基于改进隐马尔可夫模型的网络安全态势评估方法

网络安全态势感知作为网络安全防护措施的有效补充,是近年来的研究热点之一,而准确地评估网络安全状态已成为网络安全领域的一个重要课题。隐马尔可夫模型(Hidden Markov Model,HMM)可用于网络安全态势评估,能实时评估网络状态,但其存在模型参数难以配置、评估准确率较低等问题。因此,文中提出了一种改进隐马尔可夫模型的态势评估方法,将模型Baum-Welch(BW)参数优化算法与人群搜索算法(Seeker Optimization Algorithm,SOA)相结合,利用SOA随机搜索能力强的特点,解决传统参数优化算法容易陷入局部最优解的问题,将优化后的参数代入HMM中,通过量化分析得出网络安全态势值。基于DARPA2000数据集采用MATLAB软件对提出的方法进行实验验证,结果表明,与BW算法相比,所提方法能够提高模型准确率,对网络安全态势的量化更加合理。

Network Security Situation Assessment Method Based on Improved Hidden Markov Model

Cyber security situation awareness,as an effective supplement in cyber security protection measures,is one of the research focus in recent years.In particular,network security situation assessment has become an important research topic in the field of network security.Hidden Markov Model(HMM)can be used in network security situation assessment,which can evalua-te network status in real time,but there are problems such as difficult to configure model parameters and low evaluation accuracy.Therefore,this paper proposes a situation assessment method for improving the Hidden Markov Model,combining the Baum-Welch(BW)parameter optimization algorithm with the Seeker Optimization Algorithm(SOA).Taking advantage of the strong random search ability of SOA,the traditional parameter optimization algorithm is easy to fall into local optimal solution.The optimized parameters are substituted into the HMM,and the network security situation value is obtained through quantitative analysis.Based on the DARPA2000 dataset,this paper uses MATLAB software to verify the proposed method.The experimental results show that compared with BW algorithm,this method can improve the accuracy of the model,and it makes the quantification of the network security situation more reasonable.