Research On Network Security Situation Feature Selection Method Based On Hybrid Mode

Situation Perception as the basis period of network situation awareness include anomaly detection and known attack detection,so as to detect the security threats and its situation real-timely.However,the high-dimensional redundant features and irrelevant features of network security data have seriously affected the real-time and accuracy of situation perception.The feature selection technique can help to reduce the dimension to a certain extent,but most of the existing feature selection algorithms do not pay attention to the detection performance of the features,resulting in the lower detection rate of the selected feature subset.In addition,the updating of original feature set and the known attack library also makes it possible to change the optimal feature set which can be used for the situation detection,which increases the difficulty of feature selection.Based on the analysis of network security situation feature and detection process,this paper studies and proposes a feature selection algorithm which is suitable for anomaly detection,known attack detection and dynamic situation perception,and selects the optimal feature subsets and information which can be used for situation perception,and update the optimal feature subset according to the change of network dynamically,so as to improve the effectiveness and accuracy of the situation perception process,and provide reliable technical support and data support for the situation assessment and situation prediction.This paper firstly introduce the concepts and related research of cyber security situation awareness and its' importance,give the definition of network security situation features and the importance of feature selection to situation perception.Then it analyze the feature selection technolofy,and the application of information entropy and K-means algorithm in feature selection.Secondly,a two-period feature selection method for anomaly detection is proposed on the problem of large amount of data,high dimensionality,more redundant information and lower real-time performance faced in the anomaly detection process of Situation Perception.K-means has been improved thtough improving its' three limitations,and been used with information entropy and correlation to select truely useful features for anomal detection.Results showed the method could reduce the data dimension,improve the timeline and the accuracy of anomaly detection.Thirdly,the paper propose a feature selection method for known attack detection based on the random least redundant conditional mutual information and SVM by analyzing the situation features,because the situation perception also need to detect the known attack,and the features that fit for the abnormal detection could not be well used for the known attack.Experiment results showed that this method could effectively improve the real-time detection for known attack,and reduce the false rate obviously under the condition of ensuring detection rate for known attack.Finally,the paper propose a dynamic situation feature selection model based on hybrid mode through analyzing the necessity of dynamic feature selection combined with the process of data extraction and object extraction,and then give the tree meanings of “hybrid”.The model make use of output data of object extraction process which could reduce the running time and select minimum optimal potential subsets for detection dynamically according to the change of situation elements.Experiment result showed that this model could update feature subsets in real time based on the change of data in network,which has a good effect on improving the accuracy and timeliness of situation perception.