Research And Application Of Network Attack Alarm Aggregation Based On Swarm Intelligence Optimization Algorithm

In the field of network security,intrusion detection system,as an extension of traditional security defense technology,enhances the defense ability against network attacks.However,due to the massive redundant alarms generated by it,intrusion detection technology has the defect of high false positive rate.How to reduce the redundant alarm records generated by intrusion detection system has always been the focus of scholars.The alarm aggregation method based on clustering technology and attribute similarity calculation has achieved good results in reducing redundant alarms,but there are still deficiencies in the accuracy and stability of aggregation.In recent years,with the rise of swarm intelligence optimization algorithm,scholars pay attention to the application of swarm intelligence optimization algorithm to solve optimization problems,and have achieved excellent research results in many fields such as scheduling,optimization,clustering and so on.This paper will focus on the research and application of alarm aggregation method based on clustering technology and attribute similarity calculation,and improve the shortcomings of the two methods through the combination of swarm intelligence optimization algorithm and alarm aggregation method.The main research contents and innovations of this paper are as follows:(1)A new alarm aggregation method combining whale optimization algorithm and hierarchical clustering algorithm is proposed.This method is based on the hierarchical clustering algorithm.By configuring the encoding and decoding scheme and fitness function,the whale optimization algorithm is applied to the search process of the cluster center to improve the deficiency that the hierarchical clustering algorithm is easy to fall into local optimization and premature convergence.On this basis,we improve the overall structure of hierarchical clustering algorithm,and propose a new global version of hierarchical clustering scheme,which eliminates the clustering coincidence problem caused by local hierarchical clustering algorithm.The experimental results show that the average clustering accuracy of this method is about 95.2%,and a large number of redundant normal traffic alarms can be removed.(2)A new alarm aggregation method combining whale optimization algorithm and attribute similarity is proposed.Based on the aggregation of weighted similarity of alarm attributes,the whale optimization algorithm is applied to the selection and weight assignment of alarm attributes.The selected attribute subset can reduce the data dimension and improve the running efficiency of the program on the premise of ensuring the classification accuracy.Whale optimization algorithm aims to search the optimal weight set,endows different attribute weights to different types of attacks,and solves the problem of inaccurate aggregation caused by different attribute importance of different types of attacks.Experimental results show that this method has better performance in aggregating alarms of different types of attacks,and the average alarm aggregation rate is about 93.57%.Based on the research results,we apply the new alarm aggregation method proposed in this paper to the data aggregation and fusion framework system.Firstly,we introduce the position of the method proposed in this paper in the data aggregation and fusion system,then carry out the scheme design and module design of the proposed framework,and introduce the details and methods of the implementation of each module in detail,Finally,the application value of the research results in the data aggregation and fusion system is verified by the scheme test.