A Kind of Formal Modelling for Network Security Situational Awareness Based on HMM

Author

Liang, Ying ; Wang, Huiqiang ; Pang, Yonggang

Author_Institution

Harbin Eng. Univ., Harbin

fYear

2008

fDate

20-22 July 2008

Firstpage

598

Lastpage

605

Abstract

Hidden Markov model (HMM) was introduced to model network security situational awareness (NSSA). The model was built from a novel perspective, both the distributions of anomaly behaviour and operational states of main network services were abstracted by Markov chain, modelling objects of HMM´s dual stochastic process were constructed, classic Baum-Welch algorithm was used to estimate the parameters of the established mathematical model, and then the formal model for network security situational awareness based on HMM was constructed. Simulation experiments were done in local area network (LAN), and the obtained experimental results showed that the model could achieve quantitative descriptions for attacks and their impacts on security more precisely and effectively than the existing solutions, which helps to realize quantitative awareness for network security situation.

Keywords

hidden Markov models; local area networks; telecommunication security; Baum-Welch algorithm; Markov chain; formal modelling; hidden Markov model; local area network; mathematical model; network security; network service; parameter estimation; situational awareness; stochastic process; Availability; Computer security; Hidden Markov models; Information analysis; Information security; Local area networks; Mathematical model; Network servers; Stochastic processes; Visualization; HMM; anomaly behavior; network security; network service; situational awareness;

fLanguage

English

Publisher

ieee

Conference_Titel

Web-Age Information Management, 2008. WAIM '08. The Ninth International Conference on

Conference_Location

Zhangjiajie Hunan

Print_ISBN

978-0-7695-3185-4

Electronic_ISBN

978-0-7695-3185-4

Type

conf

DOI

10.1109/WAIM.2008.83

Filename

4597072