Research On Network Security Situation Assessment And Prediction Method Based On Hidden Markov Model And IFOA_SVR

With the development of the Internet,the network environment is becoming more and more complex,and network security issues are becoming more and more serious.Traditional passive network security technology can no longer meet people's current security needs.In this context,network security situational awareness has emerged.Network security situational awareness technology transforms traditional passive security into active security,and transforms analyzing unilateral elements into analyzing the overall security situation of the network.As the key technology for network security situational awareness,network security situation assessment and prediction can assess and predict network security status at the overall level.It can help a network security manager to understand the overall security status changes of the network and take preventive measures in advance when predicting dangerous status,which has important research significance.This paper mainly studies the technologies of network security situation assessment and prediction,and proposes an improved model and algorithm to improve the accuracy of situation assessment and prediction results.Specific research contents are as follows:(1)Network security situation assessment.Aiming at the problem that the situation assessment method based on hidden Markov model is sensitive to initial values and can easily fall into a local optimum during parameter training,which causes the assessment result to not be accurate enough,a security situation assessment method based on improved hidden Markov model is proposed.Firstly,based on the pre-processing of the collected alarm events,combined with asset information and vulnerability information,the alarm threat degree calculation method is used to measure the threat degree of the alarm event,which is regarded as the observation sequence of the model.Then,in the improved parameter training phase,the simulated annealing algorithm is combined with the Baum_Welch algorithm used for training parameters in the traditional hidden Markov model to optimize the model parameters,which solves the problem that parameter training can easily fall into a local optimal solution.Finally,the quantitative analysis method is used to evaluate the host and network security situation values.The comparison experiments in a small network environment show that the method can more accurately reflect the changes of a network security situation and provide a reliable data source for situation prediction.(2)Network security situation prediction.Aiming at the problem that the security situation prediction method based on Support Vector Regression(SVR)is random and blind,which causes the accuracy of prediction results to not be sufficiently high,a security situation prediction method based on IFOA_SVR is proposed.Fruit Fly Optimization Algorithm(FOA)is an excellent swarm intelligence optimization algorithm,but the fixed step size of the algorithm limits its optimization ability to a certain degree.Therefore,the Improved Fruit Fly Optimization Algorithm(IFOA)with a dynamic search step size is proposed in this paper to achieve dynamic balance between global and local search abilities,and to improve the convergence accuracy and speed of the algorithm.In the prediction method,the IFOA is used to optimize the penalty coefficient C in the SVR algorithm and the parameters g of the RBF kernel function,thereby avoiding the blindness of parameter selection.The comparison experiment based on the network security situation sequence values obtained from the assessment method shows that the method improves the prediction accuracy of network security situation.