A New Method of Data Preprocessing for Network Security Situational Awareness

Abstract

Network Security Situational Awareness(NSSA) has been a hot research in the network security domain.The amount of data from network attacks from Intrusion Detection System (IDS),and hosts'vulnerabilities and the hosts'states is very large.If we use the large amount of data as the NSSA elements directly,the algorithm of data processing must collapse or use a very long time. So in this paper,a method of data preprocessing for NSSA based on conditional random fields(CRFs) is proposed.This method takes advantages of the CRFs models which can stitch to sequence data marking and add random attributes.It uses varied connection information and its relativity in network connection information data sequence as well as the feature sets relativity to attack detection and discovery of abnormal phenomenon. It uses KDD Cup 1999 data sets as experimental data and comes to a conclusion that our proposed method is practicable,reliable and efficient.