Method of Security Situation Assessment Based on Improved Random Forest for Industrial Internet

HU Xiang-dong; WAN Run-nan

doi:10.12263/DZXB.20220924

您当前的位置：

首页 >

文章列表页 >

Method of Security Situation Assessment Based on Improved Random Forest for Industrial Internet

PAPERS | 更新时间：2025-12-11

- Method of Security Situation Assessment Based on Improved Random Forest for Industrial Internet
- ACTA ELECTRONICA SINICA Vol. 52, Issue 3, Pages: 783-791(2024)
- 作者机构：
  
  1.重庆邮电大学现代邮政学院，重庆 400065
  2.重庆邮电大学自动化学院/工业互联网学院，重庆 400065
- 作者简介：
- 基金信息：
  
  Chongqing University Innovation Research Group(CXQT20016)
- DOI：10.12263/DZXB.20220924
  CLC： TN918.91;TP181
- Received：05 August 2022，
  
  Revised：2022-10-24，
  
  Published：25 March 2024
- 稿件说明：
移动端阅览
胡向东,万润楠.基于改进随机森林的工业互联网安全态势评估方法[J].电子学报,2024,52(03):783-791.

HU Xiang-dong, WAN Run-nan.Method of Security Situation Assessment Based on Improved Random Forest for Industrial Internet[J].Acta Electronica Sinica, 2024, 52(03): 783-791.
胡向东,万润楠.基于改进随机森林的工业互联网安全态势评估方法[J].电子学报,2024,52(03):783-791. DOI：10.12263/DZXB.20220924

HU Xiang-dong, WAN Run-nan.Method of Security Situation Assessment Based on Improved Random Forest for Industrial Internet[J].Acta Electronica Sinica, 2024, 52(03): 783-791. DOI：10.12263/DZXB.20220924

摘要

针对工业互联网安全态势评估存在数据特征提取困难和安全态势评估准确率低等难题，提出一种基于改进随机森林的工业互联网安全态势评估方法. 基于随机采样技术平衡原始数据集以减小不平衡数据集对实验的影响；利用梯度提升决策树确定工业互联网流量数据中不同特征的权重系数，结合递归特征消除法提取其关键特征；构建基于改进随机森林的工业互联网多分类攻击检测模型，识别网络受到的攻击类别，并结合

安全态势量化指标确定其风险程度. 实验结果表明，本文算法的检测准确率和

1值分别达到89.19%和89.68%，相较于传统随机森林算法、支持向量机和K最近邻算法，其准确率和

1值分别至少提高2.91%和1.7%，平均分别提高8.38%和9.33%.

Abstract

Aiming at the difficulties of data feature extraction and low accuracy of industrial Internet security situation assessment method

a method of security situation assessment based on improved random forest for industrial Internet is proposed. The original data set is balanced based on random sampling technique to reduce the influence of unbalanced data set on the experiment. The gradient boosting decision tree is used to determine the weight coefficients of different features in industrial Internet traffic data

and the key features are extracted by the recursive feature elimination method. Construct a multi-classification attack detection model for the industrial Internet based on improved random forest

identify the types of attacks on the network

and determine the degree of risk in combination with the quantitative indicators of security situation. The experimental results show that the detection accuracy and

1 score of this algorithm reach 89.19% and 89.68% respectively. Compared with the traditional random forest algorithm

support vector machine and k-nearest neighbor algorithm

the accuracy and

1 score are improved by at least 2.91% and 1.7% respectively

with an average increase of 8.38% and 9.33%.

关键词

Keywords

references

董悦 , 王志勤 , 田慧蓉 , 等 . 工业互联网安全技术发展研究 [J ] . 中国工程科学 , 2021 , 23 ( 2 ): 65 - 73 .

DONG Y , WANG Z Q , TIAN H R , et al . Development of industrial Internet security technology in China [J ] . Strategic Study of CAE , 2021 , 23 ( 2 ): 65 - 73 . (in Chinese)

ALALI M , ALMOGREN A , HASSAN M M , et al . Improving risk assessment model of cyber security using fuzzy logic inference system [J ] . Computers & Security , 2018 , 74 : 323 - 339 .

ZHAN M G , LI Y , YANG X H , et al . NSAPs: A novel scheme for network security state assessment and attack prediction [J ] . Computers & Security , 2020 , 99 : 102031 .

WANG Q , BU S Q , HE Z Y , et al . Toward the prediction level of situation awareness for electric power systems using CNN-LSTM network [J ] . IEEE Transactions on Industrial Informatics , 2021 , 17 ( 10 ): 6951 - 6961 .

胡向东 , 盛顺利 . 融合DBN和BiLSTM的工业互联网入侵检测方法 [J ] . 重庆邮电大学学报(自然科学版) , 2022 , 34 ( 01 ): 134 - 146 .

HU X D , SHENG S L . Industrial internet intrusion detection method integrating DBN and BiLSTM [J ] . Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition) , 2022 , 34 ( 1 ): 134 - 146 . (in Chinese)

HAMMAD M , HEWAHI N , ELMEDANY W . MMM-RF: A novel high accuracy multinomial mixture model for network intrusion detection systems [J ] . Computers & Security , 2022 , 120 : 102777 .

HAN W , TIAN Z , HUANG Z , et al . System architecture and key technologies of network security situation awareness system YHSAS [J ] . Computers, Materials and Contin- ua , 2019 , 59 ( 1 ): 167 - 180 .

杨宏宇 , 张梓锌 , 张良 . 基于并行特征提取和改进BiGRU的网络安全态势评估 [J ] . 清华大学学报(自然科学版) , 2022 , 62 ( 5 ): 842 - 848 .

YANG H Y , ZHANG Z X , ZHANG L . Network security situation assessments with parallel feature extraction and an improved BiGRU [J ] . Journal of Tsinghua University (Science and Technology) , 2022 , 62 ( 5 ): 842 - 848 . (in Chinese)

张红斌 , 尹彦 , 赵冬梅 , 等 . 基于威胁情报的网络安全态势感知模型 [J ] . 通信学报 , 2021 , 42 ( 6 ): 182 - 194 .

ZHANG H B , YIN Y , ZHAO D M , et al . Network security situational awareness model based on threat intelligence [J ] . Journal on Communications , 2021 , 42 ( 6 ): 182 - 194 . (in Chinese)

XI R R , YUN X C , HAO Z Y . Framework for risk assessment in cyber situational awareness [J ] . IET Information Security , 2019 , 13 ( 2 ): 149 - 156 .

吴海涛 , 代尚林 , 乔中伟 , 等 . 基于RBF-SVM智能配变终端的网络安全态势评估 [J ] . 电力科学与技术学报 , 2021 , 36 ( 5 ): 35 - 40 .

WU H T , DAI S L , QIAO Z W , et al . Research on network security situation awareness of intelligent distribution transformer terminal unit based on RBF-SVM [J ] . Journal of Electric Power Science and Technology , 2021 , 36 ( 5 ): 35 - 40 . (in Chinese)

DONG R H , SHU C , ZHANG Q Y . Security situation assessment algorithm for industrial control network nodes based on improved text SimHash [J ] . International Journal of Network Security , 2021 , 23 ( 6 ): 973 - 984 .

FRIEDMAN J H . Greedy function approximation: A gradient boosting machine [J ] . the annals of statistics , 2001 , 29 ( 5 ): 1189 - 1232 .

FARNAAZ N , JABBAR M A . Random forest modeling for network intrusion detection system [J ] . Procedia Computer Science , 2016 , 89 : 213 - 217 .

MOUSTAFA N , SLAY J . The evaluation of network anomaly detection systems: Statistical analysis of the unsw-NB15 data set and the comparison with the KDD99 data set [J ] . Information Security Journal: A Global Perspective , 2016 , 25 ( 1-3 ): 18 - 31 .

FIRST . Org , Inc. Common vulnerability scoring system v 3 . 1 : Specification document[EB/OL ] . ( 2019-06-10 )[ 2022-08-05 ] . https://www.first. org https://www.first.org .

ZHANG H F , KANG C Y , XIAO Y . Research on network security situation awareness based on the LSTM-DT model [J ] . Sensors , 2021 , 21 ( 14 ): 4788 .

工业和信息化部 . 工业和信息化部印发《公共互联网网络安全突发事件应急预案》 [J ] . 中国应急管理 , 2017 ( 11 ): 22 - 25 .

Ministry of Industry and Information Technology . The ministry of industry and information technology issued the public internet network security emergency response plan [J ] . China Emergency Management , 2017 ( 11 ): 22 - 25 . (in Chinese)

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Research on Dynamic Continuous Emotional Recognition of EEG Based on Improved TCNN Algorithm

Research on Lightweight Sensing Technology Based on Single Antenna and Multiple Subcarriers

Real-Time Detection Method of Malicious Behaviors in Industrial Internet Based on Feature Combination Optimization

Related Author

JIE Li-lin

LIU Yong

WANG Ming-xun

ZOU Yang-meng

XU Yi-lu

LU Yu-ming

JIANG Yu

WANG Jia-dong

Related Institution

School of Instrument Science and Optoelectronic Engineering, Nanchang Hangkong University

School of Aviation Services and Music, Nanchang Hangkong University

School of Software, Jiangxi Agricultural University

School of Aeronautical Manufacturing and Mechanical Engineering, Nanchang Hangkong University

School of Cyber Science and Engineering, Southeast University

⁰