Network security situation prediction method via step adaption and similarity correction

For the problem of network security situation prediction, a prediction method via step adaption and similar correction is proposed. Firstly, variational modal decomposition is introduced to extract the main modal components. Secondly, the fast fourier transform is used to determine the period number for the input length of the prediction model. For the non-periodic modal components, the decreasing Lempel-Ziv complexity criterion is used to determine the input length of the prediction model adaptively. Thirdly, for each modal component, the support vector machine sub-model is constructed by the training dataset. Then, on the basis of the cosine variance similarity index, the similar subsets corresponding to the test set are searched in the training dataset. Additionally, via the above sub-model, the initial prediction result of the similar data subset is obtained. Furthermore, the similar data subset and the initial prediction result are afforded for the final inputs of the support vector machine prediction model. Finally, experiments on the standard cybersecurity dataset NSL-KDD show that the proposed single-step prediction method has a mean square error (MSE) of 0.000175, a mean absolute error (MAE) of 0.0107, and a coefficient of determination (R2) of 98.40%, and its prediction accuracy is significantly better than that of the traditional shallow learning, deep learning, and support vector machine methods; among the four-step prediction, the introduction of the correction mechanism is more obvious, compared with the pre-correction, the MAE and MSE are reduced by 29.00% and 53.69% respectively, and the R2 is improved by 5.03%; in summary, the higher prediction accuracy of the prediction method based on adaptive-similarity correction is verified.