摘要
入侵检测中对知入侵的检测主要由异常检测完成,传统的异常检测方法需要构造一个正常行为特征轮廓的参考模型,但建立该特征轮廓和确定异常性报警的门限值都比较困难,而且建立该特征轮廓使系统开销大。据此本文提出一种针对入侵检测的聚类算法和一种数据处理方法。该算法通过动态更新聚类中心和类内最大距离实现,收敛速度快,再结合对数据的预处理使聚类效果更好。实验结果表明,此算法用于以未知入侵检测为代表的特殊模式检测方面是可行和有效的。
Traditional abnormal detection methods need a reference model with a profile of normal action, but building the character profile and specifying threshold of abnormal alarm are difficult. So this paper puts forward intrusion detection in combination with clustering and data processing . This algorithm comes true dynamicly updating the center of cluster and the biggest distance within cluster with fast convergence. The effect is better with the help of pre-processing the data. By means of simulated experiments, this algorithm is proved feasible and efficient for unknown intrusion detection.
出处
《重庆大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2004年第3期46-48,52,共4页
Journal of Chongqing University
基金
国家自然科学基金资助项目(60271019)
重庆市应用基础研究资助项目(7370)
