Improved method of situation assessment method based on hidden Markov model

doi:10.11772/j.issn.1001-9081.2017.05.1331

Journal of Computer Applications ›› 2017, Vol. 37 ›› Issue (5): 1331-1334.DOI: 10.11772/j.issn.1001-9081.2017.05.1331

Previous Articles Next Articles

Improved method of situation assessment method based on hidden Markov model

LI Fangwei, LI Qi, ZHU Jiang

Chongqing Key Laboratory of Mobile Communications Technology(Chongqing University of Posts and Telecommunications), Chongqing 400065, China

Received:2016-11-01 Revised:2016-12-05 Online:2017-05-10 Published:2017-05-16
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61271260), the Natural Science Foundation of Chongqing Science and Technology Commission (cstc2015jcyjA40050).

改进的基于隐马尔可夫模型的态势评估方法

李方伟, 李骐, 朱江

重庆市移动通信重点实验室(重庆邮电大学), 重庆 400065

通讯作者: 李骐
作者简介:李方伟(1960-),男,重庆人,教授,博士,主要研究方向:移动通信技术与理论、信息安全;李骐(1990-),男,湖北武汉人,硕士研究生,主要研究方向:网络安全态势感知;朱江(1977-),男,湖北荆州人,副教授,博士,主要研究方向:通信理论与技术、信息安全。
基金资助:
国家自然科学基金资助项目（61271260）；重庆市科委自然科学基金项目（cstc2015jcyjA40050）。

Abstract

Abstract: Concerning the problem that the Hidden Markov Model (HMM) parameters are difficult to configure, an improved method of situation assessment based on HMM was proposed to reflect the security of the network. The proposed method used the output of intrusion detection system as input, classified the alarm events by Snort manual to get the observation sequence, and established the HMM model, the improved Simulated Annealing (SA) algorithm combined with the Baum_Welch (BW) algorithm to optimize the HMM parameters, and used the method of quantitative analysis to get the security situational value of the network. The experimental results show that the proposed method can improve the accuracy and convergence speed of the model.

Key words: network security, Hidden Markov Model (HMM), parameter optimization, Simulated Annealing (SA) algorithm, situation assessment

摘要： 针对隐马尔可夫模型（HMM）参数难以配置的问题，提出一种改进的基于隐马尔可夫模型的态势评估方法，更加准确地反映网络的安全态势。所提方法以入侵检测系统的输出作为输入，根据Snort手册将报警事件分类，得到观测序列，建立HMM，将改进的模拟退火（SA）算法与Bauw_Welch（BW）算法相结合对HMM参数进行优化，使用量化分析的方法得到网络的安全态势值。实验结果表明，所提方法能较好地提升模型的精度与收敛速度。

关键词: 网络安全, 隐马尔可夫模型, 参数优化, 模拟退火算法, 态势评估

CLC Number:

TP393.08

LI Fangwei, LI Qi, ZHU Jiang. Improved method of situation assessment method based on hidden Markov model[J]. Journal of Computer Applications, 2017, 37(5): 1331-1334.

李方伟, 李骐, 朱江. 改进的基于隐马尔可夫模型的态势评估方法[J]. 计算机应用, 2017, 37(5): 1331-1334.

References

[1] ENDSLEY M R. Situation Awareness Global Assessment Technique (SAGAT)[C]//Proceedings of the IEEE 1988 National Aerospace and Electronics Conference. Piscataway, NJ:IEEE, 1988:789-795.
[2] BASS T. Intrusion detection systems & multisensor data fusion:creating cyberspace situational awareness[J]. Communications of the ACM, 1999, 43(4):99-105.
[3] 陈秀真, 郑庆华, 管晓宏,等. 层次化网络安全威胁态势量化评估方法[J]. 软件学报, 2006, 17(4):885-897.(CHEN X Z, ZHENG Q H, GUANG X H, et al. Quantitative hierarchical threat evaluation model for network security[J]. Journal of Software, 2006, 17(4):885-897.)
[4] 李伟生, 王宝树. 基于贝叶斯网络的态势评估[J]. 系统工程与电子技术, 2003, 25(4):480-483.(LI W S, WANG B S. Situation assessment based on Bayesian networks[J]. Systems Engineering and Electronics,2003,25(4):480-483.)
[5] RAHNAVARD G, NAJJAR M S A, TAHERIFAR S. A method to evaluate Web services anomaly detection using hidden Markov models[C]//Proceedings of the 2010 International Conference on Computer Applications and Industrial Electronics. Piscataway, NJ:IEEE, 2010:261-265.
[6] RNES A, VALEUR F, VIGNA G, et al. Using hidden Markov models to evaluate the risks of intrusions[C]//Proceedings of the 9th International Conference on Recent Advances in Intrusion Detection. Berlin:Springer-Verlag, 2006:145-164.
[7] 邓聚龙. 灰预测与灰决策:灰色预测与决策[M]. 武汉:华中科技大学出版社, 2002:173-212.(DENG J L. Gray Prediction and Gray Decision:Gray Prediction and Gray Decision[M]. Wuhan:Huazhong University of Science and Technology Press, 2002:173-212.)
[8] BOX G E P, JENKINS G M, REINSEL G C. Time Series Analysis[M]. 4th ed. Hoboken, NJ:John Wiley & Sons, 2013:137-191.
[9] DUGAD R, DESAI U B. A tutorial on hidden Markov models[J]. Proceedings of the IEEE:Applications in Speech Recognition, 2000, 77(2):25-286.
[10] 周东清, 张海锋, 张绍武,等. 基于HMM的分布式拒绝服务攻击检测方法[J]. Journal of Computer Research & Development, 2005, 42(9):1594-1599.(ZHOU D Q,ZHANG H F,ZHANG S W, et al. A DDoS attack detection method based on hidden Markov model[J]. Journal of Computer Research & Development, 2005, 42(9):1594-1599.)
[11] JUANG B H, RABINER L R. A probabilistic distance measure for hidden Markov models[J]. AT&T Technical Journal, 1985, 64(2):391-408.
[12] 康立山,谢云,尤矢勇,等. 非数值并行算法-模拟退火算法[M].北京:科学出版社,1994:56-59.(KANG L S,XIE Y,YOU S Y, et al. Numerical Parallel Algorithm-Simulated Annealing Algorithm[M].Beijing:Science Press, 1994:56-59.)
[13] ROESCH M, GREEN C. Snort users manual[EB/OL].[2016-05-20].http://manual.snort.org/snort_manual.htlm
[14] 李晓芳, 姚远. 入侵检测工具Snort的研究与使用[J]. 计算机应用与软件, 2006, 23(3):123-124.(LI X F,YAO Y. Master and use Snort tools for intrusion detection[J]. Computer Applications and Software, 2006, 23(3):123-124.)

[1]	WANG Yue, JIANG Yiming, LAN Julong. Intrusion detection based on improved triplet network and K-nearest neighbor algorithm [J]. Journal of Computer Applications, 2021, 41(7): 1996-2002.
[2]	ZHANG Quanlong, WANG Huaibin. Intrusion detection model based on combination of dilated convolution and gated recurrent unit [J]. Journal of Computer Applications, 2021, 41(5): 1372-1377.
[3]	TANG Yanqiang, LI Chenghai, SONG Yafei. Network security situation prediction based on improved particle swarm optimization and extreme learning machine [J]. Journal of Computer Applications, 2021, 41(3): 768-773.
[4]	HANG Mengxin, CHEN Wei, ZHANG Renjie. Abnormal flow detection based on improved one-dimensional convolutional neural network [J]. Journal of Computer Applications, 2021, 41(2): 433-440.
[5]	FAN Xiaomao, XIONG Honglin, ZHAO Gansen. Cleaning scheduling model with constraints and its solution [J]. Journal of Computer Applications, 2021, 41(2): 577-582.
[6]	CHENG Xiaohui, NIU Tong, WANG Yanjun. Wireless sensor network intrusion detection system based on sequence model [J]. Journal of Computer Applications, 2020, 40(6): 1680-1684.
[7]	HUO Weigang, WANG Huifang. Time series anomaly detection method based on autoencoder and HMM [J]. Journal of Computer Applications, 2020, 40(5): 1329-1334.
[8]	ZHU Jie, ZHANG Wenyi, XUE Fei. Storage location assignment optimization of stereoscopic warehouse based on genetic simulated annealing algorithm [J]. Journal of Computer Applications, 2020, 40(1): 284-291.
[9]	CHI Yaping, MO Chongwei, YANG Yintan, CHEN Chunxia. Design and implementation of intrusion detection model for software defined network architecture [J]. Journal of Computer Applications, 2020, 40(1): 116-122.
[10]	LI Yunshu, TENG Fei, LI Tianrui. Microoperation-based parameter auto-optimization method of Hadoop [J]. Journal of Computer Applications, 2019, 39(6): 1589-1594.
[11]	WANG Jiaxin, FENG Yi, YOU Rui. Network security measurment based on dependency relationship graph and common vulnerability scoring system [J]. Journal of Computer Applications, 2019, 39(6): 1719-1727.
[12]	WANG Jince, DENG Yueping, SHI Ming, ZHOU Yunfei. Time series trend prediction at multiple time scales [J]. Journal of Computer Applications, 2019, 39(4): 1046-1052.
[13]	JIN Tao, DONG Xiucheng, LI Yining, REN Lei, FAN Peipei. Optimization of fractional PID controller parameters based on improved PSO algorithm [J]. Journal of Computer Applications, 2019, 39(3): 796-801.
[14]	YANG Shiqiang, LUO Xiaoyu, QIAO Dan, LIU Peilei, LI Dexin. Continuous action segmentation and recognition based on sliding window and dynamic programming [J]. Journal of Computer Applications, 2019, 39(2): 348-353.
[15]	DU Junxiong, CHEN Wei, LI Xueyan. Contextual authentication method based on device fingerprint of Internet of Things [J]. Journal of Computer Applications, 2019, 39(2): 464-469.

Improved method of situation assessment method based on hidden Markov model

改进的基于隐马尔可夫模型的态势评估方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics