Research Article
A Security Situation Prediction Algorithm Based on HMM in Mobile Network
Algorithm 1
The extraction of alarm stream.
Input: alarm data, α, β | Output: triple <signature, srcIP, dstIP> | | (1) Record the number N of all alarms | (2) Foreach signature in Snort | (3) alarms generated by signature are written in set A; | (4) record the number n of alarms in set A; | (5) If () | (6) all the srcIPs and dstIPs in A respectively construct set S and set D; | (7) Foreach srcIP in S | (8) If (the ratio of srcIP > β) | (9) Return <signature, srcIP, any> | (10) Endfor | (11) Foreach dstIP in D | (12) If (the ratio of dstIP > β) | (13) Return <signature,any, srcIP> | (14) Endfor | (15) endif | (16) Endfor | |
|