信息网络安全 ›› 2019, Vol. 19 ›› Issue (7): 75-81.doi: 10.3969/j.issn.1671-1122.2019.07.009

• • 上一篇    下一篇

基于RSAR的随机森林网络安全态势要素提取

段詠程1, 王雨晴1, 李欣1,2(), 杨乐1   

  1. 1.中国人民公安大学信息技术与网络安全学院,北京 100038
    2.安全防范技术与风险评估公安部重点实验室,北京 100038
  • 收稿日期:2018-10-22 出版日期:2019-07-19 发布日期:2020-05-11
  • 作者简介:

    作者简介:段詠程(1995—),男,山东,硕士研究生,主要研究方向为态势感知、视频安全;王雨晴(1997—),女,天津,本科,主要研究方向为网络安全;李欣(1977—),男,江西,副教授,博士,主要研究方向为云计算、网络安全;杨乐(1994—),男,河南,硕士研究生,主要研究方向为入侵检测。

  • 基金资助:
    国家重点研发计划[2017YFC0803700];公安部科技强警基础工作专项[2017GABJC38]

RSAR-based Random Forest Network Security Situation Factor Extraction

Yongcheng DUAN1, Yuqing WANG1, Xin LI1,2(), Le YANG1   

  1. 1. College of Information Technology and Network Security, People’s Public Security University of China, Beijing 100038, China;
    2. Key Laboratory of Security Prevention Technology and Risk Assessment,the Ministry of Public Security, Beijing 100038, China
  • Received:2018-10-22 Online:2019-07-19 Published:2020-05-11

摘要:

网络安全态势要素提取是开展网络安全态势感知的前提性基础工作,同时也是直接影响网络安全态势感知系统性能的关键性工作之一。文章针对在复杂异构的网络环境下网络安全态势要素难以提取的问题,提出了一种基于粗糙集属性约简(Rough Set Attribute Reduction,RSAR)的随机森林网络安全态势要素提取方法。在该提取方法中,首先通过粗糙集理论确定数据集中每个属性的重要性,对重要程度低的属性进行约简,删除冗余属性;然后,使用随机森林分类器对约简后的数据集进行分类训练。为验证提出方法的有效性,文章使用入侵检测数据集对提出方法进行实验测试,实验结果表明,通过与传统提取方法相比,该方法有效地提高了态势要素提取的准确性,实现了高效提取网络安全态势要素。

关键词: 态势感知, 态势要素提取, 随机森林, 粗糙集

Abstract:

The extraction of network security situational elements is a prerequisite for developing network security situational awareness, and it is also one of the key tasks that directly affect the performance of network security situational awareness system. Aiming at the problem that it is difficult to extract network security situation elements in complex heterogeneous network environment, this paper proposes a method based on RSAR (Rough Set Attribute Reduction) for random forest network security situation factor extraction. In this extraction method, firstly, the importance of attributes is determined by rough set theory, and attributes with low importance are reduced and redundant attributes are deleted. Secondly, the processed data is classified using the random forest classifier. In order to verify the efficiency of the algorithm, the improved method is tested by the intrusion detection data set. Compared with the traditional method, the experimental results show that the algorithm effectively improves the accuracy and achieves efficient extraction of network security situation elements.

Key words: situational awareness, situation factor extraction, random forest, rough set

中图分类号: