摘要
网络安全态势要素提取是开展网络安全态势感知的前提性基础工作,同时也是直接影响网络安全态势感知系统性能的关键性工作之一。文章针对在复杂异构的网络环境下网络安全态势要素难以提取的问题,提出了一种基于粗糙集属性约简(Rough Set Attribute Reduction, RSAR )的随机森林网络安全态势要素提取方法。在该提取方法中,首先通过粗糙集理论确定数据集中每个属性的重要性,对重要程度低的属性进行约简,删除冗余属性;然后,使用随机森林分类器对约简后的数据集进行分类训练。为验证提出方法的有效性,文章使用入侵检测数据集对提出方法进行实验测试,实验结果表明,通过与传统提取方法相比,该方法有效地提高了态势要素提取的准确性,实现了高效提取网络安全态势要素。
The extraction of network security situational elements is a prerequisite for developing network security situational awareness, and it is also one of the key tasks that directly affect the performance of network security situational awareness system. Aiming at the problem that it is difficult to extract network security situation elements in complex heterogeneous network environment, this paper proposes a method based on RSAR (Rough Set Attribute Reduction) for random forest network security situation factor extraction. In this extraction method, firstly, the importance of attributes is determined by rough set theory, and attributes with low importance are reduced and redundant attributes are deleted. Secondly, the processed data is classified using the random forest classifier. In order to verify the efficiency of the algorithm, the improved method is tested by the intrusion detection data set. Compared with the traditional method, the experimental results show that the algorithm effectively improves the accuracy and achieves efficient extraction of network security situation elements.
作者
段詠程
王雨晴
李欣
杨乐
DUAN Yongcheng;WANG Yuqing;LI Xin;YANG Le(College of Information Technology and Network Security,Peoples Public Security University of China,Beijing 100038 China;Key Laboratory of Security Prevention Technology and Risk Assessment,the Ministry of Public Security,Beying 100038,China)
出处
《信息网络安全》
CSCD
北大核心
2019年第7期75-81,共7页
Netinfo Security
基金
国家重点研发计划[2017YFC0803700]
公安部科技强警基础工作专项[2017GABJC38]
关键词
态势感知
态势要素提取
随机森林
粗糙集
situational awareness
situation factor extraction
random forest
rough set