基于CSA无监督模糊聚类算法的异常检测方法

为解决模糊k 均值算法对初始化敏感及易陷入局部极值的不足，提出了基于克隆选择算法(CSA)的无监督模糊聚类异常入侵检测方法. 应用结合了具有进化搜索、全局搜索、随 机搜索和局部搜索特点的克隆算子快速得到了全局最优聚类，并应用模糊检测算法检测网络中的异常行为模式. 该方法的优点是不需要人工对训练集分类，并且可以检测出未知的攻击. 仿真试验表明，该方法不但能检测出未知的攻击，而且具有较低的误报率和较高的检测率.

Anomaly Detection Method Based on CSA-Based Unsupervised Fuzzy Clustering Algorithm

A novel intrusion detection method based on clonal selection algorithm (CSA)-based unsupervised fuzzy clustering algorithm was presented for solving the problem of fuzzy k-means algorithm which is much more sensitive to the initialization and is easy to fall into local optimization. With the method, the global optimal clustering with clonal operator which combines the evolutionary search, the global search, the stochastic search and the local search could be quickly obtained, in the mean time, the abnormal network behavior patterns with fuzzy detection algorithm could be detected. The benefit of this algorithm is that it does not need the labeled training data sets and it could detect unknown intrusion. Simulation results show that the method mentioned above will be able to detect unknown intrusions with lower false positive rate and higher detection rate.