摘要
现代网络中用户的行为以及网络结构不断发生变化,因而需要大量已标记的样本数据,用以动态更新入侵检测模式。但是通过手工方式标记学习数据集非常耗时,因此基于标记数据集的检测模型就越来越难以满足实际应用的需要。本文提出了一种使用无标记数据集的基于免疫聚类的异常检测算法,该方法可直接用于检测入侵行为,也可作为建立入侵检测模型的中间步骤,用来提高入侵检测系统的适应性和部署效率。
Traditional intrusion detection methods lack extensibility in face of changing network configurations as well as adaptability in face of unknown attack types. Meanwhile, current machine-learning algorithms need labeled data for training first, so they are computational expensive and somethaes misled by artificial data. In this paper, a new detection algorithm, the Intrusion Detection Based on Immune Clustering algorithm, is proposed. It can automatically establish clusters and detect intruders by compute the outlier factor of each data item. Computer simulations show that this algorithm is effective for intrusion detection.
出处
《计算机科学》
CSCD
北大核心
2005年第7期95-98,共4页
Computer Science
