| Effective detection of network intrusion events is an important method to ensure computer and network security.First,in order to improve the accuracy of network intrusion event mining,the behavior characteristics of intrusion events are studied from the perspectives of feature selection and data balance.Secondly,based on the idea of network topology discovery,the spatiotemporal characteristics of intrusion events are analyzed.The effectiveness of the proposed method is verified by experiments and the developed network intrusion event mining and analysis system.The main research work and results include:1.A feature selection algorithm(Principal Component Analysis and Genetic Algorithm,referred to as PCA-GA)that combines principal component analysis and genetic algorithm is proposed.In view of the high-dimensional and redundant features of the network traffic dataset,by using principal component analysis as a filter,the feature correlation is calculated,the irrelevant features are filtered out,and then the genetic algorithm is used as a wrapper to find the best feature subset.2.A data balancing algorithm based on multi-class data balancing strategy(Polynum_fit_smote based on Multi-class data balance,MPFS for short)is proposed(Take the first letter of the strategy and the first letter of the data balancing algorithm).Aiming at the class imbalance existing in the network traffic data set,that is,the data imbalance exists between the normal class,the abnormal class and each abnormal subclass,the multi-class data balancing strategy is used for the adopted data balancing algorithm.3.A network intrusion event mining algorithm based on feature selection and data balancing is proposed.First,the PCA-GA feature selection algorithm is used to obtain the best feature subset.Meanwhile,to further improve the accuracy of network intrusion event mining,the MPFS algorithm is used to alleviate the balance of data and solve the impact caused by unbalanced data.Finally,the multi-category classification algorithm is used for network intrusion event mining.4.A network intrusion event mining algorithm based on PCA-GA and MPFS is proposed.First,use the PCA-GA feature selection algorithm to obtain the best feature subset.Secondly,in order to further improve the accuracy of network intrusion event mining,MPFS algorithm is used to alleviate the balance of data and solve the impact of unbalanced data.Finally,the multi-class classification algorithm is used to mine network intrusion events.5.The above research results are applied to the actual system,and the design scheme of the network intrusion event mining and analysis system is given.And use Python language and Django technology to develop a network intrusion event mining and analysis prototype system.The system design realizes the functions of data uploading,intrusion event query,attack chain query,user management,etc.The algorithm proposed above is used for mining and analysis of actual network intrusion events. |
PDF Full Text Request