Skip to Main Content
In recent years, the field of situational assessment lacks a comprehensive and systematic study. This paper proposes the idea of hierarchical situation assessment to solve this problem. From the perspective of the network transport layer, this paper researches the impact of abnormal behaviors on the protocol field and speculates the abnormal behaviors by the changes of the protocol field to assess network security situation by backward reasoning. Because more than 90% of the data flow is the TCP flow, this paper studies the TCP protocol of the transport layer. In this article, the authors analyze the network abnormal behaviors in detail and research the impact of the abnormal behaviors of TCP flow on correlation coefficient results. Finally, the authors verify the results of this paper.