基于并行约简的网络安全态势要素提取方法
|
摘要
网络安全态势要素选取的质量对网络安全态势评估的准确性起到至关重要的作用,而现有的网络安全态势要素提取方法大多依赖先验知识,并不适用于处理网络安全态势数据。为提高网络安全态势要素提取的质量与效率,提出一种基于属性重要度矩阵的并行约简算法,在经典粗糙集基础上引入并行约简思想,在保证分类不受影响的情况下,将单个决策信息表扩展到多个,利用条件熵计算属性重要度,根据约简规则删除冗余属性,从而实现网络安全态势要素的高效提取。为验证算法的高效性,利用Weka软件对数据进行分类预测,在NSL-KDD数据集中,相比利用全部属性,通过该算法约简后的属性进行分类建模的时间缩短了16.6%;对比评价指标发现,相比现有的三种态势要素提取算法(遗传算法(GA)、贪心式搜索算法(GSA)和基于条件熵的属性约简(ARCE)算法),该算法具有较高的召回率和较低的误警率。实验结果表明,经过该算法约简的数据具有更好的分类性能,实现了网络安全态势要素的高效提取。
The quality of network security situational element extraction plays a crucial role in network security situation assessment. However, most of the existing network security situational element extraction methods rely on prior knowledge,and are not suitable for processing network security situational data. For effective and accurate extraction of network security situational elements, a parallel reduction algorithm based on matrix of attribute importance was proposed. The parallel reduction was introduced into classical rough set, then a single decision information table was expanded to multiple ones without affecting the classification. The conditional entropy was used to calculate attribute importance, and the redundant attributes were deleted according to reduction rules, thus the network security situational elements were extracted efficiently.In order to verify the efficiency of the proposed algorithm, the classification prediction was implemented on Weka. Compared with the usage of all the attributes, the classification modeling time on NSL-KDD dataset was reduced by 16.6% by using the attributes reduced by the proposed algorithm. Compared with the existing three element extraction algorithms(Genetic Algorithm(GA), Greedy Search Algorithm(GSA), and Attribute Reduction based on Conditional Entropy(ARCE)algorithm), the proposed algorithm has higher recall rate and low false positive rate. The experimental results show that the data set reduced by the proposed algorithm has better classification performance, which realizes an efficient extraction of network security situational elements.
The quality of network security situational element extraction plays a crucial role in network security situation assessment. However, most of the existing network security situational element extraction methods rely on prior knowledge,and are not suitable for processing network security situational data. For effective and accurate extraction of network security situational elements, a parallel reduction algorithm based on matrix of attribute importance was proposed. The parallel reduction was introduced into classical rough set, then a single decision information table was expanded to multiple ones without affecting the classification. The conditional entropy was used to calculate attribute importance, and the redundant attributes were deleted according to reduction rules, thus the network security situational elements were extracted efficiently.In order to verify the efficiency of the proposed algorithm, the classification prediction was implemented on Weka. Compared with the usage of all the attributes, the classification modeling time on NSL-KDD dataset was reduced by 16.6% by using the attributes reduced by the proposed algorithm. Compared with the existing three element extraction algorithms(Genetic Algorithm(GA), Greedy Search Algorithm(GSA), and Attribute Reduction based on Conditional Entropy(ARCE)algorithm), the proposed algorithm has higher recall rate and low false positive rate. The experimental results show that the data set reduced by the proposed algorithm has better classification performance, which realizes an efficient extraction of network security situational elements.
引文
[1]BASS T.Multisensor data fusion for next generation distributed intrusion detection systems[EB/OL].[2016-03-10].http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.51.1753.
[2]STEPHEN L.The spinning cube of potential doom[J].Communications of the ACM,2004,47(6):25-26.
[3]YURCIK W.Visualizing Net Flows for security at line speed:the SIFT tool suite[C]//LISA 2005:Proceedings of the 19th Conference on Large Installation System Administration Conference.Berkeley,CA,USA:USENIX Association,2005:169-176.
[4]WANG H,LIANG Y,YE H.An extraction method of situational factors for network security situational awareness[C]//ICICSE2008:International Conference on Internet Computing in Science and Engineering.Washington,DC:IEEE Computer Society,2008:317-320.
[5]李冬银.基于Logistic回归的网络安全态势要素获取研究[D].福州:福州大学,2014.(LI D Y.The research on situation element extraction of network security based on logistic regression[D].Fuzhou:Fuzhou University,2014.)
[6]司成,张红旗,汪永伟,等.基于本体的网络安全态势要素知识库模型研究[J].计算机科学,2015,42(5):173-177.(SI C,ZHANG H Q,WANG Y W,et al.Research on network security situational elements knowledge base model based on ontology[J].Computer Science,2015,42(5):173-177.)
[7]刘效武,王慧强,吕宏武,等.网络安全态势认知融合感控模型[J].软件学报,2016,27(8):2099-2114.(LIU X W,WANG H Q,LYU H B,et al.Fusion-based cognitive awareness-control model for network security situation[J].Journal of Software,2016,27(8):2099-2114.)
[8]LI N,CHEN Z,ZHOU G.Network traffic classification using rough set theory and genetic algorithm[C]//ICIC 2006:Proceedings of the 2006 International Conference on Intelligent Computing.Berlin:Springer,2006:945-950.
[9]梁颖,王慧强,赖积保.一种基于粗糙集理论的网络安全态势感知方法[J].计算机科学,2007,34(8):95-97.(LIANG Y,WANG H Q,LAI J B.A method of network security situation awareness based on rough set theory[J].Computer Science,2007,34(8):95-97.)
[10]费洪晓,胡琳.一种粗糙集-决策树结合的入侵检测方法[J].计算机工程与应用,2012,48(22):124-128.(FEI H X,HU L.Combined rough set and decision tree method for intrusion detection.[J].Computer Engineering and Applications,2012,48(22):124-128.)
[11]何伟娜,褚龙现,姜建国.混合型数据库中入侵检测技术仿真[J].计算机仿真,2015,32(11):425-428.(HE W N,CHU L X,JIANG J G.Simulation of intrusion detection technology for hybrid database[J].Computer Simulation,2015,32(11):425-428.)
[12]LUAN X,LI Z,LIU T.A novel attribute reduction algorithm based on rough set and improved artificial fish swarm algorithm[J].Neurocomputing,2015,174:522-529.
[13]李洪成,付钰,叶清,等.基于粗糙集定权的网络安全态势要素提取方法[J].计算机与数字工程,2014,42(3):436-439.(LI H C,FU Y,YE Q,et al.Network security situation element extraction method based on rough set[J].Computer&Digital Engineering,2015,42(3):436-439.)
[14]陈林.粗糙集中不同粒度层次下的并行约简及决策[D].金华:浙江师范大学,2013.(CHEN L.Parallel reducts and decision in various levels of granularity[D].Jinhua:Zhejiang Normal University,2013.)
[15]KRAEMER J,SH M.Real time validation of online situation awareness questionnaires in simulated approach air traffic control[J].Procedia Manufacturing,2015,3:3152-3159.
[16]AFKARI H,BEDNARIK R,MKELS,et al.Mechanisms for maintaining situation awareness in the micro-neurosurgical operating room[J].International Journal of Human-Computer Studies,2016,95:1-14.
[17]PANTELI M,KIRSCHEN D S.Situation awareness in power systems:theory,challenges and applications[J].Electric Power Systems Research,2015,122:140-151.
[18]刘玉岭,冯登国,连一峰,等.基于时空维度分析的网络安全态势预测方法[J].计算机研究与发展,2014,51(8):1681-1694.(LIU Y L,FENG D G,LIAN Y F,et al.Network situation prediction method based on spatial-time dimension analysis[J].Journal of Computer Research and Development,2014,51(8):1681-1694.)
[19]姚书科.网络安全态势要素指标体系研究[J].电子设计工程,2012,20(13):85-88.(YAO S K.Network security situation factor index system research[J].Electronic Design Engineering,2012,20(13):85-88.)
[20]郭剑.网络安全态势感知中态势要素获取技术的研究[D].沈阳:东北大学,2011.(GUO J.Study the technology of extraction situation factor for network security situation awareness[D].Shenyang:Northeastern University,2011.)
[21]赖积保,王颖,王慧强,等.基于多源异构传感器的网络安全态势感知系统结构研究[J].计算机科学,2011,38(3):144-149,158.(LAI J B,WANG Y,WANG H Q,et al.Research on network security situation awareness system architecture based on multi-source heterogeneous sensors[J].Computer Science,2011,38(3):144-149,158.)
[2]STEPHEN L.The spinning cube of potential doom[J].Communications of the ACM,2004,47(6):25-26.
[3]YURCIK W.Visualizing Net Flows for security at line speed:the SIFT tool suite[C]//LISA 2005:Proceedings of the 19th Conference on Large Installation System Administration Conference.Berkeley,CA,USA:USENIX Association,2005:169-176.
[4]WANG H,LIANG Y,YE H.An extraction method of situational factors for network security situational awareness[C]//ICICSE2008:International Conference on Internet Computing in Science and Engineering.Washington,DC:IEEE Computer Society,2008:317-320.
[5]李冬银.基于Logistic回归的网络安全态势要素获取研究[D].福州:福州大学,2014.(LI D Y.The research on situation element extraction of network security based on logistic regression[D].Fuzhou:Fuzhou University,2014.)
[6]司成,张红旗,汪永伟,等.基于本体的网络安全态势要素知识库模型研究[J].计算机科学,2015,42(5):173-177.(SI C,ZHANG H Q,WANG Y W,et al.Research on network security situational elements knowledge base model based on ontology[J].Computer Science,2015,42(5):173-177.)
[7]刘效武,王慧强,吕宏武,等.网络安全态势认知融合感控模型[J].软件学报,2016,27(8):2099-2114.(LIU X W,WANG H Q,LYU H B,et al.Fusion-based cognitive awareness-control model for network security situation[J].Journal of Software,2016,27(8):2099-2114.)
[8]LI N,CHEN Z,ZHOU G.Network traffic classification using rough set theory and genetic algorithm[C]//ICIC 2006:Proceedings of the 2006 International Conference on Intelligent Computing.Berlin:Springer,2006:945-950.
[9]梁颖,王慧强,赖积保.一种基于粗糙集理论的网络安全态势感知方法[J].计算机科学,2007,34(8):95-97.(LIANG Y,WANG H Q,LAI J B.A method of network security situation awareness based on rough set theory[J].Computer Science,2007,34(8):95-97.)
[10]费洪晓,胡琳.一种粗糙集-决策树结合的入侵检测方法[J].计算机工程与应用,2012,48(22):124-128.(FEI H X,HU L.Combined rough set and decision tree method for intrusion detection.[J].Computer Engineering and Applications,2012,48(22):124-128.)
[11]何伟娜,褚龙现,姜建国.混合型数据库中入侵检测技术仿真[J].计算机仿真,2015,32(11):425-428.(HE W N,CHU L X,JIANG J G.Simulation of intrusion detection technology for hybrid database[J].Computer Simulation,2015,32(11):425-428.)
[12]LUAN X,LI Z,LIU T.A novel attribute reduction algorithm based on rough set and improved artificial fish swarm algorithm[J].Neurocomputing,2015,174:522-529.
[13]李洪成,付钰,叶清,等.基于粗糙集定权的网络安全态势要素提取方法[J].计算机与数字工程,2014,42(3):436-439.(LI H C,FU Y,YE Q,et al.Network security situation element extraction method based on rough set[J].Computer&Digital Engineering,2015,42(3):436-439.)
[14]陈林.粗糙集中不同粒度层次下的并行约简及决策[D].金华:浙江师范大学,2013.(CHEN L.Parallel reducts and decision in various levels of granularity[D].Jinhua:Zhejiang Normal University,2013.)
[15]KRAEMER J,SH M.Real time validation of online situation awareness questionnaires in simulated approach air traffic control[J].Procedia Manufacturing,2015,3:3152-3159.
[16]AFKARI H,BEDNARIK R,MKELS,et al.Mechanisms for maintaining situation awareness in the micro-neurosurgical operating room[J].International Journal of Human-Computer Studies,2016,95:1-14.
[17]PANTELI M,KIRSCHEN D S.Situation awareness in power systems:theory,challenges and applications[J].Electric Power Systems Research,2015,122:140-151.
[18]刘玉岭,冯登国,连一峰,等.基于时空维度分析的网络安全态势预测方法[J].计算机研究与发展,2014,51(8):1681-1694.(LIU Y L,FENG D G,LIAN Y F,et al.Network situation prediction method based on spatial-time dimension analysis[J].Journal of Computer Research and Development,2014,51(8):1681-1694.)
[19]姚书科.网络安全态势要素指标体系研究[J].电子设计工程,2012,20(13):85-88.(YAO S K.Network security situation factor index system research[J].Electronic Design Engineering,2012,20(13):85-88.)
[20]郭剑.网络安全态势感知中态势要素获取技术的研究[D].沈阳:东北大学,2011.(GUO J.Study the technology of extraction situation factor for network security situation awareness[D].Shenyang:Northeastern University,2011.)
[21]赖积保,王颖,王慧强,等.基于多源异构传感器的网络安全态势感知系统结构研究[J].计算机科学,2011,38(3):144-149,158.(LAI J B,WANG Y,WANG H Q,et al.Research on network security situation awareness system architecture based on multi-source heterogeneous sensors[J].Computer Science,2011,38(3):144-149,158.)