基于HMM的网络安全态势评估与预测方法

网络安全态势估计和预测是态势感知的重要过程。在告警信息聚合基础上，以典型攻击模式作为关联依据，结合网络资产的脆弱性识别网络实体所处受攻击阶段并将其转化威胁等级。以威胁等级作为观测值，基于隐Markov模型通过状态估计实现态势评估，并利用神经网络和支持向量机的组合模型实现态势预测。DARPA2000测试数据集上的相关实验表明，本文方法能更加准确地评估和预测网络态势。

Cybersecurity Situation Evaluation Method Based on Association Analysis and Hidden Markov Model

Cybersecurity situation evaluation and prediction is the vital issue of situation awareness. Following the aggregation of alert information, attack affairs are associated according to the attack pattern with four phases. The attack phase is identified and the threat level is obtained based on the vulnerabilities of cyber entities. Taking the threat level as the observation variables of HMM, the situation value is successively figured out according to the estimation of HMM. The situation prediction is ultimately performed via the composition of the neural-network-based predictor and support-vector-machine-based predictor. Experimental results based on DARPA2000 dataset indicate that the proposed method is able to achieve higher cybersecurity situation evaluation and prediction performance.