An Extraction Method of Network Security Situation Elements Based on Gradient Lifting Decision Tree

Abstract

The primary purpose of acquiring network security situation elements is to detect and discover potential security threats from discrete and isolated data. In the complex network environment, the existing network security situation element acquisition technology has the problems of low extraction accuracy and low extraction efficiency. To solve these problems, a method for extracting network security situation elements based on Gradient Boosting Decision Tree (GBDT) is proposed. This method uses the attribute reduction function of rough set to preprocess the original data, which can effectively reduce redundancy. Furthermore, the initial parameters of GBDT are optimized by quantum particle swarm optimization (QPSO) algorithm to improve stability. Finally, the optimized GBDT classifier is used to classify and train with the reduced data set, and the accuracy of the final classifier is continuously improved by reducing the deviation via iterative optimization. Experiments demonstrate that the proposed algorithm achieves significant results and outperforms several state-of-the-art algorithms to the extraction of network security situation elements on the UNSW-NB15 dataset.