摘要
在网络安全态势评估中,各种传感器报警数据多样且复杂,评估的经验知识和先验概率难以获取,使得准确分析和评估网络安全态势十分困难.针对上述问题,对安全传感器采集到的数据建立隐马尔可夫模型,将难以解决的多源异构数据统一融合问题转化为计算联合概率的问题.利用前向算法特点,近似计算出联合概率,避免了直接计算先验概率的困难,并引入联合信息熵来描述网络安全态势.实验验证了该方法的有效性,与基于概率的态势评估方法相比,该方法能更清晰地说明网络安全状态的稳定程度及趋势.
Since the altering data sent by different network sensors was diverse and complex, and the experience knowledge and the pri- or probability of the certain network security assessment instance were difficult to be archived,it was difficult to accurately analyze and assess the network security situation. Based on a special Hidden Markov Model( HMM ), the problem of how to fuse the heterogene- ous altering data was turned into a joint probability computing problem, and a joint information entropy was used to represent network security situation. The joint probability was approximately computed basing on a property of the forward algorithm. The difficulty of obtaining prior probability was avoided by directly computing joint probability. The experimental results showed that the proposed assessing method using the joint probability was effective, and illustrated the steady degree and trend of network secure state more distincflv than other probabilitv based situation assessment methods.
出处
《小型微型计算机系统》
CSCD
北大核心
2015年第8期1784-1788,共5页
Journal of Chinese Computer Systems
基金
国家自然联合基金项目(U1304606)资助
河南省科技攻关项目(132102310284)资助
郑州市科技攻关项目(2010GYXM421)资助
关键词
网络安全
态势评估
数据融合
隐马尔科夫模型
信息熵
network security
situation assessment
data fusion
hidden markov model
information entropy
