基于HMM和信息熵的网络安全态势评估方法
发布时间:2018-08-02 16:25
【摘要】:在网络安全态势评估中,各种传感器报警数据多样且复杂,评估的经验知识和先验概率难以获取,使得准确分析和评估网络安全态势十分困难.针对上述问题,对安全传感器采集到的数据建立隐马尔可夫模型,将难以解决的多源异构数据统一融合问题转化为计算联合概率的问题.利用前向算法特点,近似计算出联合概率,避免了直接计算先验概率的困难,并引入联合信息熵来描述网络安全态势.实验验证了该方法的有效性,与基于概率的态势评估方法相比,该方法能更清晰地说明网络安全状态的稳定程度及趋势.
[Abstract]:In the network security situation assessment, all kinds of sensor alarm data are diverse and complex, and the experience knowledge and prior probability of the evaluation are difficult to obtain, which makes it very difficult to accurately analyze and evaluate the network security situation. In view of the above problems, the hidden Markov model is established for the data collected by the security sensor, and the problem of unified fusion of multi-source and heterogeneous data is transformed into the problem of computing the joint probability. Based on the characteristics of forward algorithm, the joint probability is approximately calculated, which avoids the difficulty of directly calculating the prior probability, and the joint information entropy is introduced to describe the network security situation. Compared with the probability-based situation assessment method, this method can clearly explain the stability and trend of the network security state.
【作者单位】: 河南省计算机信息系统安全评估工程实验室;中原工学院计算机学院;信息工程大学;
【基金】:国家自然联合基金项目(U1304606)资助 河南省科技攻关项目(132102310284)资助 郑州市科技攻关项目(2010GYXM421)资助
【分类号】:TP393.08
[Abstract]:In the network security situation assessment, all kinds of sensor alarm data are diverse and complex, and the experience knowledge and prior probability of the evaluation are difficult to obtain, which makes it very difficult to accurately analyze and evaluate the network security situation. In view of the above problems, the hidden Markov model is established for the data collected by the security sensor, and the problem of unified fusion of multi-source and heterogeneous data is transformed into the problem of computing the joint probability. Based on the characteristics of forward algorithm, the joint probability is approximately calculated, which avoids the difficulty of directly calculating the prior probability, and the joint information entropy is introduced to describe the network security situation. Compared with the probability-based situation assessment method, this method can clearly explain the stability and trend of the network security state.
【作者单位】: 河南省计算机信息系统安全评估工程实验室;中原工学院计算机学院;信息工程大学;
【基金】:国家自然联合基金项目(U1304606)资助 河南省科技攻关项目(132102310284)资助 郑州市科技攻关项目(2010GYXM421)资助
【分类号】:TP393.08
【参考文献】
相关期刊论文 前5条
1 韦勇;连一峰;冯登国;;基于信息融合的网络安全态势评估模型[J];计算机研究与发展;2009年03期
2 贾焰;王晓伟;韩伟红;李爱平;程文聪;;YHSSAS:面向大规模网络的安全态势感知系统[J];计算机科学;2011年02期
3 刘炜;;网络安全态势估计的融合决策模型分析[J];计算机工程;2009年17期
4 陈秀真;郑庆华;管晓宏;林晨光;;层次化网络安全威胁态势量化评估方法[J];软件学报;2006年04期
5 龚正虎;卓莹;;网络态势感知研究[J];软件学报;2010年07期
【共引文献】
相关期刊论文 前10条
1 李宝s,
本文编号:2160008
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2160008.html
