摘要
为了提高入侵检测系统的性能,研究了在入侵检测中如何采用数据挖掘中的关联和聚类算法。对于K-Means聚类算法具有的K值确定困难、易受初始值影响等问题,提出了一种预定距离的聚类方法。针对Apriori关联算法扫描事务数据库次数过多,耗费大量的时间处理候选项集的缺陷,提出了改进的2项、3项频繁项集的矩阵挖掘算法。设计了改进的聚类、关联算法的入侵检测系统,并进行了实验。结果表明,该系统能降低误检率,提高检测效率,能够检测未知入侵类型。
In order to improve the performance of intrusion detection system, research how to use the algorithm of association and cluste- ring in data mining in intrusion detection system. In view of the problem of determining K value hardly and easy influence on initial value, a clustering method of predetermined distance is presented. Aiming at the defects which the Apriori correlation algorithm takes too many time to scan the transaction database,leading to spend a lot of time to deal with candidate set, an improved matrix mining algorithm with the item 2,item 3 frequent item sets is proposed to overcome these disadvantages. And an intrusion detection system based on improved clustering and correlation algorithm is designed, the experiment is carried on. The results show that the system can improve detection effi- ciency accuracy and reduce the false detection rate, which can detect the unknown intrusion type.
出处
《计算机技术与发展》
2015年第7期133-137,共5页
Computer Technology and Development
基金
四川省教育自然科学重点项目(12ZA200)
关键词
聚类
关联
入侵检测系统
异常检测
clustering
association
intrusion detection system
anomaly detection
