通过对复合式攻击预测方法的研究,将关联规则、模糊评价法和隐马尔可夫模型相结合,提出了基于模糊—隐马尔可夫模型的复合式攻击预测方法。该方法首先将原始报警信息融合为超级报警信息,进而基于攻击行为的初始概率分布确定初始状态矩阵,根据关联规则确定状态转移矩阵,应用模糊判别法确定观察矩阵,最后应用隐马尔可夫模型中的Forward算法对报警信息隶属的攻击场景进行了识别,Viterbi算法对攻击意图序列进行了预测。仿真实验验证了该方法的有效性。

Through study on methods for forecasting multi-stage attack,we proposed a forecasting approach based on fuzzy,Hidden Markov Model(HMM) by integrating the association rule,fuzzy evaluation method and hidden Markov model together.Firstly,the original alarm information was fused into hyper alarm information.Secondly,the initial state matrix was obtained by the initial probability of the attack behaviors,the state transition matrix was determined according to the association rule,and the observation matrix was obtained by fuzzy evaluation.Finally,the attack scenarios leading to the alarm information were recognized by the Forward algorithm of HMM,and the next possible attack sequence was forecasted by the Viterbi algorithm of HMM.The results of simulation experiments verify the validity of this approach.