北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2010, Vol. 33 ›› Issue (6): 121-124.doi: 10.13190/jbupt.201006.121.longm

• 研究报告 • 上一篇    下一篇

节点相关的隐马尔可夫模型的网络安全评估

龙门1,夏靖波1,张子阳2,郭戎潇1   

  1. 1.空军工程大学 电讯工程学院, 西安 710077; 2. 空军工程大学 工程学院, 西安 710038
  • 收稿日期:2009-12-29 修回日期:2010-05-12 出版日期:2010-12-28 发布日期:2011-01-07
  • 通讯作者: 龙门 E-mail:betty506@tom.com
  • 基金资助:

    陕西省自然科学基金项目(2009JM80011); 军队武器装备科研项目

Network Security Assessment Based on Node Correlated HMM

  • Received:2009-12-29 Revised:2010-05-12 Online:2010-12-28 Published:2011-01-07

摘要:

针对基于隐马尔可夫(HMM)的网络风险评估中未考虑网络节点相关性的问题,结合图论,建立节点关联(NNC)状态转换矩阵,以入侵告警值(IDS)为输入,用改进的HMM模型计算出攻击路径.通过模型能进一步得到任意长度攻击序列的攻击成功率.实验结果证明,该方法简捷有效,有利于发现网络节点的脆弱性,掌握网络安全状况.

关键词: 隐马尔可夫模型, 网络节点关联性, 图论, 网络安全

Abstract:

Aimed at the problem that the node correlation in network is not considered in hidden Markov model (HMM) network risk assessment, combining graph theory model, the network node correlation (NNC) state transition matrix is built. With the intrusion defective system(IDS) alert as input, using modified HMM model the attacking route is figured out. Furthermore, the successful probability of any attacking sequence with any length can be got as well. The method can help to find vulnerabilities of network nodes, and reflect network risk well. Experiment demonstrates the validity of it. 

Key words: hidden Markov model, network node correlation, graph theory, network security