摘要
为了解决网络安全设备告警中误报率高的问题,有效提升电力网络安全的主动防御能力,本文提出了一种基于XGBoost的网络安全设备告警误报检测模型。首先,模型对海量多源异构性网络设备日志数据按照标准化格式进行数据融合,并采取数据去重、缺失值处理等数据预处理操作,提高数据质量;其次,基于对网络安全设备告警的先验知识,从攻击时间、IP地址、端口等原始数据特征中构造、提取、选择告警误报检测相关特征;最后,基于XGBoost算法训练模型并进行模型融合,实现对告警误报的准确分类识别。实证表明,本文提出的基于XGBoost的网络安全设备告警误报检测模型大幅度降低网络安全设备告警误报率,有效提升电力网络安全主动防御能力,为打造健康发展的电力网络环境提供了帮助。
In order to solve the problem of high false alarm rate in network security equipment alarm and improve the active defense ability of power network security effectively,a network security equipment alarm false alarm detection model based on XGBoost is proposed in this paper.Firstly,the model fuses massive multi-source heterogeneous network device log data according to the standardized format,and then data preprocessing operations such as duplicate data eliminating and missing value processing are adopted to improve data quality.Secondly,based on the prior knowledge of network security equipment alarm,this model construct,extract and select features of false alarm detection from original data features such as attack time,IP address and port.Finally,the model is trained and fused based on XGBoost algorithm to realize the accurate classification and recognition of false alarms.The empirical results show that the alarm false alarm detection model based on XGBoost can greatly reduce the alarm false alarm rate of network security equipment and effectively enhance the active defense capability of power network security,it is helpful to build a healthy development environment of electric power network.
作者
崔豪驿
鲍娌娜
苗德雨
张海涛
CUI Haoyi;BAO Lina;MIAO Deyu;ZHANG Haitao(Yantai Power Supply Company of State Grid Shandong Power Co.,Ltd.,Yantai 264000 Shandong,China)
出处
《电力大数据》
2021年第7期31-39,共9页
Power Systems and Big Data
关键词
设备告警
告警误报检测
分类
特征工程
模型融合
equipment alarm
false alarm detection
classification
feature engineering
model fusion
