[1]陈剑,蔡龙征.一种无监督异常入侵检测的簇异常度量方法[J].计算机技术与发展,2013,(04):131-134.
 CHEN Jian,CAI Long-zheng.A Cluster Anomaly Measure Approach for Unsupervised Anomaly Intrusion Detection[J].,2013,(04):131-134.
点击复制

一种无监督异常入侵检测的簇异常度量方法()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2013年04期
页码:
131-134
栏目:
安全与防范
出版日期:
1900-01-01

文章信息/Info

Title:
A Cluster Anomaly Measure Approach for Unsupervised Anomaly Intrusion Detection
文章编号:
1673-629X(2013)04-0131-04
作者:
陈剑1蔡龙征2
[1]广东科学技术职业学院 计算机工程技术学院;[2]中南民族大学 工商学院
Author(s):
CHEN JianCAI Long-zheng
关键词:
无监督异常检测入侵检测网络安全聚类
Keywords:
unsupervised anomaly detectionintrusion detectionnetwork securityclustering
文献标志码:
A
摘要:
文中主要研究用Pearson相关系数计算记录与簇、簇与簇间符号属性距离的方法;在这个方法中,提出了一种新的簇异常度量-近似平均距离AAD, AAD综合了一个簇的局部异常度,即簇的内部点密度,和该簇在整个簇结构中的全局异常度,即该簇与其它簇的距离;提出了依据AAD对聚类后的簇分类,并以已分类簇结构作为检测模型进行无监督异常检测的方法,通过异常检测能及时地对每个记录分类,从而能及时发现入侵行为,减小由入侵造成的损失;最后用KDD 99评估数据集所作的实验表明,用AAD作为簇的分类度量的方法比其它相关研究具有更高的检测率和更低的误警率
Abstract:
Mainly study the method of Pearson correlation coefficient to calculate the symbol attribute distance between record and cluster, cluster and cluster. A new metric,Approximate Average Distance ( AAD),is proposed as cluster anomaly measure. AAD combines a cluster's local anomaly,the number of members,and its global anomaly,the distance with other clusters. An approach of unsupervised a-nomaly intrusion detection is also studied,in which records are checked with the classified clusters as detection models. To timely find in-trusion behavior,reduce the loss caused by the invasion. Empirical experiments with the KDD 99 data set show that AAD can detect intru-sions with relatively high detection rate and low false alarm rate compared with other researches

相似文献/References:

[1]李雷 丁亚丽 罗红旗.基于规则约束制导的入侵检测研究[J].计算机技术与发展,2010,(03):143.
 LI Lei,DING Ya-li,LUO Hong-qi.Intrusion Detection Technology Research Based on Homing - Constraint Rule[J].,2010,(04):143.
[2]高峥 陈蜀宇 李国勇.混合入侵检测系统的研究[J].计算机技术与发展,2010,(06):148.
 GAO Zheng,CHEN Shu-yu,LI Guo-yong.Research of a Hybrid Intrusion Detection System[J].,2010,(04):148.
[3]林英 张雁 欧阳佳.日志检测技术在计算机取证中的应用[J].计算机技术与发展,2010,(06):254.
 LIN Ying,ZHANG Yan,OU Yang-jia.Application of Log Testing Technology in Computer Forensics[J].,2010,(04):254.
[4]李钦 余谅.基于免疫遗传算法的网格入侵检测模型[J].计算机技术与发展,2009,(05):162.
 LI Qin,YU Liang.Grid Intrusion Detection Model Based on Immune Genetic Algorithm[J].,2009,(04):162.
[5]黄世权.网络存储安全分析[J].计算机技术与发展,2009,(05):170.
 HUANG Shi-quan.Analysis of Network Storage's Safety[J].,2009,(04):170.
[6]李睿 肖维民.基于孤立点挖掘的异常检测研究[J].计算机技术与发展,2009,(06):168.
 LI Rui,XIAO Wei-min.Research on Anomaly Intrusion Detection Based on Outlier Mining[J].,2009,(04):168.
[7]胡琼凯 黄建华.基于协议分析和决策树的入侵检测研究[J].计算机技术与发展,2009,(06):179.
 HU Oiong-kai,HUANG Jian-hua.Intrusion Detection Based on Protocol Analysis and Decision Tree[J].,2009,(04):179.
[8]汪世义.基于优化支持向量机的网络入侵检测技术研究[J].计算机技术与发展,2009,(07):177.
 WANG Shi-yi.Network Intrusion Detection Based on Improved Support Vector Machine[J].,2009,(04):177.
[9]薛俊 陈行 陶军.一种基于神经网络的入侵检测技术[J].计算机技术与发展,2009,(08):148.
 XUE Jun,CHEN Hang,TAO Jun.Technology of Intrusion Detection Based on Neural Network[J].,2009,(04):148.
[10]李生 邓一贵 唐学文 潘磊 林玉香.基于移动代理的分布式入侵检测系统的研究[J].计算机技术与发展,2009,(09):132.
 LI Sheng,DENG Yi-gui,TANG Xue-wen,et al.Research of Mobile Agent - Based Distributed Intrusion Detection System[J].,2009,(04):132.

更新日期/Last Update: 1900-01-01