A Kind of Formal Modelling for Network Security Situational Awareness Based on HMM

Hidden Markov model (HMM) was introduced to model network security situational awareness (NSSA). The model was built from a novel perspective, both the distributions of anomaly behaviour and operational states of main network services were abstracted by Markov chain, modelling objects of HMM's dual stochastic process were constructed, classic Baum-Welch algorithm was used to estimate the parameters of the established mathematical model, and then the formal model for network security situational awareness based on HMM was constructed. Simulation experiments were done in local area network (LAN), and the obtained experimental results showed that the model could achieve quantitative descriptions for attacks and their impacts on security more precisely and effectively than the existing solutions, which helps to realize quantitative awareness for network security situation.