Approach To Network Security Situational Element Extraction Based On Rough Set

Advanced technology promotes the rapid development of Internet industry and it facilitates people’s life,at the same time network security problems disturb the people’s daily lives.Network security products mainly on passive defense,in order to better cope with the complicated network attacks,network security situational awareness technology came into being,it is a kind of active defense technology.Through the situation extraction,situation assessment and situation prediction these three processes to ensure network security.Extraction technology of situation element is the basis of situational awareness,directly affects the results of the situation assessment and prediction.In this thesis,we deeply study the method of extracting the network situation elements which takes network security situational awareness as the research background.The model and the calculation method of the situation element extraction based on rough set are established which improve the accuracy of the situation element extraction,it provides a more reliable basis for network workers when they are assessing and predicting the situation.The main work includes the following parts:(1)Exploring the construction of situation element extraction modelFirst,the concepts of situational awareness technology and situation element extraction technology are summarized.The extraction technology of situation element is the prerequisite of the whole situation awareness process,the quality of situation element is essential.Therefore,according to the characteristics of the situation element,this thesis redefines the requirement of the situation element extraction and constructs the model of network situation element extraction based on rough set.(2)A method of situation element extraction is proposed based on parallel reductionThe original data of the situation elements has the characteristics of large amount of data and update fast.The traditional reduction algorithm can’t cope with the requirement of the situation element reduction.In order to solve this problem,this thesis proposes a method of situation element extraction based on parallel reduction,we expand a single decision information table to multiple ones under the condition of having not affect the classification.Calculating attribute importance by condition entropy,we delete the redundant attributes on the basis of the definition of parallel reduction rules,so as to reduce the dimensions of the situational elements.The algorithm flow is expounded with an example.(3)A method of situation element extraction is proposed based on neighborhood rough setIn fact,the original situation elements have a variety of types at the same time.The discretization process is very easy to affect the quality of the situation elements.To solve this problem,in this thesis,a method of situation element extraction based on neighborhood rough set is proposed,this method can deal with continuous data directly which uses the neighborhood relation instead of the equivalence relation.This method reduces the loss of information in the data type conversion process.In order to reduce the error caused by artificially defined neighborhood radius,we use the standard deviation set as the criterion of neighborhood division.This method effectively avoids the influence of human operation on the results and ensures the accuracy of the situation element extraction.(4)Verify the effectiveness of the method of situation element extractionThis thesis uses the method of situation element extraction based on parallel reduction and the method of situation element extraction based on neighborhood rough set to experiment.The experimental data set is NSL-KDD.The experimental results show that the data set reduced by the algorithm proposed in this thesis than the original data set has a higher accuracy rate in the attack type detection,and it takes shorter time to build the classification model.This algorithm has a high recall rate and lower false rate than other reduction algorithms.This algorithm can accurately extract the network security situation elements.