Research on Classification Method of Network Security Data Based on Data Feature Learning

doi:10.3969/j.issn.1671-1122.2019.10.007

Abstract

Abstract:

Data classification plays an important role in cyberspace security situational awareness applications. However, with the expansion of network system scale, the increase of network speed, and the increase of network security incidents, the number of security data increases dramatically, which greatly affects the accuracy of data classification, thus bringing great challenges to security applications such as intrusion detection, security assessment and attack intention recognition. This paper proposes a data classification model integrating SMOTE-SVM algorithm and XGBoost algorithm. Firstly, in view of the data imbalance situation, by combining with up-sampling and down-sampling, a data feature balance method based on SMOTE-SVM algorithm is designed to improve the rationality of training data distribution and training accuracy. Then, in view of the diversity of multi-source heterogeneous security data, single-hot coding technology is used to standardize the data. Finally, based on XGBoost algorithm, feature extraction and classification of data sets are carried out. Experimental results show that the proposed method has obvious advantages in data classification accuracy, recall rate and comprehensive effectiveness. It can effectively improve the analysis ability of large data of network security, and has important application significance for network security situational awareness.

Key words: cyberspace security, imbalanced data, SMOTE, XGBoost

CLC Number:

TP309

Yanhua LIU, Xiaoling GAO, Minchen ZHU, Peihuang SU. Research on Classification Method of Network Security Data Based on Data Feature Learning[J]. Netinfo Security, 2019, 19(10): 50-56.

Figures/Tables 10

References 15

[1]	SUN Yanmin, WONG A K C, KAMEL M S. Classification of Imbalanced Data: A Review[J]. International Journal of Pattern Recognition & Artificial Intelligence, 2009, 23(4): 687-719.
[2]	HE Haibo, GARCIA E A, Learning from Imbalanced Data[J]. IEEE Transactions on Knowledge and Data Engineering, 2009, 21(9): 1263-1284.
[3]	FU Zhongliang.Research on Continuous AdaBoost Algorithm for Unbalanced Multiple Classification Problems[J]. Journal of Computer Research and Development, 2011, 48(12): 2326-2333.
	付忠良. 不平衡多分类问题的连续AdaBoost算法研究[J]. 计算机研究与发展,2011,48(12):2326-2333.
[4]	LI Xiongfei, LI Jun, DONG Yuanfang, et al.A New Unbalanced Data Learning Algorithm PCBoost[J]. Chinese Journal of Computers, 2012, 35(2): 202-209.
	李雄飞,李军,董元方,等. 一种新的不平衡数据学习算法PCBoost[J]. 计算机学报,2012,35(2):202-209.
[5]	LI Jia, LI Hui, YU Junling.Application of Random-SMOTE on Imbalanced Data Mining[C]//IEEE. Fourth International Conference on Business Intelligence & Financial Engineering, October 17-18, 2011, Wuhan, China. NJ: IEEE, 2012: 130-133.
[6]	LI Longjie, YU Yang, BAI Shenshen, et al.Towards Effective Network Intrusion Detection: A Hybrid Model Integrating Gini Index and GBDT with PSO[J]. Journal of Sensors, 2018, 18(6): 1-9.
[7]	DONG S K, PARK J S.Network-based Intrusion Detection with Support Vector Machines[C]//Springer. International Conference on Information Networking, February 12-14, 2003, Cheju Island, Korea. Heidelberg: Springer, 2003: 747-756.
[8]	CHAWLA N V, BOWYER K W, HALL L O, et al.SMOTE: Synthetic Minority Over-sampling Technique[J]. Journal of Artificial Intelligence Research, 2002, 16(1): 321-357.
[9]	MATHEW J, LUO Ming, PANG C K, et al.Kernel-based SMOTE for SVM Classification of Imbalanced Datasets[C]// IEEE. IECON 2015 - 41st Annual Conference of the IEEE Industrial Electronics Society, November 9-12, 2015, Yokohama, Japan. NJ: IEEE, 2015: 1127-1132.
[10]	ZHANG Dahai, QIAN Liyang, MAO Baijin, et al.A Data-Driven Design for Fault Detection of Wind Turbines Using Random Forests and XGBoost[J]. IEEE Access, 2018(6): 21020-21031.
[11]	HOMOL D K, KLEMMER N, JACOUTOT A. One-hot Decoded Phase Shift Prescaler: U.S. 6570946[P].2003-5-27.
[12]	RICE J.Mathematical Statistics and Data Analysis, International Edition(with CD Data Sets)[J]. Mathematical Gazette, 2006, 72(72): 390-391.
[13]	RUAN Xiaohong, HUANG Xiaomeng, YUAN Dingrong, et al.A Classifier Algorithm Based on Heterogeneous Cost Sensitive Decision Tree[J]. Computer Science, 2013, 40(11a): 140-142.
	阮晓宏,黄小猛,袁鼎荣,等. 基于异构代价敏感决策树的分类器算法[J]. 计算机科学,2013,40(11a):140-142.
[14]	CHEN Tianqi, GUESTRIN C.Xgboost: A Scalable Tree Boosting System[C]//ACM. Proceedings of The 22nd Acm Sigkdd International Conference on Knowledge Discovery and Data Mining, August 13-17, 2016, San Francisco, California, USA. New York: ACM, 2016: 785-794.
[15]	FRIEDMAN J H.Greedy Function Approximation: A Gradient Boosting Machine[J]. Annals of Statistics, 2001, 29(5): 1189-1232.

原始数据	独热编码后的数据
ICMP	(1, 0, 0, 0)
TCP	(0, 1, 0, 0)
UDP	(0, 0, 1, 0)
HTTP	(0, 0, 0, 1)

类型	原始数据集		去冗余后的数据集
类型	记录数/条	比例	记录数/条	比例
Normal	97277	19.688%	87831	60.232%
DoS	391458	79.226%	54598	37.442%
U2R	135	0.027%	135	0.0926%
R2L	1124	0.227%	1124	0.771%
Probe	4107	0.831%	2133	2.816%

算法	平均查准率/%	平均召回率/%	平均F-Score/%
GBDT	72.3	48.2	57.8
GBDT?SMOTE	74.6	54.6	64.8
XGBoost?SMOTE-SVM	78.4	94.6	85.7