A novel stochastic modeling method for network security situational awareness

Author

Liang, Y. ; Wang, H.Q. ; Cai, H.B. ; He, Y.J.

Author_Institution

Harbin Eng. Univ., Harbin

fYear

2008

fDate

3-5 June 2008

Firstpage

2422

Lastpage

2426

Abstract

Hidden Markov model (HMM) is used to model network security situational awareness (NSA). Distribution of abnormal behaviors in networked system and operational states of key network services are abstracted by Markov chains, modeling objects of the HMM´s dual stochastic processes are set up, and classic Baum-Welch algorithm is used to estimate the parameters of the established stochastic mathematical model, then the stochastic modeling for network security situational awareness based upon HMM is realized. The simulation experimental results in LAN show that the model can effectively analyze and validate network security situation, and it is a novel attempt in achieving network security situational awareness, which prompts the development of theoretical researches in the field of NSA at a certain degree.

Keywords

hidden Markov models; local area networks; telecommunication security; Baum-Welch algorithm; LAN; Markov chains; dual stochastic processes; hidden Markov model; network security situational awareness; stochastic mathematical model; stochastic modeling method; Computer science; Computer security; Hidden Markov models; Industrial electronics; Information security; Intrusion detection; Mathematical model; Stochastic processes; Stochastic systems; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Industrial Electronics and Applications, 2008. ICIEA 2008. 3rd IEEE Conference on

Conference_Location

Singapore

Print_ISBN

978-1-4244-1717-9

Electronic_ISBN

978-1-4244-1718-6

Type

conf

DOI

10.1109/ICIEA.2008.4582951

Filename

4582951