Netinfo Security ›› 2019, Vol. 19 ›› Issue (7): 75-81.doi: 10.3969/j.issn.1671-1122.2019.07.009

• Orginal Article • Previous Articles     Next Articles

RSAR-based Random Forest Network Security Situation Factor Extraction

Yongcheng DUAN1, Yuqing WANG1, Xin LI1,2(), Le YANG1   

  1. 1. College of Information Technology and Network Security, People’s Public Security University of China, Beijing 100038, China;
    2. Key Laboratory of Security Prevention Technology and Risk Assessment,the Ministry of Public Security, Beijing 100038, China
  • Received:2018-10-22 Online:2019-07-19 Published:2020-05-11

Abstract:

The extraction of network security situational elements is a prerequisite for developing network security situational awareness, and it is also one of the key tasks that directly affect the performance of network security situational awareness system. Aiming at the problem that it is difficult to extract network security situation elements in complex heterogeneous network environment, this paper proposes a method based on RSAR (Rough Set Attribute Reduction) for random forest network security situation factor extraction. In this extraction method, firstly, the importance of attributes is determined by rough set theory, and attributes with low importance are reduced and redundant attributes are deleted. Secondly, the processed data is classified using the random forest classifier. In order to verify the efficiency of the algorithm, the improved method is tested by the intrusion detection data set. Compared with the traditional method, the experimental results show that the algorithm effectively improves the accuracy and achieves efficient extraction of network security situation elements.

Key words: situational awareness, situation factor extraction, random forest, rough set

CLC Number: