基于免疫遗传聚类的异常检测系统

免疫算法是在保留遗传算法优良特性的基础上有目的、有选择的利用待求问题中的特征信息来抑制进化过程中出现的种群退化现象,算法核心是免疫算子(接种疫苗和免疫选择)的构造。基于免疫遗传算法的聚类不仅能够有效克服传统聚类方法对初始化敏感、依赖聚类原型、进化后期容易早熟等缺点,而且聚类结果能够快速收敛到全局最优。本文将这种聚类方法用于网络异常检测中,构造基于免疫遗传聚类的异常检测系统,该系统可实现对海量异构多维原始数据的异常检测,并且能够检测到网络未知攻击。本文在KDD CUP99数据集中进行了对比仿真实验,实验结果表明该算法能够得到较高的已知攻击和未知攻击检测率以及较低的误警率,检测系统性能优良。

Intrusion detection based on immune clustering algorithm

Based on Genetic Algorithm's properties and holding the advantages of GA,Immune algorithm is proposed with analogies to the concept and the theory immunity in biotic science.And IA use the characteristic information to restrain the degeneration of the population evolution.The core of the algorithm lies on constructing the immune operator that is realized by vaccination and immune selection.The clustering algorithm base on immune genetic method can neither be independent of data distribution and sensitive to initialization nor be easy to get trapped into local optima.And the result of clustering can converge to the global optimal value quickly.The clustering algorithm is employed to detect the network intrusions in this paper.And the anomaly detection system can detect the attacks on the mass mixed n-dimension data set.Also it can detect the unknown attacks effectively.The simulations on the KDD CUP99 dataset show that this algorithm can achieve superior detection rate of known attacks and unknown attacks and the low false positive rate.So the system performs excellently.