摘要
研究基于无监督式聚类的入侵检测算法,提出一种无监督式方法来检测和鉴定未知的异常行为。该方法不依赖于具有标签的数据流。这种无监督的检测采用的是健壮的数据聚类技术,并结合了证据累积的子空间聚类和交互式聚类结果协同的方法来探测性地识别网络数据流量的异常。实验结果表明该无监督式检测技术提高了检测的鲁棒性,检测到的异常行为特征是通过构建高效规则来描述的。检测过程和特征表述的性能在实时网络环境下得到验证。
We discuss an unsupervised clustering-based intrusion detection algorithm,and introduce an unsupervised approach to detect and characterise the network anomalies which does not rely on traffic flows with labels. Such unsupervised detection is accomplished by means of robust data clustering techniques. By combining sub-space clustering with evidence accumulation and inter-clustering results association it blindly identifies the anomalies in traffic flows. Experimental results demonstrate that the unsupervised detection improves the robustness of the detection. The characteristics of the anomalies detected are described by building efficient filtering rules. The detection process and characterisation performances of the unsupervised approach are validated in real network environment.
出处
《计算机应用与软件》
CSCD
北大核心
2014年第8期307-310,共4页
Computer Applications and Software
基金
山东省泰安市科技计划发展项目(20131018)
关键词
无监督式检测
特征表述
独异点检测
过滤规则
异常相关性
Unsupervised detection Characterisation Outliers detection Filtering rules Anomaly correlation
