| 一种基于克隆网络聚类的入侵检测方法 |
| |
| 引用本文: | 张喆,白琳.一种基于克隆网络聚类的入侵检测方法[J].计算机应用,2007,27(1):128-131. |
| |
| 作者姓名: | 张喆 白琳 |
| |
| 作者单位: | 1. 兰州理工大学,计算机与通信学院,甘肃,兰州,730000
2. 西安邮电学院,信息中心,陕西,西安710061 |
| |
| 基金项目: | 甘肃省自然科学基金
,
陕西省中青年科研基金
,
西安邮电学院校科研和教改项目 |
| |
| 摘 要: | 将免疫克隆策略用于网络结构的聚类中,能够得到克隆网络对数据进行合理的聚类分析。采用克隆网络对入侵检测数据进行学习,即用一个小规模网络来表示海量数据,完成数据的压缩表示。再利用图论中的最小生成树对克隆网络的结构进行聚类分析,从而获得描述正常行为和异常行为的数据特征,实现合理的聚类。该算法可实现对大规模无标识原始数据的入侵检测,区分正常和异常行为,并能检测到未知攻击。在KDD CUP99数据集中进行了对比仿真实验,实验结果表明:相对于以前的算法,该算法较大地提高了对已知攻击和未知攻击的入侵检测率,并降低了误警率。
|
| 关 键 词: | 免疫克隆策略 克隆网络 无监督聚类 入侵检测 |
| 文章编号: | 1001-9081(2007)01-0128-04 |
| 收稿时间: | 2006-07-05 |
| 修稿时间: | 2006-07-05 |
Intrusion detection method based on clonal network clustering |
| |
| ZHANG Zhe,BAI Lin.Intrusion detection method based on clonal network clustering[J].journal of Computer Applications,2007,27(1):128-131. |
| |
| Authors: | ZHANG Zhe BAI Lin |
| |
| Abstract: | Reasonable clustering analysis of data done by clonal network can be obtained when the strategy of immunity cloning is applied to network clustering.By expressing the magnanimity datum with a small-scale network,clonal network structure was adopted in training the intrusion detection so as to get the compressed data.What's more,the Minimal Spanning Tree in the term of Graph Theory was employed to perform clustering analysis on network structure and achieve the characterization of normal and abnormal data finally.This clustering algorithm can deal with network intrusion detection from mass unlabeled data,distinguish between normal and abnormal data and detect unknown attacks.The computer simulations on the KDD CUP99 dataset show that this algorithm can achieve higher detection rate of known or unknown attacks and lower false positive rate when compared with the previous algorithms. |
| |
| Keywords: | immunity clonal strategy clonal network unsupervised clustering intrusion detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
