铁道学报
鐵道學報
철도학보
2010年
1期
49-53
,共5页
网络异常检测%半监督聚类%基于网格的聚类
網絡異常檢測%半鑑督聚類%基于網格的聚類
망락이상검측%반감독취류%기우망격적취류
network anomaly detection%semi-supervised clustering%grid-based clustering
入侵检测是维护网络安全的重要技术手段之一.本文提出一种聚类算法:k-cubes,用于网络异常检测.算法采用基于网格的方法对网络连接数据进行预处理,然后以网格为数据处理单位进行聚类,在聚类过程中通过动态合并与分裂自动决定聚类的数目.在此基础上给出了半监督k-cubes聚类算法,并根据聚类的结果生成检测规则.k-cubes聚类算法适合处理高维并且含有多值字符属性的大数据量数据,同时具有输入参数少等特点.在KDD99入侵检测数据集上的实验结果显示,算法获得95.82%的检测率和1.25%的误报率,并且在识别新入侵的能力上,算法检测到17种新入侵中的15种.
入侵檢測是維護網絡安全的重要技術手段之一.本文提齣一種聚類算法:k-cubes,用于網絡異常檢測.算法採用基于網格的方法對網絡連接數據進行預處理,然後以網格為數據處理單位進行聚類,在聚類過程中通過動態閤併與分裂自動決定聚類的數目.在此基礎上給齣瞭半鑑督k-cubes聚類算法,併根據聚類的結果生成檢測規則.k-cubes聚類算法適閤處理高維併且含有多值字符屬性的大數據量數據,同時具有輸入參數少等特點.在KDD99入侵檢測數據集上的實驗結果顯示,算法穫得95.82%的檢測率和1.25%的誤報率,併且在識彆新入侵的能力上,算法檢測到17種新入侵中的15種.
입침검측시유호망락안전적중요기술수단지일.본문제출일충취류산법:k-cubes,용우망락이상검측.산법채용기우망격적방법대망락련접수거진행예처리,연후이망격위수거처리단위진행취류,재취류과정중통과동태합병여분렬자동결정취류적수목.재차기출상급출료반감독k-cubes취류산법,병근거취류적결과생성검측규칙.k-cubes취류산법괄합처리고유병차함유다치자부속성적대수거량수거,동시구유수입삼수소등특점.재KDD99입침검측수거집상적실험결과현시,산법획득95.82%적검측솔화1.25%적오보솔,병차재식별신입침적능력상,산법검측도17충신입침중적15충.
Intrusion detection is one of the most important techniques in the domain of network security. This paper proposes a novel clustering algorithm, named k-cubes, for network anomaly detection. The network connection data are preprocessed with a grid-based algorithm. Then the grid cells are clustered with the proposed method. The number of clusters is automatically decided by dynamically merging and splitting of clusters. Also the semi-supervised version of k-cubes is presented. Detection rules are produced according to the clustering result. This method is suitable for processing large amount of high dimensional datasets with a lot of symbolic attribute values. It also limits the number of inputting parameters. Experimental results on the KDD99 intrusion detection datasets show that our algorithm achieves a detection rate of 95.82% with a false positive rate of 1.25%, and it detects 15 out of 17 new type of intrusions.
