摘要
K-means算法以硬聚类划分思想被广泛应用于入侵检测系统,这种严格的边界划分方法在对许多新衍生类入侵数据检测时,易出现检测率低、误检率高的情况。同时,当处理复杂网络访问数据时,采用固定的k值不够灵活,也影响检测的准确性。结合三支决策思想,对传统K-means算法进行了改进,提出了基于三支动态阈值K-means聚类的入侵检测算法。该算法通过动态阈值调整,可以优化聚类的数量,在一定程度上消除了固定k值对入侵检测效果的影响。将离群的不确定性网络数据进行分离和延迟判断,通过二次聚类重新划分后再做决策。在KDD Cup99数据集上实验结果表明,当攻击类型逐渐增多、攻击行为更加复杂时,改进后的K-means算法在检测率和误检率上显著优于传统K-means算法。
K-means algorithm was widely used in intrusion detection system with the idea of hard clustering dividing.Such strict boundary dividing method could lead to low detection rate and high false detection rate when facing kinds of new derived intrusion data.Furthermore,the fixed value k was not flexible enough,to deal with complex network data sets and affected the accuracy of detection.The traditional K-means algorithm was improved.And an algorithm of intrusion detection based on three-way dynamic threshold K-means clustering was proposed.It could improve the performance of clustering and eliminate the influence of the fixed value k on intrusion detection by adjusting threshold dynamically.The withdrawn data were separated and judged by delaying to make accurate divisions after second clustering.The experimental results on KDD Cup99 data sets showed that the improved K-means algorithm outperformed the traditional K-means algorithm significantly in detection rate and false detection rate,while the attack types increased and the attack behaviors became more complex.
作者
解滨
董新玉
梁皓伟
XIE Bin;DONG Xinyu;LIANG Haowei(College of Computer and Cyber Security, Hebei Normal University, Shijiazhuang 050024, China;Hebei Provincial Key Laboratory of Network & Information Security, Shijiazhuang 050024, China;Key Laboratory of Data Science and Intelligence Application, Fujian Province University,Zhangzhou 303000, China)
出处
《郑州大学学报(理学版)》
CAS
北大核心
2020年第2期64-70,共7页
Journal of Zhengzhou University:Natural Science Edition
基金
国家自然科学基金项目(61573127)
河北省自然科学基金项目(A2018205103)。
