Title :
A Kind of Formal Modelling for Network Security Situational Awareness Based on HMM
Author :
Liang, Ying ; Wang, Huiqiang ; Pang, Yonggang
Author_Institution :
Harbin Eng. Univ., Harbin
Abstract :
Hidden Markov model (HMM) was introduced to model network security situational awareness (NSSA). The model was built from a novel perspective, both the distributions of anomaly behaviour and operational states of main network services were abstracted by Markov chain, modelling objects of HMM´s dual stochastic process were constructed, classic Baum-Welch algorithm was used to estimate the parameters of the established mathematical model, and then the formal model for network security situational awareness based on HMM was constructed. Simulation experiments were done in local area network (LAN), and the obtained experimental results showed that the model could achieve quantitative descriptions for attacks and their impacts on security more precisely and effectively than the existing solutions, which helps to realize quantitative awareness for network security situation.
Keywords :
hidden Markov models; local area networks; telecommunication security; Baum-Welch algorithm; Markov chain; formal modelling; hidden Markov model; local area network; mathematical model; network security; network service; parameter estimation; situational awareness; stochastic process; Availability; Computer security; Hidden Markov models; Information analysis; Information security; Local area networks; Mathematical model; Network servers; Stochastic processes; Visualization; HMM; anomaly behavior; network security; network service; situational awareness;
Conference_Titel :
Web-Age Information Management, 2008. WAIM '08. The Ninth International Conference on
Conference_Location :
Zhangjiajie Hunan
Print_ISBN :
978-0-7695-3185-4
Electronic_ISBN :
978-0-7695-3185-4
DOI :
10.1109/WAIM.2008.83
