基于RSAR的随机森林网络安全态势要素提取

doi:10.3969/j.issn.1671-1122.2019.07.009

信息网络安全 ›› 2019, Vol. 19 ›› Issue (7): 75-81.doi: 10.3969/j.issn.1671-1122.2019.07.009

基于RSAR的随机森林网络安全态势要素提取

段詠程¹, 王雨晴¹, 李欣^1,²(), 杨乐¹

1.中国人民公安大学信息技术与网络安全学院,北京 100038
2.安全防范技术与风险评估公安部重点实验室,北京 100038

收稿日期:2018-10-22 出版日期:2019-07-19 发布日期:2020-05-11
作者简介:
作者简介：段詠程（1995—）,男,山东,硕士研究生,主要研究方向为态势感知、视频安全;王雨晴（1997—）,女,天津,本科,主要研究方向为网络安全;李欣（1977—）,男,江西,副教授,博士,主要研究方向为云计算、网络安全;杨乐（1994—）,男,河南,硕士研究生,主要研究方向为入侵检测。
基金资助:
国家重点研发计划[2017YFC0803700];公安部科技强警基础工作专项[2017GABJC38]

RSAR-based Random Forest Network Security Situation Factor Extraction

Yongcheng DUAN¹, Yuqing WANG¹, Xin LI^1,²(), Le YANG¹

1. College of Information Technology and Network Security, People’s Public Security University of China, Beijing 100038, China;
2. Key Laboratory of Security Prevention Technology and Risk Assessment,the Ministry of Public Security, Beijing 100038, China

Received:2018-10-22 Online:2019-07-19 Published:2020-05-11

摘要/Abstract

摘要：

网络安全态势要素提取是开展网络安全态势感知的前提性基础工作,同时也是直接影响网络安全态势感知系统性能的关键性工作之一。文章针对在复杂异构的网络环境下网络安全态势要素难以提取的问题,提出了一种基于粗糙集属性约简（Rough Set Attribute Reduction,RSAR）的随机森林网络安全态势要素提取方法。在该提取方法中,首先通过粗糙集理论确定数据集中每个属性的重要性,对重要程度低的属性进行约简,删除冗余属性;然后,使用随机森林分类器对约简后的数据集进行分类训练。为验证提出方法的有效性,文章使用入侵检测数据集对提出方法进行实验测试,实验结果表明,通过与传统提取方法相比,该方法有效地提高了态势要素提取的准确性,实现了高效提取网络安全态势要素。

关键词: 态势感知, 态势要素提取, 随机森林, 粗糙集

Abstract:

The extraction of network security situational elements is a prerequisite for developing network security situational awareness, and it is also one of the key tasks that directly affect the performance of network security situational awareness system. Aiming at the problem that it is difficult to extract network security situation elements in complex heterogeneous network environment, this paper proposes a method based on RSAR (Rough Set Attribute Reduction) for random forest network security situation factor extraction. In this extraction method, firstly, the importance of attributes is determined by rough set theory, and attributes with low importance are reduced and redundant attributes are deleted. Secondly, the processed data is classified using the random forest classifier. In order to verify the efficiency of the algorithm, the improved method is tested by the intrusion detection data set. Compared with the traditional method, the experimental results show that the algorithm effectively improves the accuracy and achieves efficient extraction of network security situation elements.

Key words: situational awareness, situation factor extraction, random forest, rough set

中图分类号:

TP309

段詠程, 王雨晴, 李欣, 杨乐. 基于RSAR的随机森林网络安全态势要素提取[J]. 信息网络安全, 2019, 19(7): 75-81.

Yongcheng DUAN, Yuqing WANG, Xin LI, Le YANG. RSAR-based Random Forest Network Security Situation Factor Extraction[J]. Netinfo Security, 2019, 19(7): 75-81.

图/表 7

图1

图2

图3

图4

图5

表1

表2

参考文献 21

[1]	GONG Jian, ZANG Xiaodong, SU Qi, et al.Survey of Network Security Situation Awareness[J]. Journal of Software, 2017, 28(4): 1010-1026.
	龚俭,臧小东,苏琪,等.网络安全态势感知综述[J].软件学报,2017,28(4):1010-1026.
[2]	BASS T, GRUBER D.A Glimpse into the Future of ID[J]. USENIX & SAGE, 1999, 24(5): 40-45.
[3]	YURCIK W.Visualizing NetFlows for Security at Line Speed: the SIFT Tool Suite[C]//USENIX. Conference on Systems Administration, December 4-9, 2005, San Diego. Berkeley: USENIX, 2005: 169-176.
[4]	LAU S.The Spinning Cube of Potential Doom[J]. Communications of the ACM, 2004, 47(6): 25-26.
[5]	TIM B.Intrusion Detection Systems and Multisensory Data Fusion[J]. Communications of the ACM, 2000, 43(4): 136-147.
[6]	SRIHARI R K, WU Xin.Mining Concept Associations for Knowledge Discovery Through Concept Chain Queries[EB/OL]. , 2018-3-18.
[7]	LI Dongyin.The Research on Situation Element Extraction of Network Security Based on Logistic Regression[D]. Fuzhou: Fuzhou University, 2014.
	李冬银. 基于Logistic回归的网络安全态势要素获取研究[D].福州:福州大学,2014.
[8]	WANG Huiqiang, LIANG Ying, YE Haizhi.An Extraction Method of Situational Factors for Network Security Situational Awareness[C]//ACM. 2008 International Conference on Internet Computing in Science and Engineering, January 28-29, 2008, Harbin, China. New York: ACM, 2008: 317-320.
[9]	SI Cheng, ZHANG Hongqi, WANG Yongwei, et al.Research on Network Security Situational Elements Knowledge Base Model Based on Ontology[J]. Computer Science, 2015, 42(5): 173-177.
	司成,张红旗,汪永伟,等.基于本体的网络安全态势要素知识库模型研究[J].计算机科学,2015,42(5):173-177.
[10]	LIU Xiaowu, WANG Huiqiang, Lü Hongwu, et al.Fusion-Based Cognitive Awareness-control Model for Network Security Situation[J]. Journal of Software, 2016, 27(8): 2099-2114.
	刘效武,王慧强,吕宏武,等.网络安全态势认知融合感控模型[J].软件学报,2016,27(8):2099-2114.
[11]	LIANG Ying, WANG Huiqiang, LAI Jibao.A Method of Network Security Situation Awareness Based on Rough Set Theory[J].Computer Science, 2007(8): 95-97, 147.
	梁颖,王慧强,赖积保.一种基于粗糙集理论的网络安全态势感知方法[J].计算机科学,2007(8):95-97,147.
[12]	GUO Jian.Studythe Technology of Extraction Situational Factor for Network Security Situational Awareness[D]. Shenyang: Northeastern University, 2011.
	郭剑. 网络安全态势感知中态势要素获取技术的研究[D].沈阳:东北大学,2011.
[13]	LAI Jibao, WANG Ying, Wang Huiqiang, et al.Research on Network Security Situation Awareness System Architecture Based on Multi-source Heterogeneous Sensors[J]. ComputerScience, 2011, 38(3): 144-149, 158.
	赖积保,王颖,王慧强,等.基于多源异构传感器的网络安全态势感知系统结构研究[J].计算机科学,2011,38(3):144-149,158.
[14]	LIN Weining, CHEN Mingzhi, ZHAN Yunqing, et al.Research on an Intrusion Detection Algorithm Based on PCA and Random-forest Classification[J]. Netinfo Security, 2017, 17(11): 50-54.
	林伟宁,陈明志,詹云清,等.一种基于PCA和随机森林分类的入侵检测算法研究[J].信息网络安全,2017,17(11):50-54.
[15]	LI Hong.Approach to Network Security Situational Element Extraction Based on Rough Set[D]. Shijiazhuang: Hebei Normal University, 2017.
	李红. 基于粗糙集的网络安全态势要素提取研究[D].石家庄:河北师范大学,2017.
[16]	KWOK SW, CARTER C. Multiple Decision Trees[EB/OL]. 2363, 2018-1-31.
[17]	HO T K.The Random Subspace Method for Constructing Decision Forests[J]. IEEE Transactions on Patternanalysis and Machine Intelligence, 1998, 20(8): 832-844.
[18]	QUINLAN J R.Induction of Decision Trees[J]. Machinelearning, 1986, 1(1): 81-106.
[19]	QUINLAN J R.C4.5: Programs for Machine Learning[M]. New York: Elsevier, 2014.
[20]	BREIMAN L, FRIEDMAN J, STONE C J, et al.Classification and Regression Trees[M]. Boca Raton: CRC press, 1984.
[21]	QI Ben, WANG Mengdi.A Method Using Information Gain and Naive Bayes to Extract Network Situation Information[J]. Netinfo Security, 2017, 17(9): 54-57.
	戚犇,王梦迪.基于信息增益的贝叶斯态势要素提取[J].信息网络安全,2017,17(9):54-57.

数据集	Normal	DoS	Probe	U2R	R2L
训练集	67343	45927	11656	52	995
测试集	9711	7456	2421	200	2756

类别	传统随机森林	RSAR随机森林
Normal	0.927	0.972
Probe	0.617	0.679
DoS	0.766	0.813
U2R	0.02	0.045
R2L	0.099	0.073
Weighted Avg	0.731	0.77

基于RSAR的随机森林网络安全态势要素提取

RSAR-based Random Forest Network Security Situation Factor Extraction

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 7

参考文献 21

相关文章 15

编辑推荐

Metrics

本文评价

[1]	赵志岩, 纪小默. 智能化网络安全威胁感知融合模型研究[J]. 信息网络安全, 2020, 20(4): 87-93.
[2]	宋鑫, 赵楷, 张琳琳, 方文波. 基于随机森林的Android恶意软件检测方法研究[J]. 信息网络安全, 2019, 19(9): 1-5.
[3]	马泽文, 刘洋, 徐洪平, 易航. 基于集成学习的DoS攻击流量检测技术[J]. 信息网络安全, 2019, 19(9): 115-119.
[4]	刘玉岭, 唐云善, 张琦, 李枫. 电力调度自动化软件安全态势评估方法[J]. 信息网络安全, 2019, 19(8): 15-21.
[5]	徐国天, 张铭. 网络安全态势感知中Trie树关键词高速匹配算法研究[J]. 信息网络安全, 2019, 19(4): 55-62.
[6]	张蕾华, 牛红太, 王仲妮, 刘雪红. 基于大数据的前科人员犯罪预警模型构建研究[J]. 信息网络安全, 2019, 19(4): 82-89.
[7]	陶源, 黄涛, 张墨涵, 黎水林. 网络安全态势感知关键技术研究及发展趋势分析[J]. 信息网络安全, 2018, 18(8): 79-85.
[8]	魏书宁, 陈幸如, 焦永, 王进. AR-OSELM算法在网络入侵检测中的应用研究[J]. 信息网络安全, 2018, 18(6): 1-6.
[9]	翟继强, 肖亚军, 杨海陆, 王健. 改进的人工蜂群结合优化的随机森林的U2R攻击检测研究[J]. 信息网络安全, 2018, 18(12): 38-45.
[10]	魏书宁, 陈幸如, 唐勇, 刘慧. AR-HELM算法在网络流量分类中的应用研究[J]. 信息网络安全, 2018, 18(1): 9-14.
[11]	戚犇, 王梦迪. 基于信息增益的贝叶斯态势要素提取[J]. 信息网络安全, 2017, 17(9): 54-57.
[12]	林伟宁, 陈明志, 詹云清, 刘川葆. 一种基于PCA和随机森林分类的入侵检测算法研究[J]. 信息网络安全, 2017, 17(11): 50-54.
[13]	管磊, 胡光俊, 王专. 基于大数据的网络安全态势感知技术研究[J]. 信息网络安全, 2016, 16(9): 45-50.
[14]	赵梦. 基于大数据环境的网络安全态势感知[J]. 信息网络安全, 2016, 16(9): 90-93.
[15]	褚维明, 黄进, 刘志乐. 网络空间安全态势感知数据收集研究[J]. 信息网络安全, 2016, 16(9): 202-207.