| As the network has been spread into all the aspects of social life, it has become an important infrastructure for the normal operation of nation and society. How to keep the security of network operation is a vital direction. From the view point of situation assessment, the identification of current and future security situation can not only help the network managers discover issues and bottlenecks, but also provide some basis for the right determination at crucial moment. Therefore, the research of situation assessment is very significant in the field of network security. This paper concerns the research of situation assessment, situation prediction and intent recognition, and its main content includes:Firstly, it summarizes the research directions and key techniques according to the status of domestic and abroad researches. According to the research need, a research framework is proposed. Secondly, it analyzes some related conceptions of entropy, and a network security situation assessment approach based on information entropy is proposed. The approach models the security data with multi-level analysis, and it evaluates the security situation with information entropy of the security data. The result of simulation example verifies its effectiveness. Thirdly, it analyzes the problems in the network security situation prediction. On the basis of this two prediction models, a combined prediction approach is proposed. The proposed approach is based on ARMA and Markov models, and the final result is the combination of above two models'predictions using weights. The result of simulation indicates that this approach increases precisions. Lastly, an intent recognition approach using HMM is depicted for the need of attack prediction. A couple of HMM models are created with the data produced by different security devices, and Viterbi algorithm is used to predict future intrusion intent. A simple case is provided in this paper. |
PDF Full Text Request