基于并行约简的网络安全态势要素提取方法  被引量：12

作　　者：赵冬梅[1,2] 李红[2,3] 

机构地区：[1]河北师范大学信息技术学院,石家庄050024 [2]河北省网络与信息安全重点实验室,石家庄050024 [3]河北师范大学数学与信息科学学院,石家庄050024

出　　处：《计算机应用》2017年第4期1008-1013,共6页journal of Computer Applications

基　　金：国家自然科学基金资助项目(61672206);河北省科技计划项目(15214706D)~~

摘　　要：网络安全态势要素选取的质量对网络安全态势评估的准确性起到至关重要的作用,而现有的网络安全态势要素提取方法大多依赖先验知识,并不适用于处理网络安全态势数据。为提高网络安全态势要素提取的质量与效率,提出一种基于属性重要度矩阵的并行约简算法,在经典粗糙集基础上引入并行约简思想,在保证分类不受影响的情况下,将单个决策信息表扩展到多个,利用条件熵计算属性重要度,根据约简规则删除冗余属性,从而实现网络安全态势要素的高效提取。为验证算法的高效性,利用Weka软件对数据进行分类预测,在NSL-KDD数据集中,相比利用全部属性,通过该算法约简后的属性进行分类建模的时间缩短了16.6%;对比评价指标发现,相比现有的三种态势要素提取算法(遗传算法(GA)、贪心式搜索算法(GSA)和基于条件熵的属性约简(ARCE)算法),该算法具有较高的召回率和较低的误警率。实验结果表明,经过该算法约简的数据具有更好的分类性能,实现了网络安全态势要素的高效提取。The quality of network security situational element extraction plays a crucial role in network security situation assessment. However, most of the existing network security situational element extraction methods rely on prior knowledge,and are not suitable for processing network security situational data. For effective and accurate extraction of network security situational elements, a parallel reduction algorithm based on matrix of attribute importance was proposed. The parallel reduction was introduced into classical rough set, then a single decision information table was expanded to multiple ones without affecting the classification. The conditional entropy was used to calculate attribute importance, and the redundant attributes were deleted according to reduction rules, thus the network security situational elements were extracted efficiently.In order to verify the efficiency of the proposed algorithm, the classification prediction was implemented on Weka. Compared with the usage of all the attributes, the classification modeling time on NSL-KDD dataset was reduced by 16.6% by using the attributes reduced by the proposed algorithm. Compared with the existing three element extraction algorithms（Genetic Algorithm（GA）, Greedy Search Algorithm（GSA）, and Attribute Reduction based on Conditional Entropy（ARCE）algorithm）, the proposed algorithm has higher recall rate and low false positive rate. The experimental results show that the data set reduced by the proposed algorithm has better classification performance, which realizes an efficient extraction of network security situational elements.

关 键 词：网络安全态势 要素提取 属性重要度矩阵 粗糙集 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]