基于混合式聚类算法的离群点挖掘在异常检测中的应用研究

为了提高异常检测系统的检测率,降低误警率,解决现有异常检测所存在的问题,将离群点挖掘技术应用到异常检测中,提出了一种基于混合式聚类算法的异常检测方法(NADHC)。该方法将基于距离的聚类算法与基于密度的聚类算法相结合从而形成新的混合聚类算法,通过k-中心点算法找出簇中心,进而去除隐蔽性较高的少量攻击行为样本,再将重复增加样本的方法结合基于密度的聚类算法计算出异常度,从而判断出异常行为。最后在KDD CUP 99数据集上进行实验仿真,验证了所提算法的可行性和有效性。

Research on Application of Outlier Mining Based on Hybrid Clustering Algorithm in Anomaly Detection

In order to improve the detection rate of anomaly detection system,reduce the false alarm rate,and solve the problems existing in the current anomaly detection,outlier mining techniques were applied to anomaly detection,and this paper presented a network anomaly detection method based on hybrid clustering algorithm (NADHC).In the method,the clustering algorithm based on distance is combined with the density clustering algorithm to form a new hybrid clustering algorithm.The method is based on the k-medoids algorithm to find out the cluster centers.Next,NADHC removes a small amount of attack behavior samples which has obvious characteristics of high concealment,then calculates the abnormal degree by the repeated increasing samples combined with density-based clustering method to determine the abnormal behavior.NADHC algorithm was validated on KDD CUP 99 dataset.The experimental results show its feasibility and effectiveness.