基于粗糙熵的离群点检测方法及其在无监督入侵检测中的应用

香农的信息熵被广泛用于粗糙集.利用粗糙集中的粗糙熵来检测离群点,提出一种基于粗糙熵的离群点检测方法,并应用于无监督入侵检测.首先,基于粗糙熵提出一种新的离群点定义,并设计出相应的离群点检测算法-–基于粗糙熵的离群点检测(rough entropy-based outlier detection,REOD);其次,通过将入侵行为看作是离群点,将REOD应用于入侵检测中,从而得到一种新的无监督入侵检测方法.通过多个数据集上的实验表明,REOD具有良好的离群点检测性能.另外,相对于现有的入侵检测方法,REOD具有较高的入侵检测率和较低的误报率,特别是其计算开销较小,适合于在海量高维的数据中检测入侵.

A rough entropy-based approach to outlier detection and its application in unsupervised intrusion detection

The information entropy, proposed by Shannon, has been widely used in rough sets. In this paper, we use the rough entropy in rough sets to detect outliers, and propose a rough entropy-based outlier detection approach, which is applied to unsupervised intrusion detection. Firstly, we propose a new definition for outliers based on rough entropy, and design an algorithm called rough entropy-based outlier detection(REOD) to find such outliers. Then, we regard intrusion activities as outliers and apply the REOD to intrusion detection, from which a novel approach for unsupervised intrusion detection is obtained. Experiments on several data sets demonstrate that the REOD performs well for outlier detection. In addition, compared with existing intrusion detection methods, the REOD can detect attacks with high detection rate and low false positive rate. Especially, the computational cost of the REOD is low, and it is suitable for intrusion detection on massive and high dimensional data.