Abstract
The ever-increasing complexity of computer network and various new types of bugs make the network security become an ever-growing serious challenge. In the evaluation of network security risk, the cause-and-effect relationship between multiple attack steps can be described well in an attack graph model. However, its test result is uncertain. Focused on this issue, the method of fusing attack graph model and Hidden Markov model (HMM) was proposed. Firstly, the network environment and attacker's aggressive behavior were abstracted by the attack graph model; Secondly, the probabilistic mapping that was between network observation and attack status was established by the HMM; Finally, the Viterbi algorithm was used to calculate the maximum probability state transition sequence. Experimental results show that the maximum probability of the state transition sequence can be effectively calculated and then the attack intention can be accurately inferred by this dual model. This method provides a good configuration for network security administrators.