中文摘要：

准确地评估网络安全风险是提高网络安全性的关键.基于隐马尔卡夫模型的实时网络安全风险量化方法,以入侵检测系统的告警作为输入,能够实时量化网络风险值,有效评估网络受到的威胁,但仍然存在配置复杂、评估容易出现误差等问题.该文提出了优化的方法,利用参数矩阵自动生成代替手工设置,提高了准确性,简化了配置复杂度.首先将IDS告警和主机的漏洞、状态结合起来,定义攻击的威胁度来更好地体现攻击的风险,并对攻击进行分类,简化隐马尔卡夫模型的输入.其次,提出了利用遗传算法来自动求解隐马尔卡夫模型中的矩阵,定义风险描述规则作为求解的优化目标,解决隐马尔卡夫模型难以配置的问题.风险描述规则为描述网络安全风险提供了形式化的方法,利用这种规则建立的规则库可以作为风险评估方法的通用测试标准.最后,通过比较实验和DARPA2000数据实际测试,证明文中方法能够很好地反映网络风险,量化网络面临的威胁.

英文摘要：

Exactly assessing the security risk of a network is the key to improving the security level of a network. The Hidden Markov Model based real time network security risk quantification method can get the risk value and evaluate the threat dynamically and timely, whose input is Intrusion Detection System alerts. But it＇s complex to configure and it tends to acquire errors. These faults are resolved in an optimized method presented in this paper. The optimized method improves the accuracy and simplifies the configuration with automatically calculate matrixes in HMM. First, it combines IDS alert, host information and asset value to define the threat of an attack. The threat is more accurate than the alert and is applied to classify attacks. Second, the new method uses the genetic algorithm to generate the HMM status transformation matrix and observation matrix automatically, and it defines risk description rules as the genetic algorithm optimization target. The risk description rule provides a formal method to characterize the network security risk, and the rule base can be used as the test criterion for other risk assessment methods. At last, the comparative experiment and DARPA 2000 data experiment obtain good results and prove that this method is practical to measure the risk of network security.