| 基于半监督聚类的网络入侵检测算法 |
| |
| 引用本文: | 魏小涛,黄厚宽,田盛丰.基于半监督聚类的网络入侵检测算法[J].铁道学报,2010,32(1). |
| |
| 作者姓名: | 魏小涛 黄厚宽 田盛丰 |
| |
| 作者单位: | 1. 北京交通大学,软件学院,北京,100044
2. 北京交通大学,计算机与信息技术学院,北京,100044 |
| |
| 基金项目: | 北京市教育委员会共建项目 |
| |
| 摘 要: | 入侵检测是维护网络安全的重要技术手段之一.本文提出一种聚类算法:k-cubes,用于网络异常检测.算法采用基于网格的方法对网络连接数据进行预处理,然后以网格为数据处理单位进行聚类,在聚类过程中通过动态合并与分裂自动决定聚类的数目.在此基础上给出了半监督k-cubes聚类算法,并根据聚类的结果生成检测规则.k-cubes聚类算法适合处理高维并且含有多值字符属性的大数据量数据,同时具有输入参数少等特点.在KDD99入侵检测数据集上的实验结果显示,算法获得95.82%的检测率和1.25%的误报率,并且在识别新入侵的能力上,算法检测到17种新入侵中的15种.
|
| 关 键 词: | 网络异常检测 半监督聚类 基于网格的聚类 |
A Semi-supervised Clustering Algorithm for Network Intrusion Detection |
| |
| WEI Xiao-tao,HUANG Hou-kuan,TIAN Sheng-feng.A Semi-supervised Clustering Algorithm for Network Intrusion Detection[J].Journal of the China railway Society,2010,32(1). |
| |
| Authors: | WEI Xiao-tao HUANG Hou-kuan TIAN Sheng-feng |
| |
| Institution: | WEI Xiao-tao1,HUANG Hou-kuan2,TIAN Sheng-feng2(1.Software of School,Beijing Jiaotong University,Beijing 100044,China,2.School of Computer , Information Technology,China) |
| |
| Abstract: | Intrusion detection is one of the most important techniques in the domain of network security.This paper proposes a novel clustering algorithm,named k-cubes,for network anomaly detection.The network connection data are preprocessed with a grid-based algorithm.Then the grid cells are clustered with the proposed method.The number of clusters is automatically decided by dynamically merging and splitting of clusters.Also the semi-supervised version of k-cubes is presented.Detection rules are produced according ... |
| |
| Keywords: | network anomaly detection semi-supervised clustering grid-based clustering |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
