| 有指导的入侵检测方法研究 |
| |
| 引用本文: | 蒋盛益,李庆华.有指导的入侵检测方法研究[J].通信学报,2006,27(3):86-93. |
| |
| 作者姓名: | 蒋盛益 李庆华 |
| |
| 作者单位: | 1. 广东外语外贸大学,信息学院,广东,广州,510420;广东省信息安全技术重点实验室,广东,广州,510275
2. 华中科技大学,计算机学院,湖北,武汉,430074 |
| |
| 基金项目: | 中国科学院资助项目;广东外语外贸大学校科研和教改项目 |
| |
| 摘 要: | 基于一种用于混合属性数据的距离定义和改进的最近邻分类方法,提出了一种基于聚类的有指导的入侵检测方法。该方法首先利用一趟聚类算法对训练集进行聚类,再利用数据的标识和少数服从多数的原则将聚类标识为“正常”或“攻击”,以标识的聚类作为分类模型对数据进行分类。理论分析表明提出的检测方法关于数据集大小和属性个数具有近似线性时间复杂度。不同于一般的有指导的入侵检测方法,改进的最近邻方法从理论上保证了该方法对未知入侵有一定的检测能力。在KDDCUP99数据集上的测试结果表明,该方法有高的检测率和低的误报率。
|
| 关 键 词: | 入侵检测 距离定义 聚类 最近邻分类法 |
| 文章编号: | 1000-436X(2006)03-0086-08 |
| 收稿时间: | 2005-01-14 |
| 修稿时间: | 2006-01-04 |
Research on supervised intrusion detection method |
| |
| JIANG Sheng-yi,LI Qing-hua.Research on supervised intrusion detection method[J].Journal on Communications,2006,27(3):86-93. |
| |
| Authors: | JIANG Sheng-yi LI Qing-hua |
| |
| Abstract: | A clustering-based and supervised intrusion detection method was proposed with new distance definition for mixed-attribute data and improved nearest neighbor classification method. The method first clusters training data by one-pass clustering algorithm, then the cluster was labeled with normal or attack by the labels of data belongs to the clus-ter and voting rule. The labeled clusters are used to classifying data. Time complexity of the method is linear with the size of dataset and nearly linear with the number of attributes. It is different from existing supervised intrusion detection methods that the improvement for NN method ensures that the proposed intrusion detection approach can detect unknown intrusions in theory. The experiment results on dataset KDDCUP99 demonstrate that the method has promising perform-ance with high detection rate and low false alarm rate. |
| |
| Keywords: | intrusion detect distance definition clustering nearest neighbor classification |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
