CAJ | 학술논문

为了提高入侵检测系统(IDS)的告警质量,减少冗余报警,提出了一种基于混沌粒子群优化的 IDS 告警聚类算法.算法将混沌融入到粒子运动过程中,使粒子群在混沌与稳定之间交替运动,逐步向最优点靠近.该算法能够克服粒子群算法的早熟、局部最优等缺点,指导聚类中心寻找到全局最优解.通过理论分析与实验测试,验证了该算法在入侵检测系统中,能够大量减少告警数量,提高告警质量,具有较高的检测率和较低的误报率.
위료제고입침검측계통(IDS)적고경질량,감소용여보경,제출료일충기우혼돈입자군우화적 IDS 고경취류산법.산법장혼돈융입도입자운동과정중,사입자군재혼돈여은정지간교체운동,축보향최우점고근.해산법능구극복입자군산법적조숙、국부최우등결점,지도취류중심심조도전국최우해.통과이론분석여실험측시,험증료해산법재입침검측계통중,능구대량감소고경수량,제고고경질량,구유교고적검측솔화교저적오보솔.
@@@@In order to improve the quality of alerts in intrusion detection system (IDS) and reduce the large number of redundant alarms, an IDS alerts clustering algorithm based on chaotic particle swarm optimization was proposed. It made the motion of particles with characteristics of chaos,so as to make particles move between the state of chaos and stable, and gradually close to the optimal value. The CPSO algorithm could overcome the problem of premature and local opti-mization, and take the center of cluster to find the global optimal solution. The analysis and experiment show that the al-gorithm can significantly reduce the number of alerts and improve its quality, and has a high detection rate and low false detection rate.