摘要
针对传统K均值聚类算法全局搜索能力差、需要设定初始聚类个数等问题,提出一种结合新型布谷鸟搜索(CS)算法和自适应K均值算法的入侵检测模型(NCS-AKM),为提高布谷鸟搜索算法的种群多样性,引入类似差分进化策略有选择地对种群进行变异重组。利用KDD Cup99数据集构造训练数据和包含4个阶段的在线测试数据,在第3、4阶段分别引入新的攻击。结果表明,该检测模型能够准确地识别出新入侵,对测试集中4种攻击类型的总体检测率高达83.4%(各阶段:70.8%~89.9%),误报率为6.3%(各阶段:3.0%~11.5%),具有较高的检测性能和具有说服力的聚类结果。
In consideration of the shortcomings of traditional K-means clustering algorithm,such as poor global search ability and artificial initial cluster number,an intrusion detection system using adaptive K-means algorithm optimized by novel Cuckoo Search algorithm(NCS-AKM) was proposed.In order to increase the diversity of CS algorithm,a similar differential evolution strategy was introduced to complete the individual variation.The KDD Cup99 dataset was applied to rebuild the training data and the fourphase testing data where a new attack was introduced respectively in third and fourth phase.The experiment indicates that NCSAKM system is sensitive to new attacks,obtaining satisfied detection performance as well as convincing clustering result,and the overall detection rate of four attacks is as high as 83.4%(range:70.8%~89.9%),while the false positive rate is 6.3%(range:3.0% ~ 11.5%).
出处
《计算机与现代化》
2017年第11期95-99,104,共6页
Computer and Modernization
基金
国家863计划项目(2012AA010904)
关键词
布局鸟搜索算法
K均值聚类算法
入侵在线检测
自动聚类数
差分进化
cuckoo search (CS) algorithm
K-means
intrusion online detection
automatic clusters number
differential evolution
