Network Risk Assessment Based on Improved MulVAL Framework and HMM

With the increasingly extensive applications of the network, the security of internal network of enterprises is facing more and more threats from the outside world, which implies the importance to master the network risk assessment skills. In the big data era, there are various security protection techniques and different types of group data. Meanwhile, Online Social Networks (OSNs) and Social Internet of Things (SIoT) are becoming popular patterns of meeting people and keeping in touch with friends [2, 5]. However, risk assessment, as a bridge between security experts and network administrators, to some extent, whose accuracy can influence the judgment of administrators to the entire network state. In order to solve this problem, this essay proposes the improved MulVAL framework to optimize the risk assessment process by establishing the HMM model and the Bayesian model, which can improve the accuracy of the evaluation value. Firstly, behavior of the attacker is described in-depth by the attack graph generated through MulVAL. Then, with the quantitative evaluation conducted by the Common Vulnerability Scoring System, the nodes on the attack path can will be evaluated and the value will be further evaluated by the Bayesian model. Finally, by establishing the hidden Markov model, the corresponding parameters can be defined and the most likely probabilistic state transition sequence can be calculated by using the Viterbi algorithm to deduce the attack intent with the highest possibility.