论文部分内容阅读
在网络安全态势评估中,各种传感器报警数据多样且复杂,评估的经验知识和先验概率难以获取,使得准确分析和评估网络安全态势十分困难.针对上述问题,对安全传感器采集到的数据建立隐马尔可夫模型,将难以解决的多源异构数据统一融合问题转化为计算联合概率的问题.利用前向算法特点,近似计算出联合概率,避免了直接计算先验概率的困难,并引入联合信息熵来描述网络安全态势.实验验证了该方法的有效性,与基于概率的态势评估方法相比,该方法能更清晰地说明网络安全状态的稳定程度及趋势.
In the assessment of network security situation, the alarm data of various sensors are diverse and complex, and the empirical knowledge and prior probability of evaluation are difficult to obtain, which makes it very difficult to accurately analyze and evaluate the network security situation.Aiming at the above problems, the data collected by the safety sensors are established Hidden Markov Model, the difficult to solve the multi-source heterogeneous data fusion problem is converted to calculate the joint probability of the problem.Using the characteristics of the forward algorithm, the approximation to calculate the joint probability to avoid the direct calculation of the priori probability of difficulty and the introduction The joint information entropy is used to describe the network security situation, and the validity of this method is verified by experiments. Compared with the probability-based situation assessment method, this method can more clearly illustrate the stability and trend of the network security state.