| Now, network security have been a very serious problem, How to effectively andtimely detect network attacks and prevent network attacks have a very importantsignificance. Existing network security technology has difficult to meet the networkmanagement. The Network security situation awareness technology based on fusion isbound to become the development direction of network management.Network security situation awareness is that fused the alarm information fromdifferent security testing tools and analyzed the current security situation in thenetwork. And predicted the next attack based on the current network status. Networkanomalies classified of imbalanced data is a part of network security situationawareness, and provide a very important safety information and decision-making forthe security situation. Its technology included data mining technology, fusiontechnology and visualization techniques. The study of this dissertation is data miningtechnologies of imbalanced data anomalies classification. These data are based onnetwork traffic statistics of time and host. How to achieve efficient and accurateclassification of network anomalies unbalanced data is a challenge for the networksecurity, to solve this problem, the present study finished several works based on thecharacteristics of the network data shown below:(1) This paper made improvement for two problems of abnormalclassification model in data preprocessing stage through analyzing traditionalabnormal classification model and characteristics of imbalance data. First, it isredundant attributes and attribute weight problem. Using rough set theory computesthe each attributes weights and reduces the attributes; Second, It is data discretion inrough set theory. This paper presented an adaptive discretization algorithm for datafeatures. The algorithm determined the discrete intervals by the distribution of thevalue of the object’s attributes. Experiments are conducted for these two improvedmethods. The experimental resulted prove the validity and accuracy of the algorithm.It reduced the dimension of the space and the subsequent amount of calculation andimproved the efficiency of the anomaly detection.(2) In abnormal classification stage, this paper proposed a solution for thenew anomalies and unbalanced data classification. The network will continue toemerge a new exception class with the advancement of the passage of time andtechnology. This paper solved the problem through update the abnormal model. Thereis the other problem is that abnormal behavior is less than the normal behavior. Theproblem resulted the data imbalance. Network anomaly classification efficiency isrelatively low classification. This paper solved the problem with a single classifier toclassify normal data and abnormal data. When a small number of abnormal dataappeared, Classification used fast K nearest neighbor classifier. thus the single classifier is working in the most time. It reduced the workload greatly and improvedthe efficiency.(3) Based on the above proposed method, the experiments are completedwith the classic kdd99and compare the other corresponding algorithms, experimentalresults demonstrate the efficiency and accuracy of the algorithm proposed in thispaper. |
PDF Full Text Request