摘要
入侵检测系统是一种积极主动的安全防护技术,它是信息安全保护体系结构中的一个重要组成部分.异常检测是入侵检测的一种方法,因其能够检测出未知的攻击而受到广泛的研究.以基于数据挖掘的异常检测技术为研究内容,以提高异常检测的检测率、降低误报率为目标,以聚类分析为主线,提出了一种改进的聚类检测算法和模型,并进行仿真实验.算法首先去除了数据集中明显的噪声和孤立点,通过分裂聚类、合并聚类以及利用超球体的密度半径确定k个初始聚类中心,以减小初始k值的选取对聚类结果造成的影响,提高异常检测效率,并以此构造入侵检测模型.利用KDD CUP 1999数据集对模型进行实验测试,并对改进算法的效果进行了对比和分析.实验证明,新的检测系统具有良好的性能.
IDS(Intrusion Detection system) is an active and driving defense technology. This paper mainly focuses on intrusion detection based on data mining. The aim is to improve the detection rate and decrease the false alarm rate, and the main research method is clustering analysis. The algorithm and model of ID are proposed and corresponding simulation experiments are presented. Firstly, a method to reduce the noise and isolated points on the data set was advanced. By dividing and merging clusters and using the density radius of super sphere, an algorithm to calculate the number of the Cluster Center was given. By the more accurate method of finding K clustering center, an anomaly detection model was presented to get better detection effect. This paper used KDD CUP 1999 data set to test the performance of the model. The results show the system has a higher detection rate and a lower false alarm rate, it achieves expectant aim.
出处
《微电子学与计算机》
CSCD
北大核心
2010年第8期66-69,共4页
Microelectronics & Computer
基金
北京市教委科技创新平台基金项目(PXM2008-014224-067420)
北京信息科技大学科研水平提高项目(5028123900)
关键词
聚类
入侵检测
K-平均
异常检测
clustering analysis
intrusion detection
K-means
anomaly detection
