网络安全态势感知框架及随机森林评估模型

针对传统网络安全态势感知评估过多依赖专家经验的问题,提出一种基于随机森林的多层次网络安全态势感知(Cyber Security Situational Awareness,CSSA)框架评估模型.首先将CSSA的过程与安全数据生命周期进行对齐,并分析CSSA的需求,提出CSSA多层次分析框架,然后采用随机森林算法,构建CSSA评估模型,该模型基于多个分类器组合的思想,由决策树构成,每棵树依赖于独立样本,以及森林中所有树的随机向量分布相同的值.在进行分类时,每棵树投票并返回票数最多的类,这使得网络安全态势评估更为客观和准确.实验表明,与贝叶斯网络相比,此模型可以更快速、更准确地评估当前的网络安全情况.

Network Security Situation Awareness Framework and Random Forest Assessment Model

In view of the fact that traditional network security situational awareness assessment relies too much on expert experience, this paper proposes a multi-layer cyber security situational awareness (CSSA) framework and a network security situation assessment model based on random forest. In this method, the CSSA process has first been aligned with the security data lifecycle, the CSSA requirements analyzed, a CSSA multi-level analysis framework proposed, and then the random forest algorithm used to build the CSSA assessment model. This model is based on multiple classifiers. The idea of composition consists of a decision tree, each tree relies on independent samples, and the random vectors of all trees in the forest distribute the same value. When classifying, every tree voted and returned the class with the most votes, which made the network security situation assessment more objective and accurate. Experiments show that compared with Bayesian networks, this model can assess the current network security situation more quickly and accurately.