• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Mechatronics and Information Technology >A Novel and Practical Method for Network Security Situation Prediction
【24h】

A Novel and Practical Method for Network Security Situation Prediction

机译:一种新颖的网络安全局面预测方法

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

The real-time prediction of network security situation can significantly improve the monitoring and emergency response capability of the network. However, in practice, if there are a large amount of false predictions, the network administrators should become insensitive and will finally ignore all prediction results. In this paper, we try to solve this issue and propose a novel False Positive Adaptive (FPA) method for network security situation prediction. The main idea of our method is using extra information to reduce the number of false positives in prediction. In the model training step, we take advantage of host and network information to eliminate meaningless alerts produced by security tools such as Intrusion Detection System (IDS) and firewall, thus assuring the accuracy of the training samples. In the prediction step, we utilize the detection information from security tools to confirm the prediction results automatically. If the previous predictions are not detected, they will be considered as false positives and the prediction model will be retrained by incremental learning. In our work, the model training and incremental learning is accomplished efficiently by neural network and boosting algorithm.
机译:网络安全情况的实时预测可以显着提高网络的监控和紧急响应能力。但是,在实践中,如果存在大量的假预测,网络管理员应该不敏感,最终将忽略所有预测结果。在本文中,我们尝试解决这个问题,并提出了一种用于网络安全情况预测的新型假阳性自适应(FPA)方法。我们的方法的主要思想是使用额外信息来减少预测中的误报的数量。在模型培训步骤中,我们利用主机和网络信息,以消除安全工具产生的无意义警报,如入侵检测系统(IDS)和防火墙,从而确保训练样本的准确性。在预测步骤中,我们利用安全工具中的检测信息自动确认预测结果。如果未检测到先前的预测,则将被视为假阳性,并且预测模型将通过增量学习来培训。在我们的工作中,通过神经网络和升压算法有效地实现了模型培训和增量学习。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号