基于深度森林的网络安全态势评估方法
Network Security Situation Assessment Based on Deep Forest

本文针对当前网络安全态势评估方法中存在的态势要素样本数据少、评估准确性不足和模型训练耗时长等问题，提出了一种基于深度森林的网络安全态势评估方法。首先，在数据预处理阶段融合并量化多源获取到的态势要素数据，将原始态势要素样本信息转换为更适合深度森林中级联森林的有效特征。然后，将特征输入多粒度扫描模块，进行强表征特征提取。最后将特征向量输入特征优化后的级联森林模块逐层训练，完成网络安全态势评估。仿真结果表明，与其他传统网络安全态势评估模型相比，所提模型具有更高的精确率和召回率。
In order to solve the problems existing in current network security situation assessment methods, such as fewer sample data of situation elements, insufficient assessment accuracy, and long training time of model, a network security situation assessment method based on deep forest is proposed. First, in the data preprocessing stage, the situation element data obtained from multiple sources are fused and quantified, and the original situation element sample information is converted into the effective features of the intermediate forest that are more suitable for the deep forest. Then, the features are input into the multi-granularity scanning module to extract strong characterization features. Finally, the feature vector is input into the cascaded forest module after feature optimization for layer by layer training to complete the network security situation assessment. The simulation results show that the proposed model has higher accuracy and recall than other traditional network security situation assessment models.