A novel stochastic modeling method for network security situational awareness

Abstract

Hidden Markov model (HMM) is used to model network security situational awareness (NSA). Distribution of abnormal behaviors in networked system and operational states of key network services are abstracted by Markov chains, modeling objects of the HMM's dual stochastic processes are set up, and classic Baum-Welch algorithm is used to estimate the parameters of the established stochastic mathematical model, then the stochastic modeling for network security situational awareness based upon HMM is realized. The simulation experimental results in LAN show that the model can effectively analyze and validate network security situation, and it is a novel attempt in achieving network security situational awareness, which prompts the development of theoretical researches in the field of NSA at a certain degree.