摘要
大数据时代爆炸性增长的网络数据,使得安全态势感知技术成为网络安全领域新的研究热点。然而传统的安全态势感知模型因分类效果不佳,导致其加速比和规模比低于预期目标。为此,基于决策树算法设计了新的联级网络安全态势感知模型。该模型重新设置了类别划分模块,将攻击数据划分为四种类型,然后利用时间窗切分来自网络和主机的数据流,设计模型的安全事件检测模式。基于此,利用决策树算法建立联级网络安全态势感知模型。实验结果表明:与传统模型相比,本文模型的分类效果更佳,且模型的加速比和规模比都取得了良好的优化效果。可见,基于决策树算法的模型对于网络安全态势有更好的感知与处理能力。
Security situation awareness technology has been widely concerned. However, the poor classification effect of traditional security situation awareness model leads to lower speedup ratio and scale ratio than expected. Therefore, in this work, a new joint level network security situation awareness model was designed based on decision tree algorithm. The classification module was reset. Attack data were divided into four types. Time windows were applied to divide the data flow from the network and the host. The security event detection mode of the model was also designed. Decision tree algorithm was adopted to build the network security situation awareness model. The experimental results show that the classification effect, speedup ratio and scale ratio of the model are better than those of the traditional model.
作者
周莉
李静毅
ZHOU Li;LI Jing-yi(College of Mobile Telecommunications,Chongqing University of Posts and Telecommunications,Chongqing 401520,China)
出处
《计算机仿真》
北大核心
2021年第5期264-268,共5页
Computer Simulation
关键词
决策树算法
联级网络
安全态势感知
数据分类
加速比
Decision tree algorithm
Cascade network
Security situational awareness
Data classification
Speed ratio
Scale ratio
