Network security situation assessment based on HMM-MPGA

Abstract

Network security situational awareness is a new technology to solve the problem of single defense in recent years, and situation assessment is the most critical step in situational awareness. Because only in real-time and accurately evaluate the security situation of the current network, we can take more targeted defensive measures. This paper aims to improve timeliness and accuracy of the evaluation results. In the network security situation assessment method based on HMM, the establishment of time segment size to extract the observed value and the parameters of the model is an important factor, which affects the real-time performance and accuracy of the evaluation. Currently, in most cases time segment size is given by human at random, which cannot achieve equilibrium in efficient characterization of network security and real-time. Moreover, state transfer matrix and observation symbol matrix is often determined empirically, with a strong subjectivity. In order to solve the above problems, this article utilizes sliding time window mechanism to extract the observed value and hybrid multi-population genetic algorithm(MPGA) to train the HMM model parameters, so as to improve the reliability of parameters. Experiments show that this method can effectively and accurately reflect the current network safety status.