[1]王飞,钱玉文,王执铨,等.基于无监督聚类算法的入侵检测[J].南京理工大学学报(自然科学版),2009,(03):288-292.
 WANG Fei,QIAN Yu-wen,WANG Zhi-quan.Intrusion Detection Based on Unsupervised Clustering Algorithm[J].Journal of Nanjing University of Science and Technology,2009,(03):288-292.
点击复制

基于无监督聚类算法的入侵检测
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
期数:
2009年03期
页码:
288-292
栏目:
出版日期:
2009-06-30

文章信息/Info

Title:
Intrusion Detection Based on Unsupervised Clustering Algorithm
作者:
王飞;钱玉文;王执铨;
南京理工大学自动化学院, 江苏南京210094
Author(s):
WANG FeiQIAN Yu-wenWANG Zhi-quan
School of Automation,NUST,Nanjing 210094,China
关键词:
入侵检测 计算机犯罪 探测器 因特网 网络安全 无监督聚类 无类标数据
Keywords:
intrusion detection computer crime detectors internet network security unsupervised clustering unlabeled data
分类号:
TP393.08
摘要:
针对应用聚类方法检测入侵中参数人为指定的问题,提出了一种新的基于无监督的聚类算法。该方法不需要人为设置参数并且不受数据输入顺序的影响,聚类的形状是任意的,能够较真实地反映数据分布的具体性状。算法通过比较无类标训练集样本间的距离,根据距离最近的样本首先聚合成类的特性,在每一步聚类结束时,再次比较类间距离以及计算类内数据占总数据的比率来确定异常数据类。实验证明该算法处理未知入侵检测问题的检测率为89.5%,误报率为0.4%。
Abstract:
An unsupervised clustering algorithm is proposed to solve the problem that most of intrusion detections based on clustering algorithm have artificial parameters.This method has no artificial parameter and is not affected by the order of data entrance.The shape of clusters is arbitrary,which can reflect the real distribution of data.By comparing the distances between unlabeled training data,the algorithm merges characters of clusters according to the characters of nearest samples.When each step of clustering is completed,the algorithm identifies the intrusion clusters by comparing the distances of clusters and calculating the rate of samples of each cluster among all samples.The identified clusters can be used in real data detection.The experimental result shows that the detection rate is 89.5% and the false alarm rate is 0.4% in detecting unknown intrusion.

参考文献/References:

[ 1] I lgun K, Kemm erer R A, Porras P A. State transitionana ly sis: A rule-based intrusion detection system [ J].IEEE Transactions on Softw are Eng ineer ing, 1995,21( 3) : 181- 199.

[ 2] Portnoy L, Esk in E, Stolfo S J. In trusion detectionw ith un labeled data using cluster ing [ A]. Proceed ing so fACM CSSWo rkshop on DataM in ing App lied to Security( DM SA-2001) [ C ]. Ph ilade lph ia, PA, USA:ACM, 2001. 1- 14.
[ 3] Jiang Sh Y, Song X Y, W angH, et a.l A c luste ringbasedm ethod fo r unsuperv ised intrusion de tections[ J]. Patte rn Recognition Letters, 2006, 27( 7): 802- 810.
[ 4] 罗敏, 王丽娜, 张焕国. 基于无监督聚类的入侵检测方法[ J]. 电子学报, 2003, 31( 11): 1713- 1716.
[ 5] H an J, K amber M. 数据挖掘概念与技术[M ]. 北京: 机械工业出版社, 2001.
[ 6] KDD Cup 1999. KDD dataset[ EB /OL]. http: / /kdd.ics. uc.i edu/ databases/kddcup99 /kddcup99. htm ,l 1999- 10- 28.
[ 7] Barbara D, Jajodia S. Applications o f data m in ing incompu ter secur ity[M ]. Norwe l,l MA, USA: K luw eracadem ic pub lish, 2002. 77- 102.
[ 8] 梁铁柱, 李建成, 王晔. 一种应用聚类技术检测网络入侵的新方法[ J]. 国防科技大学学报, 2002,24( 12): 59- 63.

相似文献/References:

[1]潘志松,倪桂强,谭琳,等.异常检测中单类分类算法和免疫框架设计[J].南京理工大学学报(自然科学版),2006,(01):48.
 PAN Zhi-song,NI Gui-qiang,TAN Ling,et al.One-class Classification and Immune Framework in Abnormal Detection[J].Journal of Nanjing University of Science and Technology,2006,(03):48.
[2]耿夏琛,李千目,叶德忠,等.基于粗糙加权平均单依赖估计的入侵检测算法[J].南京理工大学学报(自然科学版),2017,41(04):420.[doi:10.14177/j.cnki.32-1397n.2017.41.04.004]
 Geng Xiachen,Li Qianmu,Ye Dezhong,et al.Intrusion detection algorithm based on rough weightily averaged one-dependence estimators[J].Journal of Nanjing University of Science and Technology,2017,41(03):420.[doi:10.14177/j.cnki.32-1397n.2017.41.04.004]

备注/Memo

备注/Memo:
基金项目: 江苏省自然科学基金( BK2008403)
作者简介: 王飞( 1977- ) , 男, 博士生, 主要研究方向: 信息安全, E-mail: wangleea@ yahoo. com. cn;?
通讯作者: 王执铨( 1939- ) , 男, 教授, 博士生导师, 主要研究方向: 大系统的故障检测与容错控制, 混沌理论及其应用等, E-mail:wangzqwhz@ yahoo. com. cn。
更新日期/Last Update: 2012-11-19