基于遗传算法和LightGBM的网络安全态势感知模型
网络安全与数据治理
胡锐,徐芳,熊郁峰,熊洲宇,陈敏
江西省烟草公司吉安市公司
摘要: 针对传统烟草工业系统中的网络流量异常检测方法存在的特征间联系和上下文信息丢失等问题,提出了一种基于遗传算法改进的LightGBM模型,此模型能够使得模型避免陷入局部最优情况。首先通过计算构建树模型对数据降维,从高维数据中挖掘出对于检测效果影响重要的关键特征信息,并使用提出的模型对这些关键特征信息进行分析。为了评估模型的有效性与优越性,使用准确率和损失进行模型评价,并与其他网络流量异常检测模型Tabular model、TabNet、LightGBM、XGBoost进行对比。使用公开数据集 CIC.IDS.2018 进行实验分析。结果表明,在高特征的网络安全态势感知下,多分类和二分类的识别准确率分别达99.43%和99.87%,在低特征情况下,多分类和二分类的识别准确率分别达98.73%和99.39%,具有较高准确率以及良好的灵活性和鲁棒性。
中图分类号:TP393.0文献标识码:ADOI:10.19358/j.issn.2097-1788.2024.03.003
引用格式:胡锐,徐芳,熊郁峰,等.基于遗传算法和LightGBM的网络安全态势感知模型[J].网络安全与数据治理,2024,43(3):14-20.
引用格式:胡锐,徐芳,熊郁峰,等.基于遗传算法和LightGBM的网络安全态势感知模型[J].网络安全与数据治理,2024,43(3):14-20.
Network traffic anomaly identification and detection based on genetic algorithm and LightGBM
Hu Rui,Xu Fang,Xiong Yufeng,Xiong Zhouyu,Chen Min
Jiangxi Tobacco Company Ji′an City Company
Abstract: This study proposes an improved LightGBM model based on genetic algorithm to avoid problems such as the connection between features and the loss of contextual information in the network traffic anomaly detection method in traditional tobacco industry systems. This model can avoid the model falling into local optimal situations. First, the data dimensionality is reduced by calculating and constructing a tree model, and key feature information that is important to the detection effect is mined from high dimensional data, and the proposed model is used to analyze this key feature information. To evaluate the effectiveness and superiority of the model, this paper uses accuracy and loss to evaluate the model and compares it with other network traffic anomaly detection models Tabular model, TabNet, LightGBM, and XGBoost. Experimental analysis was conducted using the public data set CIC.IDS.2018. The results show that under high-feature network security situational awareness, the recognition accuracy of multi class and two-class classification reaches 99.43% and 99.87% respectively. In the case of low features, the multi-class recognition accuracy is 99.43%. The recognition accuracy of classification and binary classification reaches 98.73% and 99.39% respectively, which has high accuracy and good flexibility and robustness.
Key words : anomaly detection; machine learning; genetic algorithm; LightGBM
引言
网络给诸多行业发展带来了便利,但因网络而导致的问题也日渐显著,相继出现了因网络信息保护不利而导致的信息泄露、网络诈骗、网络监听等事件[1]。人工智能技术是网络安全技术难题的重要解决手段,越来越多的研究着重于基于人工智能构建网络态势感知模型[2]。应对网络攻击的研究成为热门[3-4],研究人员逐渐使用网络安全态势感知代替原有的被动防御措施,能够提前预测和发现潜藏的网络攻击。原始的网络异常流量检测模型中通常使用统计分析[5]等方法,由于是通过已有信息来进行防范,往往因为预测效果差而达不到防范新型网络攻击的效果。
本文详细内容请下载:
https://www.chinaaet.com/resource/share/2000005929
作者信息:
胡锐,徐芳,熊郁峰,熊洲宇,陈敏
江西省烟草公司吉安市公司,江西吉安343009
此内容为AET网站原创,未经授权禁止转载。