«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

j. issn.1673-629X.2019.03.024]
点击复制

改进的聚类算法在网络异常行为检测中的应用()

分享到：

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:: 29
期数:: 2019年03期

页码:: 111-116

栏目:: 安全与防范

出版日期:: 2019-03-10

文章信息/Info

Title:: Application of Improved Clustering Algorithm in Network Abnormal Behavior Detection

文章编号:: 1673-629X(2019)03-0111-06

作者:: 辛壮¹; 万良¹; 李均涛²; 1. 贵州大学计算机科学与技术学院,贵州贵阳 550025;2. 贵州财经大学信息学院,贵州贵阳 550025

Author(s):: XIN Zhuang¹; WAN Liang¹; LI Jun-tao²; 1. School of Computer Science and Technology,Guizhou University,Guiyang 550025,China;2. School of Information,Guizhou University of Finance and Economics,Guiyang 550025,China

关键词:: K-means; 最小生成树; 网络异常行为; 聚类; 数据挖掘

Keywords:: K-means; minimum spanning tree; network anomalous behavior; clustering; data mining

分类号:: TP39

DOI:: 10.3969/ j. issn.1673-629X.2019.03.024

摘要:: 网络异常行为检测是对大规模网络数据流量进行分析并发现入侵行为的一种方法。针对基于聚类的网络异常行为检测方法不能及时准确地选择初始聚类中心、无法有效地识别非球状簇等问题,提出一种改进的聚类算法应用在网络异常行为检测中。该方法使用最小生成树算法获得初始聚类中心,使用改进的 K-means 聚类算法区分异常行为与正常行为,通过距离比值判断聚类效果,提高了聚类效果的准确性。通过应用有监督学习的方式对聚类结果进行检测,结果表明,改进的聚类算法能够更好地识别初始聚类中心,并进行更加有效的聚类,能够更加准确地检测出网络异常行为。

Abstract:: Network abnormal behavior detection is a method to analyze and discover the intrusion behavior of large-scale network data flow. The anomalous behavior detection method based on clustering cannot timely and correctly select the initial clustering center,and is unable to effectively identify the globular clusters. In order to solve these problems,we propose an improved clustering algorithm in the network abnormal behavior detection. This method obtains the initial clustering center by using the minimum spanning tree algorithm, distinguishing the abnormal behavior from the normal behavior by the improved K-means clustering algorithm and judging the clusteringeffect by the distance ratio,which improves the accuracy of the clustering effect. The results tested by supervised learning show that theimproved clustering algorithm can better identify the initial clustering center and make more effective clustering,and detect the network anomaly behavior more accurately.

相似文献/References:

[1]范新沈闻丁泉勋沈洁.基于正例和未标文档的半监督分类研究[J].计算机技术与发展,2009,(06):58.
　FAN Xin,SHEN Wen,DING Quan-xun,et al.Research on Semi- Supervised Classification Based on Positive and Unlabeled Text Document[J].,2009,(03):58.
[2]唐启涛陶滔伍海波.基于最小生成树的LEACH路由算法研究[J].计算机技术与发展,2009,(04):109.
　TANG Qi-tao,TAO Tao,WU Hai-bo.Study of Minimum Spanning Tree Routing Algorithm in LEACH[J].,2009,(03):109.
[3]李若鹏李翔林祥李建华.基于DK算法的互联网热点主动发现研究与实现[J].计算机技术与发展,2008,(09):1.
　LI Ruo-peng,LI Xiang,LIN Xiang,et al.Discovering Information Hotspots on Initiative over Internet Based on DK Clustering Algorithm[J].,2008,(03):1.
[4]尹松周永权李陶深.基于稀疏差异度的聚类方法在信息分类中的应用[J].计算机技术与发展,2006,(01):117.
　YIN Song,ZHOU Yong-quan,LI Tao-shen.Research of Sparse Feature Difference-Based Clustering Method Applied to Information Classifying[J].,2006,(03):117.
[5]龙占超蔡超.一种新的指纹细化算法[J].计算机技术与发展,2007,(03):147.
　LONG Zhan-chao,CAI Chao.A New Fingerprint Thinning Algorithm[J].,2007,(03):147.
[6]黄永丽朱会东徐华.基于层次性断层数据的三维重构技术[J].计算机技术与发展,2006,(08):60.
　HUANG Yong-li,ZHU Hui-dong,XU Hua.Technology of 3D Reconstruction Based on Layering Cross - Sections Data[J].,2006,(03):60.
[7]孙宪丽王敏李颖.求解TSP问题的一种启发式算法[J].计算机技术与发展,2010,(10):70.
　SUN Xian-li,WANG Min,LI Ying.A Heuristic Algorithm to Solve Travelling Salesman Problem[J].,2010,(03):70.
[8]朱云贺张春海张博.基于数据分段的K-means的优化研究[J].计算机技术与发展,2010,(11):130.
　ZHU Yun-he,ZHANG Chun-hai,ZHANG Bo.Optimizing Research on K-means Based on Data Partition[J].,2010,(03):130.
[9]何云李辉姚能坚赵榕生.改进K-means算法实现移动通信行为特征分析[J].计算机技术与发展,2011,(06):63.
　HE Yun,LI Hui,YAO Neng-jian,et al.Application of Improved K-Means Algorithm in Mobile Communication Behavioral Characteristic Analysis[J].,2011,(03):63.
[10]黎银环,张剑.改进的 K-means 算法在入侵检测中的应用[J].计算机技术与发展,2013,(01):165.
　LI Yin-huan,ZHANG Jian.Application of Improved K-means Clustering Algorithm in Intrusion Detection[J].,2013,(03):165.

常用功能

工具/Tools

统计/Statistics

摘要浏览/Viewed880
全文下载/Downloads574
评论/Comments