Research On Feature Extraction Of Security Situation Awareness Based On Machine Learning

Situation feature extraction technology is an important part of situation awareness,which directly affects the results of abnormal behavior detection in situation awareness system.However,massive network traffic data has many problems,such as high-dimensional,noise and redundant features,which seriously affect the accuracy and real-time of situation awareness system detection.Feature extraction technology can reduce the data dimension to a certain extent,and extract the best feature subset that can represent the classification results.This paper mainly studies the application of machine learning feature extraction method in situation awareness system,and proposes a feature selection method based on machine learning to extract situation features.The main research work of this paper includes the following parts:1.The method of hybrid model is used to extract the features of network traffic data set,which is mainly divided into two steps.Firstly,variance filter is used to eliminate redundant and uncorrelated features in dataset,and then the recursive feature elimination(RFE)algorithm based on decision tree is used to extract and classify the filtered dataset.Through the two steps of feature filtering and extraction,the data dimension of model training is greatly reduced,and all the effective feature subsets that can represent the classification results are retained in the model.Experimental results show that the model classification effect after feature extraction is improved,and the training time of the model is greatly reduced,which is very valuable for the high-dimensional and noise problems in the real mass data sets.2.The feature extraction method based on neural network is used.Firstly,a method of converting one-dimensional network traffic data into two-dimensional image is proposed.Then,a CNN model with good classification effect is designed,and the convolution layer and pooling layer of the model are used to extract the feature of two-dimensional image and reduce the dimension of data.In the model,the relu activation function is introduced to replace the traditional sigmoid and Tan activation functions,which makes the model convergence faster.In addition,the dropout layer is introduced to prevent the over fitting phenomenon of the model,which makes the generalization ability of the model stronger.Finally,the model is constructed to classify and predict the two-dimensional image.The experiment shows that the methodimproves the accuracy of the model and reduces the false alarm rate.3.An unsupervised learning method based on Denoising Auto-encoder neural network is proposed for feature extraction and classification prediction of nsl-kdd data set.For the experimental dataset,the number of hidden layer neurons,noise factor and loss function of the optimal parameters are selected through multiple experiments.This method has a high detection rate of abnormal traffic,and solves the problem that the abnormal traffic is very few in the real network,which leads to the imbalance of data samples.