forecasting methods and models are difficult to adapt to the complex network environment,thus limiting the development of situation prediction.Aiming at the problems mentioned above,the multi scale entropy model,the Hidden Markov Model and the weighted algorithm theory are introduced into the network security situation prediction,the forecasting model is combine a variety of methods.For the processing of raw data,use the algorithm of multiscale entropy,through the analysis of the alarm time series in different scale factor of sample,it can fully reflect the alarm sequence complexity scale data,and then bring the data into HMM algorithm for processing,it can obtain the different scale factor parameters of the model.On the other hand,in view of the existing methods,they cannot use the historical data rational,so this paper use the weighted autocorrelation coefficient,due to the HMM have independence output,so we assumption that the output is only related to the current state,which is the first order of the characteristics of the model.Multi-order autocorrelation coefficient reflects the impact of some historical data on the current output,according to the model parameters obtained in the above step,using normalized autocorrelation coefficient and the parameters of hidden Markov model to calculation the probability of the awareness,use the historical data to prediction the states in the future reasonable.For the two aspects of the work above,this paper proposes the prediction method of based on Multi-scale Entropy and Weighted Hidden Markov Model.Based on the prediction methods what we proposed above,the experiment of this paper use the DARPA2000 data set to verify,the results can be seen that this prediction method of the security situation can achieve good results.This method not only provide timely,accurate and prospective trend information for network security management,but also it give the new research ideas of network security situation prediction.