期刊文献+

基于SSC-tree流聚类的入侵检测算法

Intrusion detection algorithm based on SSC-tree stream clustering
下载PDF
导出
摘要 由于数据流具有快速、无限、突发等特性,实现高速网络下的实时入侵检测已成为一个难题。设计一种维持数据流概要特征的相似搜索聚类树(similarity search cluster-tree,SSC-tree)结构,在此基础上提出一种基于SSC-tree的流聚类算法用于高速网络的入侵检测。为适应高速、突发到达的数据流,算法采用了链式缓存、捎带处理和局部聚类策略。SSC-tree中的链式缓存区用于临时存放数据流突发时算法不能及时处理的数据对象,缓冲区中的内容随后被捎带处理。在高速数据流未插入SSC-tree参与全局聚类之前,利用局部聚类产生微簇来适应高速流的到达。实验结果表明,该算法具有良好的适用性,能够在高速网络环境下产生较好的聚类精度,有效实现高速网络环境下的入侵检测。 As data streams show the fast,unlimited and bursting characteristics,real-time intrusion detection in high-speed networks becomes a problem.A similarity search cluster-tree(SSC-tree) is designed to maintain the summary feature of data streams and a clustering algorithm based on the SSC-tree is proposed to detect intrusion in high-speed networks.In order to process high speed and bursting streams in time,chaining buffer,piggyback and local cluster mechanisms are used.The chaining buffer in SSC-tree is used to store temporary data stream objects which are piggybacked later to solve the problem that high-speed streams cannot be clustered in time when the bursting data streams arrive.Besides,in order to meet the arrival of high-speed stream,the algorithm introduces a local cluster mechanism,which is the process of pre-clustering to produce local micro-clusters before data stream objects are inserted in the SSC-tree.The experiment results show that the proposed algorithm has good applicability and high clustering accuracy in high-speed networks.It can detect the intrusion in high-speed networks effectively.
出处 《系统工程与电子技术》 EI CSCD 北大核心 2012年第3期625-630,共6页 Systems Engineering and Electronics
基金 国家自然科学基金(61071093) 高等学校博士学科点专项科研基金(20093223120001) 江苏省科技支撑计划(BE2009063 BE2009158) 江苏省自然科学基金(K2009426) 信息安全国家重点实验室开放课题(03-01-1) 江苏高校优势学科建设工程(yx002001)资助课题
关键词 入侵检测 聚类 数据流 高速网络 intrusion detection cluster data streams high speed network
  • 相关文献

参考文献18

  • 1Anyanwu L O,Keengwe J,Arome G A.Scalable intrusion detectionwith recurrent neural networks[C]∥Proc.of the ITNG2010-7th International Conference on Information Technology:NewGenerations,2010:919-923. 被引量:1
  • 2Patel A,Qassim Q,Wills C.A survey of intrusion detection andprevention systems[J].Information Management and ComputerSecurity,2010,18(4):277-290. 被引量:1
  • 3Farran B,Saunders C,Niranian M.Machine learning for intru-sion detection:modeling the distribution shift[C]∥Proc.of theIEEE International Workshop on Machine Learning for SignalProcessing,2010:232-237. 被引量:1
  • 4Lee W K,Stolfo S J,Mok K W.A data mining framework forbuilding intrusion detection models[C]∥Proc.of the IEEEComputer Society Symposium on Research in Security and Pri-vacy,1999:120-132. 被引量:1
  • 5Lee W K,Stolfo S J.A framework for constructing features andmodels for intrusion detection systems[J].ACM Trans.onInformation and System Security,2000,3(4):227-261. 被引量:1
  • 6Ektefa M,Memar S,Sidi F,et al.Intrusion detection usingdata mining techniques[C]∥Proc.of the International Confer-ence on Information Retrieval and Knowledge Management:Exploring the Invisible World,2010:200-203. 被引量:1
  • 7Gudadhe M,Prasad P,Wankhade K.A new data mining basednetwork intrusion detection model[C]∥Proc.of the Interna-tional Conference on Computer and Communication Technology,2010:731-735. 被引量:1
  • 8Aggarwal C C,Han J W,Wang J Y,et al.A framework forclustering evolving data streams[C]∥Proc.of the 29th Interna-tional Conference on Very Large Data Bases,2003:81-92. 被引量:1
  • 9Cao F,Ester M,Qian W N,et al.Density-based clustering overan evolving data stream with noise[C]∥Proc.of the 6th SIAMInternational Conference on Data Mining,2006:326-337. 被引量:1
  • 10Hornq S J,Su M Y,Chen Y H,et al.A novel intrusion detec-tion system based on hierarchical clustering and support vectormachines[J].Expert Systems with Applications,2011,38(1):306-313. 被引量:1

二级参考文献38

共引文献24

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部