基于改进随机森林的工业互联网安全态势评估方法
Method of Security Situation Assessment Based on Improved Random Forest for Industrial Internet
胡向东 1万润楠2
作者信息
- 1. 重庆邮电大学现代邮政学院,重庆 400065;重庆邮电大学自动化学院/工业互联网学院,重庆 400065
- 2. 重庆邮电大学自动化学院/工业互联网学院,重庆 400065
- 折叠
摘要
针对工业互联网安全态势评估存在数据特征提取困难和安全态势评估准确率低等难题,提出一种基于改进随机森林的工业互联网安全态势评估方法.基于随机采样技术平衡原始数据集以减小不平衡数据集对实验的影响;利用梯度提升决策树确定工业互联网流量数据中不同特征的权重系数,结合递归特征消除法提取其关键特征;构建基于改进随机森林的工业互联网多分类攻击检测模型,识别网络受到的攻击类别,并结合安全态势量化指标确定其风险程度.实验结果表明,本文算法的检测准确率和F1值分别达到89.19%和89.68%,相较于传统随机森林算法、支持向量机和K最近邻算法,其准确率和F1值分别至少提高2.91%和1.7%,平均分别提高8.38%和9.33%.
Abstract
Aiming at the difficulties of data feature extraction and low accuracy of industrial Internet security situa-tion assessment method,a method of security situation assessment based on improved random forest for industrial Internet is proposed.The original data set is balanced based on random sampling technique to reduce the influence of unbalanced da-ta set on the experiment.The gradient boosting decision tree is used to determine the weight coefficients of different fea-tures in industrial Internet traffic data,and the key features are extracted by the recursive feature elimination method.Con-struct a multi-classification attack detection model for the industrial Internet based on improved random forest,identify the types of attacks on the network,and determine the degree of risk in combination with the quantitative indicators of security situation.The experimental results show that the detection accuracy and F1 score of this algorithm reach 89.19%and 89.68%respectively.Compared with the traditional random forest algorithm,support vector machine and k-nearest neigh-bor algorithm,the accuracy and F1 score are improved by at least 2.91%and 1.7%respectively,with an average increase of 8.38%and 9.33%.
关键词
工业互联网/态势评估/特征提取/梯度提升决策树/随机森林Key words
industrial internet/situation assessment/feature extraction/gradient boosting decision tree/random forest引用本文复制引用
基金项目
重庆市高等学校创新研究群体项目(CXQT20016)
出版年
2024
国家科技期刊平台
NSTL
万方数据