Research on Network Security Situation Awareness Based on the LSTM-DT Model
To better understand the behavior of attackers and describe the network state, we construct an LSTM-DT model for network security situation awareness, which provides risk assessment indicators and quantitative methods. This paper introduces the concept of attack probability, making prediction result...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2021-07-01
|
Series: | Sensors |
Subjects: | |
Online Access: | https://www.mdpi.com/1424-8220/21/14/4788 |
_version_ | 1797526030846525440 |
---|---|
author | Haofang Zhang Chunying Kang Yao Xiao |
author_facet | Haofang Zhang Chunying Kang Yao Xiao |
author_sort | Haofang Zhang |
collection | DOAJ |
description | To better understand the behavior of attackers and describe the network state, we construct an LSTM-DT model for network security situation awareness, which provides risk assessment indicators and quantitative methods. This paper introduces the concept of attack probability, making prediction results more consistent with the actual network situation. The model is focused on the problem of the time sequence of network security situation assessment by using the decision tree algorithm (DT) and long short-term memory(LSTM) network. The biggest innovation of this paper is to change the description of the network situation in the original dataset. The original label only has attack and normal. We put forward a new idea which regards attack as a possibility, obtaining the probability of each attack, and describing the network situation by combining the occurrence probability and attack impact. Firstly, we determine the network risk assessment indicators through the dataset feature distribution, and we give the network risk assessment index a corresponding weight based on the analytic hierarchy process (AHP). Then, the stack sparse auto-encoder (SSAE) is used to learn the characteristics of the original dataset. The attack probability can be predicted by the processed dataset by using the LSTM network. At the same time, the DT algorithm is applied to identify attack types. Finally, we draw the corresponding curve according to the network security situation value at each time. Experiments show that the accuracy of the network situation awareness method proposed in this paper can reach 95%, and the accuracy of attack recognition can reach 87%. Compared with the former research results, the effect is better in describing complex network environment problems. |
first_indexed | 2024-03-10T09:24:23Z |
format | Article |
id | doaj.art-1cf3268d4da74adc96bdb965aec15a3a |
institution | Directory Open Access Journal |
issn | 1424-8220 |
language | English |
last_indexed | 2024-03-10T09:24:23Z |
publishDate | 2021-07-01 |
publisher | MDPI AG |
record_format | Article |
series | Sensors |
spelling | doaj.art-1cf3268d4da74adc96bdb965aec15a3a2023-11-22T04:56:04ZengMDPI AGSensors1424-82202021-07-012114478810.3390/s21144788Research on Network Security Situation Awareness Based on the LSTM-DT ModelHaofang Zhang0Chunying Kang1Yao Xiao2School of Data Science and Technology, Heilongjiang University, Harbin 150000, ChinaSchool of Data Science and Technology, Heilongjiang University, Harbin 150000, ChinaSchool of Data Science and Technology, Heilongjiang University, Harbin 150000, ChinaTo better understand the behavior of attackers and describe the network state, we construct an LSTM-DT model for network security situation awareness, which provides risk assessment indicators and quantitative methods. This paper introduces the concept of attack probability, making prediction results more consistent with the actual network situation. The model is focused on the problem of the time sequence of network security situation assessment by using the decision tree algorithm (DT) and long short-term memory(LSTM) network. The biggest innovation of this paper is to change the description of the network situation in the original dataset. The original label only has attack and normal. We put forward a new idea which regards attack as a possibility, obtaining the probability of each attack, and describing the network situation by combining the occurrence probability and attack impact. Firstly, we determine the network risk assessment indicators through the dataset feature distribution, and we give the network risk assessment index a corresponding weight based on the analytic hierarchy process (AHP). Then, the stack sparse auto-encoder (SSAE) is used to learn the characteristics of the original dataset. The attack probability can be predicted by the processed dataset by using the LSTM network. At the same time, the DT algorithm is applied to identify attack types. Finally, we draw the corresponding curve according to the network security situation value at each time. Experiments show that the accuracy of the network situation awareness method proposed in this paper can reach 95%, and the accuracy of attack recognition can reach 87%. Compared with the former research results, the effect is better in describing complex network environment problems.https://www.mdpi.com/1424-8220/21/14/4788network security situation assessmentanalytic hierarchy processstack sparse auto-encoderlong short-term memory networkdecision tree |
spellingShingle | Haofang Zhang Chunying Kang Yao Xiao Research on Network Security Situation Awareness Based on the LSTM-DT Model Sensors network security situation assessment analytic hierarchy process stack sparse auto-encoder long short-term memory network decision tree |
title | Research on Network Security Situation Awareness Based on the LSTM-DT Model |
title_full | Research on Network Security Situation Awareness Based on the LSTM-DT Model |
title_fullStr | Research on Network Security Situation Awareness Based on the LSTM-DT Model |
title_full_unstemmed | Research on Network Security Situation Awareness Based on the LSTM-DT Model |
title_short | Research on Network Security Situation Awareness Based on the LSTM-DT Model |
title_sort | research on network security situation awareness based on the lstm dt model |
topic | network security situation assessment analytic hierarchy process stack sparse auto-encoder long short-term memory network decision tree |
url | https://www.mdpi.com/1424-8220/21/14/4788 |
work_keys_str_mv | AT haofangzhang researchonnetworksecuritysituationawarenessbasedonthelstmdtmodel AT chunyingkang researchonnetworksecuritysituationawarenessbasedonthelstmdtmodel AT yaoxiao researchonnetworksecuritysituationawarenessbasedonthelstmdtmodel |