摘要
针对传统网络安全态势感知评估过多依赖专家经验的问题,提出一种基于随机森林的多层次网络安全态势感知(Cyber Security Situational Awareness,CSSA)框架评估模型.首先将CSSA的过程与安全数据生命周期进行对齐,并分析CSSA的需求,提出CSSA多层次分析框架,然后采用随机森林算法,构建CSSA评估模型,该模型基于多个分类器组合的思想,由决策树构成,每棵树依赖于独立样本,以及森林中所有树的随机向量分布相同的值.在进行分类时,每棵树投票并返回票数最多的类,这使得网络安全态势评估更为客观和准确.实验表明,与贝叶斯网络相比,此模型可以更快速、更准确地评估当前的网络安全情况.
In view of the fact that traditional network security situational awareness assessment relies too much on expert experience, this paper proposes a multi-layer cyber security situational awareness(CSSA) framework and a network security situation assessment model based on random forest. In this method, the CSSA process has first been aligned with the security data lifecycle, the CSSA requirements analyzed, a CSSA multi-level analysis framework proposed, and then the random forest algorithm used to build the CSSA assessment model. This model is based on multiple classifiers. The idea of composition consists of a decision tree, each tree relies on independent samples, and the random vectors of all trees in the forest distribute the same value. When classifying, every tree voted and returned the class with the most votes, which made the network security situation assessment more objective and accurate. Experiments show that compared with Bayesian networks, this model can assess the current network security situation more quickly and accurately.
作者
钱真坤
QIAN Zhen-kun(Logistics Service of Sichuan University of Arts and Science,Dazhou Sichuan 635000,China)
出处
《西南师范大学学报(自然科学版)》
CAS
北大核心
2019年第11期118-123,共6页
Journal of Southwest China Normal University(Natural Science Edition)
基金
四川省教育厅资助科研项目(18ZB0511)
关键词
网络安全态势感知
多层次CSSA
随机森林
决策树
评估模型
network security situational awareness
multi-level CSSA
random forest
decision tree
evaluation model
