基于并行约简的网络安全态势要素提取方法

doi:10.11772/j.issn.1001-9081.2017.04.1008

计算机应用 ›› 2017, Vol. 37 ›› Issue (4): 1008-1013.DOI: 10.11772/j.issn.1001-9081.2017.04.1008

基于并行约简的网络安全态势要素提取方法

赵冬梅^1,2, 李红^2,3

1. 河北师范大学信息技术学院, 石家庄 050024;
2. 河北省网络与信息安全重点实验室, 石家庄 050024;
3. 河北师范大学数学与信息科学学院, 石家庄 050024

收稿日期:2016-11-04 修回日期:2016-12-21 出版日期:2017-04-10 发布日期:2017-04-19
通讯作者: 李红
作者简介:赵冬梅(1966-),女,河北深州人,教授,博士,CCF会员,主要研究方向:网络安全、信息安全;李红(1990-),女,河北衡水人,硕士研究生,CCF会员,主要研究方向:信息安全。
基金资助:
国家自然科学基金资助项目（61672206）；河北省科技计划项目（15214706D）。

Approach to network security situational element extraction based on parallel reduction

ZHAO Dongmei^1,2, LI Hong^2,3

1. College of Information Technology, Hebei Normal University, Shijiazhuang Hebei 050024, China;
2. Hebei Key Laboratory of Network and Information Security, Shijiazhuang Hebei 050024, China;
3. College of Mathematics and Information Science, Hebei Normal University, Shijiazhuang Hebei 050024, China

Received:2016-11-04 Revised:2016-12-21 Online:2017-04-10 Published:2017-04-19
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61672206), the Science and Technology Project of Hebei Province (15214706D).

摘要/Abstract

摘要： 网络安全态势要素选取的质量对网络安全态势评估的准确性起到至关重要的作用，而现有的网络安全态势要素提取方法大多依赖先验知识，并不适用于处理网络安全态势数据。为提高网络安全态势要素提取的质量与效率，提出一种基于属性重要度矩阵的并行约简算法，在经典粗糙集基础上引入并行约简思想，在保证分类不受影响的情况下，将单个决策信息表扩展到多个，利用条件熵计算属性重要度，根据约简规则删除冗余属性，从而实现网络安全态势要素的高效提取。为验证算法的高效性，利用Weka软件对数据进行分类预测，在NSL-KDD数据集中，相比利用全部属性，通过该算法约简后的属性进行分类建模的时间缩短了16.6%；对比评价指标发现，相比现有的三种态势要素提取算法（遗传算法（GA）、贪心式搜索算法（GSA）和基于条件熵的属性约简（ARCE）算法），该算法具有较高的召回率和较低的误警率。实验结果表明，经过该算法约简的数据具有更好的分类性能，实现了网络安全态势要素的高效提取。

关键词: 网络安全态势, 要素提取, 属性重要度矩阵, 粗糙集

Abstract: The quality of network security situational element extraction plays a crucial role in network security situation assessment. However, most of the existing network security situational element extraction methods rely on prior knowledge, and are not suitable for processing network security situational data. For effective and accurate extraction of network security situational elements, a parallel reduction algorithm based on matrix of attribute importance was proposed. The parallel reduction was introduced into classical rough set, then a single decision information table was expanded to multiple ones without affecting the classification. The conditional entropy was used to calculate attribute importance, and the redundant attributes were deleted according to reduction rules, thus the network security situational elements were extracted efficiently. In order to verify the efficiency of the proposed algorithm, the classification prediction was implemented on Weka. Compared with the usage of all the attributes, the classification modeling time on NSL-KDD dataset was reduced by 16.6% by using the attributes reduced by the proposed algorithm. Compared with the existing three element extraction algorithms (Genetic Algorithm (GA), Greedy Search Algorithm (GSA), and Attribute Reduction based on Conditional Entropy (ARCE) algorithm), the proposed algorithm has higher recall rate and low false positive rate. The experimental results show that the data set reduced by the proposed algorithm has better classification performance, which realizes an efficient extraction of network security situational elements.

Key words: network security situation, element extraction, matrix of attribute importance, Rough Set (RS)

中图分类号:

TP393.08

赵冬梅, 李红. 基于并行约简的网络安全态势要素提取方法[J]. 计算机应用, 2017, 37(4): 1008-1013.

ZHAO Dongmei, LI Hong. Approach to network security situational element extraction based on parallel reduction[J]. Journal of Computer Applications, 2017, 37(4): 1008-1013.

参考文献

[1] BASS T. Multisensor data fusion for next generation distributed intrusion detection systems[EB/OL].[2016-03-10]. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.51.1753.
[2] STEPHEN L. The spinning cube of potential doom[J]. Communications of the ACM, 2004,47(6):25-26.
[3] YURCIK W. Visualizing NetFlows for security at line speed: the SIFT tool suite[C]//LISA 2005: Proceedings of the 19th Conference on Large Installation System Administration Conference. Berkeley, CA, USA: USENIX Association, 2005:169-176.
[4] WANG H, LIANG Y, YE H. An extraction method of situational factors for network security situational awareness[C]//ICICSE 2008: International Conference on Internet Computing in Science and Engineering. Washington, DC: IEEE Computer Society, 2008:317-320.
[5] 李冬银. 基于Logistic回归的网络安全态势要素获取研究[D]. 福州:福州大学, 2014.(LI D Y. The research on situation element extraction of network security based on logistic regression[D]. Fuzhou: Fuzhou University, 2014.)
[6] 司成, 张红旗, 汪永伟, 等. 基于本体的网络安全态势要素知识库模型研究[J]. 计算机科学, 2015, 42(5):173-177.(SI C, ZHANG H Q, WANG Y W, et al. Research on network security situational elements knowledge base model based on ontology[J]. Computer Science, 2015, 42(5):173-177.)
[7] 刘效武, 王慧强, 吕宏武, 等.网络安全态势认知融合感控模型[J]. 软件学报, 2016, 27(8):2099-2114.(LIU X W, WANG H Q, LYU H B, et al. Fusion-based cognitive awareness-control model for network security situation[J]. Journal of Software, 2016, 27(8):2099-2114.)
[8] LI N, CHEN Z, ZHOU G. Network traffic classification using rough set theory and genetic algorithm[C]//ICIC 2006: Proceedings of the 2006 International Conference on Intelligent Computing. Berlin: Springer, 2006:945-950.
[9] 梁颖, 王慧强, 赖积保. 一种基于粗糙集理论的网络安全态势感知方法[J]. 计算机科学, 2007, 34(8):95-97.(LIANG Y, WANG H Q, LAI J B. A method of network security situation awareness based on rough set theory[J]. Computer Science, 2007, 34(8):95-97.)
[10] 费洪晓, 胡琳. 一种粗糙集-决策树结合的入侵检测方法[J]. 计算机工程与应用, 2012, 48(22):124-128.(FEI H X, HU L. Combined rough set and decision tree method for intrusion detection.[J]. Computer Engineering and Applications, 2012, 48(22):124-128.)
[11] 何伟娜, 褚龙现, 姜建国. 混合型数据库中入侵检测技术仿真[J]. 计算机仿真, 2015, 32(11):425-428.(HE W N, CHU L X, JIANG J G. Simulation of intrusion detection technology for hybrid database[J]. Computer Simulation, 2015, 32(11): 425-428.)
[12] LUAN X, LI Z, LIU T. A novel attribute reduction algorithm based on rough set and improved artificial fish swarm algorithm[J]. Neurocomputing, 2015, 174:522-529.
[13] 李洪成, 付钰, 叶清, 等.基于粗糙集定权的网络安全态势要素提取方法[J]. 计算机与数字工程, 2014, 42(3):436-439.(LI H C, FU Y, YE Q, et al. Network security situation element extraction method based on rough set[J]. Computer & Digital Engineering, 2015, 42(3):436-439.)
[14] 陈林.粗糙集中不同粒度层次下的并行约简及决策[D]. 金华:浙江师范大学, 2013.(CHEN L. Parallel reducts and decision in various levels of granularity[D]. Jinhua: Zhejiang Normal University, 2013.)
[15] KRAEMER J, SÜß H M. Real time validation of online situation awareness questionnaires in simulated approach air traffic control[J]. Procedia Manufacturing, 2015, 3:3152-3159.
[16] AFKARI H, BEDNARIK R, MÄKELÄ S, et al. Mechanisms for maintaining situation awareness in the micro-neurosurgical operating room[J]. International Journal of Human-Computer Studies, 2016, 95:1-14.
[17] PANTELI M, KIRSCHEN D S. Situation awareness in power systems: theory, challenges and applications[J]. Electric Power Systems Research, 2015, 122:140-151.
[18] 刘玉岭, 冯登国, 连一峰, 等.基于时空维度分析的网络安全态势预测方法[J]. 计算机研究与发展, 2014, 51(8): 1681-1694.(LIU Y L, FENG D G, LIAN Y F, et al. Network situation prediction method based on spatial-time dimension analysis[J]. Journal of Computer Research and Development, 2014, 51(8): 1681-1694.)
[19] 姚书科. 网络安全态势要素指标体系研究[J]. 电子设计工程, 2012, 20(13):85-88.(YAO S K. Network security situation factor index system research[J]. Electronic Design Engineering, 2012, 20(13): 85-88.)
[20] 郭剑. 网络安全态势感知中态势要素获取技术的研究[D]. 沈阳:东北大学, 2011.(GUO J. Study the technology of extraction situation factor for network security situation awareness[D]. Shenyang: Northeastern University, 2011.)
[21] 赖积保, 王颖, 王慧强, 等. 基于多源异构传感器的网络安全态势感知系统结构研究[J]. 计算机科学, 2011, 38(3):144-149, 158.(LAI J B, WANG Y, WANG H Q, et al. Research on network security situation awareness system architecture based on multi-source heterogeneous sensors[J]. Computer Science, 2011, 38(3): 144-149, 158.)

基于并行约简的网络安全态势要素提取方法

Approach to network security situational element extraction based on parallel reduction

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	王小荣, 张玉召, 张振江. 基于双论域粗糙集的快捷货物运输方案选择[J]. 计算机应用, 2021, 41(5): 1500-1505.
[2]	彭莉, 张海清, 李代伟, 唐聃, 于曦, 何磊. 基于粗糙集理论的不完备数据分析方法的混合信息系统填补算法[J]. 计算机应用, 2021, 41(3): 677-685.
[3]	王磊. 改进粗糙集属性约简结合K-means聚类的网络入侵检测方法[J]. 计算机应用, 2020, 40(7): 1996-2002.
[4]	张伍, 陈红梅. 基于多核模糊粗糙集与蝗虫优化算法的高光谱波段选择[J]. 计算机应用, 2020, 40(5): 1425-1430.
[5]	章夏杰, 朱敬华, 陈杨. Spark下的分布式粗糙集属性约简算法[J]. 计算机应用, 2020, 40(2): 518-523.
[6]	欧彬利, 钟夏汝, 代建华, 杨田. 基于变精度覆盖粗糙集的入侵检测方法[J]. 计算机应用, 2020, 40(12): 3465-3470.
[7]	张伍, 陈红梅. 基于核模糊粗糙集的高光谱波段选择算法[J]. 计算机应用, 2020, 40(1): 258-263.
[8]	鲍迪, 张楠, 童向荣, 岳晓冬. 区间值决策表的正域增量式属性约简算法[J]. 计算机应用, 2019, 39(8): 2288-2296.
[9]	徐怡, 肖鹏. 基于容差关系的多粒度粗糙集中近似集动态更新方法[J]. 计算机应用, 2019, 39(5): 1247-1251.
[10]	孔贺庆, 张楠, 岳晓冬, 童向荣, 于天佑. 基于多特定决策类的不完备决策系统正域约简[J]. 计算机应用, 2019, 39(5): 1252-1260.
[11]	陈曼如, 张楠, 童向荣, 东野升龙, 杨文静. 基于多尺度属性粒策略的快速正域约简算法[J]. 计算机应用, 2019, 39(12): 3426-3433.
[12]	郑文彬, 李进金, 于佩秋, 林艺东. 变精度多粒度粗糙集近似集更新的矩阵算法[J]. 计算机应用, 2019, 39(11): 3140-3145.
[13]	谭永奇, 樊建聪, 任延德, 周晓明. 改进的属性约简算法及其在肝癌微血管侵犯预测中的应用[J]. 计算机应用, 2019, 39(11): 3221-3226.
[14]	李旭, 荣梓景, 阮晓曦. 关系决策系统中相对不可区分和区分关系的约简[J]. 计算机应用, 2019, 39(10): 2852-2858.
[15]	袁钟, 冯山. 基于邻域值差异度量的离群点检测算法[J]. 计算机应用, 2018, 38(7): 1905-1909.