基于隐马尔科夫模型的网络安全风险评估方法
|
摘要
为了能实时准确地评估网络安全风险,提出一种基于隐马尔科夫模型的网络安全风险评估方法。该方法基于隐马尔科夫模型对目标网络进行建模,通过节点的直接风险和相关性引起的间接风险来量化节点的安全风险;考虑节点在网络中的重要性程度,结合节点安全风险,量化目标网络的整体安全风险。通过实验对所提方法进行验证。实验结果表明:该方法能够对由节点相关性和节点重要性程度所带来的网络安全风险进行量化,使得网络安全风险评估结果更加准确、可信。与传统的网络安全风险评估方法相比,该方法能够更加及时地发现网络中的异常风险变化情况,为网络安全防御策略的及时调整提供依据。
A new network security risk assessment method based on hidden Markov model is proposed in order to accurately assess the network security risk in real time. The method is based on Hidden Markov model to model the target network. The security risk of node is quantified by direct risk and indirect risk caused by correlation of the node. Considering the importance of nodes in the network, the overall security risk of the target network is quantified on the basis of node security risk. The experimental results show that the method can quantify the network security risk caused by the correlation and importance of the node, which makes the network security risk assessment results more accurate and credible. Compared with traditional network security risk assessment methods, this method can detect abnormal risk changes in the work more timely,which can provide the basis for the timely adjustment of the network security defense strategy.
A new network security risk assessment method based on hidden Markov model is proposed in order to accurately assess the network security risk in real time. The method is based on Hidden Markov model to model the target network. The security risk of node is quantified by direct risk and indirect risk caused by correlation of the node. Considering the importance of nodes in the network, the overall security risk of the target network is quantified on the basis of node security risk. The experimental results show that the method can quantify the network security risk caused by the correlation and importance of the node, which makes the network security risk assessment results more accurate and credible. Compared with traditional network security risk assessment methods, this method can detect abnormal risk changes in the work more timely,which can provide the basis for the timely adjustment of the network security defense strategy.
引文
[1] 王帆.基于贝叶斯攻击图的网络安全风险评估方法研究[D].西安:西北大学,2018.WANG F.Research on Network Security Risk Assessment Method Based on Bayesian Attack Graph [D].Xi’an:Northwest University,2018.(in Chinese)
[2] 张利,彭建芬,杜宇鸽,等.信息安全风险评估的综合评估方法综述[J].清华大学学报(自然科学版),2012,52(10):1364-1369.ZHANG L,PENG J F,DU Y G,et al.Information Security Risk Assessment Survey [J].Journal of Tsinghua University (Science&Technology),2012,52(10):1364-1369.(in Chinese)
[3] LIU G,LI Q M,ZHANG H.Reliability Vector Orthogonal Projection Decomposition Method of Network Security Risk Assessment [J].Journal of Electronics & Information Technology,2012 34(8):1934-1938.
[4] 陈建莉.基于未确知数学的网络安全风险评估模型[J].空军工程大学学报(自然科学版),2014,15(2):91-94.CHEN J L.A Network Security Risk Assessment Model Based on Unascertained Mathematics [J].Journal of Air Force Engineering University (National Science Edition),2014,15(2):91-94.(in Chinese)
[5] 傅建新,黄联芬,姚彦.基于层次分析法-灰色聚类的无线网络安全风险评估方法[J].厦门大学学报(自然科学版),2010,49(5):622-626.FU J X,HUANG L F,YAO Y.Risk Evaluation of Wireless Network Security Based on AHP-Grey Clustering Method [J].Journal of Xiamen University (Natural Science),2010,49(5):622-626.(in Chinese)
[6] POOLSAPPASIT N,DEWRI R,RAY I.Dynamic Security Risk Management Using Bayesian Attack Graphs [J].IEEE Trans on Dependable and Secure Computing,2012,9(1):61-74.
[7] 龙门,夏靖波,张子阳,等.节点相关的隐马尔科夫模型的网络安全评估[J].北京邮电大学学报,2010,33(6):121-124.LONG M,XIA J B,ZHANG Z Y,et al.Network Security Assessment Based on Node Correlated HMM [J].Journal of Beijing University of Posts and Telecommunications,2010,33(6):121-124.(in Chinese)
[8] 吴建台,刘光杰,刘伟伟,等.一种基于关联分析和HMM的网络安全态势评估方法[J].计算机与现代化,2018(6):30-36.WU J T,LIU G J,LIU W W,et al.Cyber Security Situation Evaluation Method Based on Association Analysis and Hidden Markov Model [J].Computer and Modernization,2018(6):30-36.(in Chinese)
[9] 王笑,李千目,戚湧.一种基于马尔科夫模型的网络安全风险实时分析方法[J].计算机科学,2016,43(11A):338-341.WANG X,LI Q M,QI Y.Real Time Analysis Method of Network Security Risk Based on Markov Model [J].Computer Science,2016,43(11A):338-341.(in Chinese)
[10] 李伟明,雷杰,董静,等.一种优化的实时网络安全风险量化方法[J].计算机学报,2009,32(4):793-804.LI W M,LEI J,DONG J,et al.An Optimized Method for Real Time Network Security Quantification [J].Chinese Journal of Computers,2009,32(4):793-804.(in Chinese)
[11] 周未,张宏,李博涵.基于攻防状态图模型的网络风险评估方法[J].东南大学学报(自然科学版),2016,46(4):688-694.ZHOU W,ZHANG H,LI B H.Network Risk Assessment Method Based on Attack-Defense Graph Model [J].Journal of Southeast University (Natural Science Edition),2016,46(4):688-694.(in Chinese)
[12] 刘建峰,陈健.基于模糊博弈规则的网络节点入侵风险评估[J].计算机科学,2018,45(10):138-141.LIU J F,CHEN J.Evaluation of Network Node Invasion Risk Based on Fuzzy Game Rules [J].Computer Science,2018,45(10):138-141.(in Chinese)
[13] 刘刚.网络安全风险评估、控制和预测技术研究[D].南京:南京理工大学,2014.LIU G.Research on Network Security Risk Assessment Control and Prediction Technology [D].Nanjing:Nanjing University of Science &Technology,2014.(in Chinese)
[14] 葛海慧,肖达,陈天平,等.基于动态关联分析的网络安全风险评估方法[J].电子与信息学报,2013,35(11):2630-2636.GE H H,XIAO D,CHEN T P,et al.Quantitative Evaluation Approach for Real-Time Risk Based on Attack Event Correlating [J].Journal of Electronics & Information Technology,2013,35(11):2630-2636.(in Chinese)
[15] SEN A,MADRIA S.Risk Assessment in a Sensor Cloud Framework Using Attack Graphs [J].IEEE Transactions on Services Computing,2017,10(6):942-955.
[16] 张永铮,方滨兴,迟悦,等.网络风险评估中网络节点关联性的研究[J].计算机学报,2007,30(2):234-240.ZHANG Y Z,FANG B X,CHI Y,et al.Research on Network Node Correlation in Network Risk Assessment,2007,30(2):234-240.(in Chinese)
[17] 陈天平,孟相如,崔文岩,等.基于网络可生存性态势感知的主动服务漂移模型[J].空军工程大学学报(自然科学版),2015,16(6):64-68.CHEN T P,MENG X R,CUI W Y,et al.A Proactive Service Migration Model Based on Network Survivability Situation Awareness [J].Journal of Air Force Engineering University (National Science Edition),2015,16(6):64-68.(in Chinese)
[18] 刘玉岭,冯登国,连一峰,等.基于时空维度分析的网络安全态势预测方法[J].计算机研究与发展,2014,51(8):1681-1694.LIU Y L,FENG D G,LIAN Y F,et al.Network Situation Prediction Method Based on Spatial-Time Dimension Analysis [J].Journal of Computer Research and Development,2014,51(8):1681-1694.(in Chinese)
[19] 陈天平,许世军,张串绒,等.基于攻击检测的网络安全风险评估方法[J].计算机科学,2010,37(9):94-96.CHEN T P,XU S J,ZHANG C R,et al.Risk Assessment Method for Network Security Based on Intrusion Detection System [J].Computer Science,2010,37(9):94-96.(in Chinese)
[20] 席荣荣,云晓春,张永铮,等.一种改进的网络安全态势量化评估方法[J].计算机学报,2015,38(4):749-758.XI R R,YUN X C,ZHANG Y Z,et al.An Improved Quantitative Evaluation Method for Network Security [J].Chinese Journal of Computers,2015,38(4):749-758.(in Chinese)
[21] ?RNES A,VALEUR F,VIGNA G,et al.Using Hidden Markov Models to Evaluate the Risks of Intrusions [C]//Proceedings of the Recent Advances in Intrusion Detection.Hamburg:Springer,2006:145-164.
[2] 张利,彭建芬,杜宇鸽,等.信息安全风险评估的综合评估方法综述[J].清华大学学报(自然科学版),2012,52(10):1364-1369.ZHANG L,PENG J F,DU Y G,et al.Information Security Risk Assessment Survey [J].Journal of Tsinghua University (Science&Technology),2012,52(10):1364-1369.(in Chinese)
[3] LIU G,LI Q M,ZHANG H.Reliability Vector Orthogonal Projection Decomposition Method of Network Security Risk Assessment [J].Journal of Electronics & Information Technology,2012 34(8):1934-1938.
[4] 陈建莉.基于未确知数学的网络安全风险评估模型[J].空军工程大学学报(自然科学版),2014,15(2):91-94.CHEN J L.A Network Security Risk Assessment Model Based on Unascertained Mathematics [J].Journal of Air Force Engineering University (National Science Edition),2014,15(2):91-94.(in Chinese)
[5] 傅建新,黄联芬,姚彦.基于层次分析法-灰色聚类的无线网络安全风险评估方法[J].厦门大学学报(自然科学版),2010,49(5):622-626.FU J X,HUANG L F,YAO Y.Risk Evaluation of Wireless Network Security Based on AHP-Grey Clustering Method [J].Journal of Xiamen University (Natural Science),2010,49(5):622-626.(in Chinese)
[6] POOLSAPPASIT N,DEWRI R,RAY I.Dynamic Security Risk Management Using Bayesian Attack Graphs [J].IEEE Trans on Dependable and Secure Computing,2012,9(1):61-74.
[7] 龙门,夏靖波,张子阳,等.节点相关的隐马尔科夫模型的网络安全评估[J].北京邮电大学学报,2010,33(6):121-124.LONG M,XIA J B,ZHANG Z Y,et al.Network Security Assessment Based on Node Correlated HMM [J].Journal of Beijing University of Posts and Telecommunications,2010,33(6):121-124.(in Chinese)
[8] 吴建台,刘光杰,刘伟伟,等.一种基于关联分析和HMM的网络安全态势评估方法[J].计算机与现代化,2018(6):30-36.WU J T,LIU G J,LIU W W,et al.Cyber Security Situation Evaluation Method Based on Association Analysis and Hidden Markov Model [J].Computer and Modernization,2018(6):30-36.(in Chinese)
[9] 王笑,李千目,戚湧.一种基于马尔科夫模型的网络安全风险实时分析方法[J].计算机科学,2016,43(11A):338-341.WANG X,LI Q M,QI Y.Real Time Analysis Method of Network Security Risk Based on Markov Model [J].Computer Science,2016,43(11A):338-341.(in Chinese)
[10] 李伟明,雷杰,董静,等.一种优化的实时网络安全风险量化方法[J].计算机学报,2009,32(4):793-804.LI W M,LEI J,DONG J,et al.An Optimized Method for Real Time Network Security Quantification [J].Chinese Journal of Computers,2009,32(4):793-804.(in Chinese)
[11] 周未,张宏,李博涵.基于攻防状态图模型的网络风险评估方法[J].东南大学学报(自然科学版),2016,46(4):688-694.ZHOU W,ZHANG H,LI B H.Network Risk Assessment Method Based on Attack-Defense Graph Model [J].Journal of Southeast University (Natural Science Edition),2016,46(4):688-694.(in Chinese)
[12] 刘建峰,陈健.基于模糊博弈规则的网络节点入侵风险评估[J].计算机科学,2018,45(10):138-141.LIU J F,CHEN J.Evaluation of Network Node Invasion Risk Based on Fuzzy Game Rules [J].Computer Science,2018,45(10):138-141.(in Chinese)
[13] 刘刚.网络安全风险评估、控制和预测技术研究[D].南京:南京理工大学,2014.LIU G.Research on Network Security Risk Assessment Control and Prediction Technology [D].Nanjing:Nanjing University of Science &Technology,2014.(in Chinese)
[14] 葛海慧,肖达,陈天平,等.基于动态关联分析的网络安全风险评估方法[J].电子与信息学报,2013,35(11):2630-2636.GE H H,XIAO D,CHEN T P,et al.Quantitative Evaluation Approach for Real-Time Risk Based on Attack Event Correlating [J].Journal of Electronics & Information Technology,2013,35(11):2630-2636.(in Chinese)
[15] SEN A,MADRIA S.Risk Assessment in a Sensor Cloud Framework Using Attack Graphs [J].IEEE Transactions on Services Computing,2017,10(6):942-955.
[16] 张永铮,方滨兴,迟悦,等.网络风险评估中网络节点关联性的研究[J].计算机学报,2007,30(2):234-240.ZHANG Y Z,FANG B X,CHI Y,et al.Research on Network Node Correlation in Network Risk Assessment,2007,30(2):234-240.(in Chinese)
[17] 陈天平,孟相如,崔文岩,等.基于网络可生存性态势感知的主动服务漂移模型[J].空军工程大学学报(自然科学版),2015,16(6):64-68.CHEN T P,MENG X R,CUI W Y,et al.A Proactive Service Migration Model Based on Network Survivability Situation Awareness [J].Journal of Air Force Engineering University (National Science Edition),2015,16(6):64-68.(in Chinese)
[18] 刘玉岭,冯登国,连一峰,等.基于时空维度分析的网络安全态势预测方法[J].计算机研究与发展,2014,51(8):1681-1694.LIU Y L,FENG D G,LIAN Y F,et al.Network Situation Prediction Method Based on Spatial-Time Dimension Analysis [J].Journal of Computer Research and Development,2014,51(8):1681-1694.(in Chinese)
[19] 陈天平,许世军,张串绒,等.基于攻击检测的网络安全风险评估方法[J].计算机科学,2010,37(9):94-96.CHEN T P,XU S J,ZHANG C R,et al.Risk Assessment Method for Network Security Based on Intrusion Detection System [J].Computer Science,2010,37(9):94-96.(in Chinese)
[20] 席荣荣,云晓春,张永铮,等.一种改进的网络安全态势量化评估方法[J].计算机学报,2015,38(4):749-758.XI R R,YUN X C,ZHANG Y Z,et al.An Improved Quantitative Evaluation Method for Network Security [J].Chinese Journal of Computers,2015,38(4):749-758.(in Chinese)
[21] ?RNES A,VALEUR F,VIGNA G,et al.Using Hidden Markov Models to Evaluate the Risks of Intrusions [C]//Proceedings of the Recent Advances in Intrusion Detection.Hamburg:Springer,2006:145-164.