Network Security Situation Assessment Model Based on Extended Hidden Markov

Abstract

A network security situation assessment system based on the extended hidden Markov model is designed in this paper. Firstly, the standard hidden Markov model is expanded from five-tuple to seven-tuple, and two parameters of network defense efficiency and risk loss vector are added so that the model can describe network security situation more completely. Then, an initial algorithm of state transition matrix was defined, observation vectors were extracted from the fusion of various system security detection data, the network state transition matrix was created and modified by the observation vectors, and a solution procedure of the hidden state probability distribution sequence based on extended hidden Markov model was derived. Finally, a method of calculating risk loss vector according to the international definition was designed and the current network risk value was calculated by the hidden state probability distribution; then the global security situation was assessed. The experiment showed that the model satisfied practical applications and the assessment result is accurate and effective.