Network Security Assessment Based on Node Correlated HMM

doi:10.13190/jbupt.201006.121.longm

JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM ›› 2010, Vol. 33 ›› Issue (6): 121-124.doi: 10.13190/jbupt.201006.121.longm

• Reports • Previous Articles Next Articles

Network Security Assessment Based on Node Correlated HMM

Received:2009-12-29 Revised:2010-05-12 Online:2010-12-28 Published:2011-01-07

Abstract

Abstract:

Aimed at the problem that the node correlation in network is not considered in hidden Markov model (HMM) network risk assessment, combining graph theory model, the network node correlation (NNC) state transition matrix is built. With the intrusion defective system(IDS) alert as input, using modified HMM model the attacking route is figured out. Furthermore, the successful probability of any attacking sequence with any length can be got as well. The method can help to find vulnerabilities of network nodes, and reflect network risk well. Experiment demonstrates the validity of it. 

Key words: hidden Markov model, network node correlation, graph theory, network security

References

[1] Arnes A, Valeur F. Using hidden Markov models to evaluate the risk of intrusions//Proceedings of the RAID’06. Hamburg: , 2006: 145-164.
[2] Gao F, Sun J, Wei Z. The prediction role of hidden Markov model in intrusion detection[J]. Electrical and Computer Engineering, 2003(2): 893-896.
[3] Haslum Kjetil, Arnes A. Multisensor real time risk assessment using continuous time hidden Markov models//Proceedings of the International Conference on Computational Intelligence and Security (CIS). Guangzhou: , 2006: 694-703.
[4] Dirk Ourston, Sam Matzner, William Stump, et al. Applications of hidden Markov models to detecting multi-stage network attacks//Proceedings of the 36^th HawaiiInternational Conference on System Sciences. Hawaii: , 2003: 1-10.
[5] 李伟明, 雷杰, 董静, 等. 一种优化的实时网络安全风险量化方法[J]. 计算机学报, 2009, 32(4): 793-804. Li Weiming, Lei Jie, Dong Jing, et al. An optimized method for real time network security quantification[J]. Chinese Journal of Computers, 2009, 32(4): 793-804.
[6] 孙宏伟, 田新广, 邹涛, 等. 基于隐马尔可夫模型的IDS程序行为异常检测[J]. 国防科技大学学报, 2003, 25(5): 63-67. Sun Hongwei, Tian Xinguang, Zou Tao, et al. Anomaly detection of the program behaviors for IDS based on hidden Markov models[J]. Journal of National University of Defense Technology, 2003, 25(5): 63-67.
[7] 张永铮, 方滨兴, 迟悦, 等. 网络风险评估中网络节点关联性的研究[J]. 计算机学报, 2007, 30(2): 234-240. Zhang Yongzheng, Fang Binxing, Chi Yue, et al. Research on network node correlation in network risk assessment[J]. Chinese Journal of Computers, 2007, 30(2): 234-240.
[8] 陈天平, 乔向东, 郑连清, 等. 图论在网络安全威胁态势分析中的应用[J]. 北京邮电大学学报, 2009, 32(1): 113-117. Chen Tianping, Qiao Xiangdong, Zheng Lianqing, et al. Application of graph theory in threat situation analysis of network security[J]. Journal of Beijing University of Posts and Telecommunications, 2009, 32(1): 113-117.

[1]	SHI Zicheng, LI Xin, TANG Ying, HUANG Shanguo. Optical Packet Filtering System Based on All-Optical Pattern Matching [J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(3): 96-101.
[2]	YANG Hongyu, YUAN Haihang, ZHANG Liang. A Risk Assessment Method of Network Host Node with Host Importance [J]. Journal of Beijing University of Posts and Telecommunications, 2022, 45(2): 16-21.
[3]	WANG Lei. Consistency Checking Between UML Models and Code Based on Graph Theory and FSM [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2019, 42(4): 70-75.
[4]	TANG Hong-wei, FENG Sheng-zhong, ZHAO Xiao-fang. TOChain: a High-Performance SFC for Virtual Network Security [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2018, 41(1): 70-80.
[5]	RAO Zhi-hong, XU Rui, LIU Fang, YANG Chun-liang, FANG En-bo. A Method of Predicting Multi-Step Attacks Based on Improved HMM Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2017, 40(s1): 15-19.
[6]	LI Xu, BAO Jing-jing, LIU Ying. Formation Security: Black Hole Problem [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2016, 39(1): 12-17.
[7]	BAI Yuan, WANG Qian, JIA Qi-lan, ZHANG Hui-bing. An Efficient and Secured AKA for EPS Networks [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(s1): 10-14.
[8]	LIU Jing, GU Li-ze, Niu Xin-xin, YANG Yi-xian, LI Zhong-xian. Network Security Events Analyze Method Based on Neural Networks and Genetic Algorithm [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2015, 38(2): 50-54.
[9]	FU Yu, CHEN Yong-qiang, WU Xiao-ping, SONG Yan. Network Attack-Defense Strategies Selection Based on Stochastic Game Model [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(s1): 35-39.
[10]	XU Meng-meng, YANG Qing-hai. Topology Design under the Constraint of Local Information [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(s1): 87-91.
[11]	CHEN Yong-qiang, WU Xiao-ping, FU Yu, SONG Yan. Network Security Evaluation Based on Stochastic Game and Network Entropy [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2014, 37(s1): 92-96.
[12]	. Network Security Analysis Based on Host-Security-Group [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2012, 35(1): 19-23.
[13]	QIN Hua-Wang Yue-Wei DAI Zhi-Quan WANG. Security Situation Evaluation of Intrusion Tolerant System [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(2): 57-61.
[14]	CHEH Tian-Ping. Application of Graph Theory in Threat Situation Analysis of Network Security [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2009, 32(1): 113-117.
[15]	XIN Yang, GAO Xue-song, GAO Cheng, YANG Yi-xian . Design of Safety System to Improve the Qualitative Performance of SSL Protocol [J]. JOURNAL OF BEIJING UNIVERSITY OF POSTS AND TELECOM, 2007, 30(6): 89-93.

Network Security Assessment Based on Node Correlated HMM

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

Comments