CAJ | 학술논문

针对目前日益复杂的网络安全环境，提出一种基于隐马尔可夫模型（HMM ）的态势评估方法。以入侵检测系统的输出（报警事件）为处理对象，采用隐马尔可夫随机过程作为分析手段，建立描述网络系统受到攻击后安全状态转移的隐马尔可夫模型；在此基础上，通过Baum‐Welch （BW）算法对模型参数进行优化，使用量化分析方法得到整个网络态势的定量评价。通过实验验证了该方法能比较准确地反映网络的安全态势，具有良好的应用前景。
침대목전일익복잡적망락안전배경，제출일충기우은마이가부모형（HMM ）적태세평고방법。이입침검측계통적수출（보경사건）위처리대상，채용은마이가부수궤과정작위분석수단，건립묘술망락계통수도공격후안전상태전이적은마이가부모형；재차기출상，통과Baum‐Welch （BW）산법대모형삼수진행우화，사용양화분석방법득도정개망락태세적정량평개。통과실험험증료해방법능비교준학지반영망락적안전태세，구유량호적응용전경。
To cope with the increasingly complex environment of network security ,a situation assessment method based on hid‐den Markov model (HMM) was proposed .The output of intrusion detection system (alarm events) was used as the object ,a hidden Markov random process was taken as an analytical tool ,and a HMM was established to describe the security state transi‐tion after the network system attack .On this basis ,the model parameters were optimized using Baum‐Welch (BW) algorithm , and a quantitative assessment of the situation of the entire network was obtained with quantitative analysis method .The results of the experiment show this method can more accurately reflect the network′s security situation ,and it has a favorable application prospect .