A Security Situation Prediction Algorithm Based on HMM in Mobile Network

<table class="algorithm-group"><tr><td><table class="algorithm" id="alg1"><tr><td colspan="2">Input: alarm data, α, β</td></tr><tr><td colspan="2">Output: triple &lt;signature, srcIP, dstIP&gt;</td></tr><tr><td colspan="2"><svg height="11.5564pt" id="M33" style="vertical-align:-2.45076pt" version="1.1" viewbox="-0.0498162 -9.10564 8.00217 11.5564" width="8.00217pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,.183)"><path d="M293 -169V-141C218 -131 209 -90 209 -44C209 19 222 85 222 152C222 207 198 255 139 269V273C199 286 222 334 222 388C222 454 209 523 209 588C209 632 218 671 293 681V709C234 709 148 695 148 577C147 513 155 438 155 372C155 337 152 291 64 285V256C152 250 155 204 155 169C156 105 148 31 148 -41C148 -157 234 -169 293 -169Z" id="g113-124"></path></g></svg></td></tr><tr><td colspan="2">(1) Record the number N of all alarms</td></tr><tr><td colspan="2">(2) Foreach signature in Snort</td></tr><tr><td colspan="2">(3) alarms generated by signature are written in set A;</td></tr><tr><td colspan="2">(4) record the number n of alarms in set A;</td></tr><tr><td colspan="2">(5) If (<svg height="11.439pt" id="M34" style="vertical-align:-2.15067pt" version="1.1" viewbox="-0.0498162 -9.28833 45.3091 11.439" width="45.3091pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M495 86L479 114C446 82 419 66 409 66C401 66 401 72 406 97C420 166 436 231 453 297C489 435 454 448 428 448C406 448 384 439 354 422C305 394 222 327 161 247H159L183 345C200 415 194 448 173 448C143 448 82 410 23 351L38 325C64 349 95 371 105 371C111 371 116 365 109 336L25 -4L31 -12C50 -4 77 3 107 9C119 69 132 122 145 168C197 254 321 381 370 381C387 381 393 374 378 305L329 95C309 17 320 -12 345 -12C372 -12 430 19 495 86Z" id="g113-111"></path></g><g transform="matrix(.013,0,0,-0.013,6.526,0)"><path d="M368 703H309L44 -163H104L368 703Z" id="g113-48"></path></g><g transform="matrix(.013,0,0,-0.013,11.887,0)"><path d="M822 650H589L583 622C660 617 677 607 674 561C672 534 664 481 647 390L600 137H596L273 650H126L120 622C176 620 194 615 207 594C221 571 225 557 214 504L161 257C141 166 129 112 121 85C108 42 83 30 29 28L23 0H260L266 28C193 33 173 42 176 89C178 122 186 172 202 255L256 527H259L583 -8H612L690 390C708 481 720 535 728 558C744 603 756 619 816 622L822 650Z" id="g113-79"></path></g><g transform="matrix(.013,0,0,-0.013,26.429,0)"><path d="M512 230V281L75 514V456L453 256V254L75 55V-3L512 230Z" id="g117-92"></path></g><g transform="matrix(.013,0,0,-0.013,37.692,0)"><path d="M545 106L524 126C493 85 467 65 455 65C438 65 427 113 405 238C448 295 498 362 543 439L533 448L478 435C453 386 423 331 398 295H395C370 404 347 448 282 448C169 448 23 309 23 153C23 54 65 -12 128 -12C203 -12 283 70 339 155H341C360 29 380 -12 411 -12C444 -12 491 11 545 106ZM333 204C265 95 210 54 169 54C137 54 113 96 113 171C113 302 191 405 252 405C301 405 318 306 333 204Z" id="g113-223"></path></g></svg>)</td></tr><tr><td colspan="2">(6) all the srcIPs and dstIPs in A respectively construct set S and set D;</td></tr><tr><td colspan="2">(7) Foreach srcIP in S</td></tr><tr><td colspan="2">(8) If (the ratio of srcIP &gt; β)</td></tr><tr><td colspan="2">(9) Return &lt;signature, srcIP, any&gt;</td></tr><tr><td colspan="2">(10) Endfor</td></tr><tr><td colspan="2">(11) Foreach dstIP in D</td></tr><tr><td colspan="2">(12) If (the ratio of dstIP &gt; β)</td></tr><tr><td colspan="2">(13) Return &lt;signature,any, srcIP&gt;</td></tr><tr><td colspan="2">(14) Endfor</td></tr><tr><td colspan="2">(15) endif</td></tr><tr><td colspan="2">(16) Endfor</td></tr><tr><td colspan="2"><svg height="11.5564pt" id="M35" style="vertical-align:-2.45076pt" version="1.1" viewbox="-0.0498162 -9.10564 8.00217 11.5564" width="8.00217pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,3.375,.183)"><path d="M283 255V284C195 290 192 337 192 375C192 436 200 508 200 580C200 696 116 709 54 709V681C127 671 139 634 139 588C138 524 125 452 125 387C125 333 149 286 209 272V268C148 253 125 206 125 151C126 87 139 16 139 -47C139 -92 127 -131 54 -141V-169C115 -169 200 -152 200 -41C200 32 192 104 192 164C192 202 195 249 283 255Z" id="g113-126"></path></g></svg></td></tr></table></td></tr></table>

<div>The extraction of alarm stream.</div>

Wireless Communications and Mobile Computing

alg1

Algorithm 1

Algorithm 1: A Security Situation Prediction Algorithm Based on HMM in Mobile Network 