计算机工程与应用 ›› 2006, Vol. 42 ›› Issue (18): 4-8.
• 博士论坛 • 上一篇 下一篇
罗敏、阴晓光、张焕国、王丽娜
收稿日期:
修回日期:
出版日期:
发布日期:
Received:
Revised:
Online:
Published:
摘要: 提出了一种将无监督聚类和支持向量机相结合的新的入侵检测方法。算法具有无监督聚类速度快和支持向量机精度高的优点,其基本思想是通过将网络数据包和聚类中心的比较确定是否需要进一步的采用支持向量机进行分类,从而减少了通过支持向量机的数据量,达到速度与精度的统一。实验采用KDD99的测试数据,结果表明,该方法能够有效的检测网络数据中的已知和未知入侵行为。
关键词: 入侵检测, 数据挖掘, 无监督聚类, 支持向量机
Abstract: An intrusion detection algorithm based on unsupervised clustering (UC) and support vector machine (SVM) is presented via combining the fast speed of UC and the high accuracy of SVM. The basic idea of the algorithm is to decide whether to utilize SVM classifier or not by comparing the distances between the network packets and the cluster centers. So the number of packets going through SVM reduces. Therefore, we can get a tradeoff between the speed and accuracy in the detection. Using KDD99 data sets, the experiment result shows that this approach can detect intrusions efficiently in the network connections.
Key words: intrusion detection, data mining, unsupervised clustering, support vector machines
罗敏、阴晓光、张焕国、王丽娜. 基于无监督聚类支持向量机的入侵检测方法研究[J]. 计算机工程与应用, 2006, 42(18): 4-8.
0 / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://cea.ceaj.org/CN/
http://cea.ceaj.org/CN/Y2006/V42/I18/4
