计算机工程与应用 ›› 2012, Vol. 48 ›› Issue (20): 112-116.

• 网络、通信、安全 • 上一篇    下一篇

数据流聚类算法在入侵检测中的应用

黄红艳,安素芳   

  1. 石家庄经济学院 信息工程学院,石家庄 050031
  • 出版日期:2012-07-11 发布日期:2012-07-10

Application of data stream clustering algorithm in intrusion detection

HUANG Hongyan, AN Sufang   

  1. College of Information Engineering, Shijiazhuang University of Economics, Shijiazhuang 050031, China
  • Online:2012-07-11 Published:2012-07-10

摘要: 处理数据流的能力成为入侵检测系统面临的挑战,针对这一现状提出DC-stream算法,该算法采用在线离线两阶段聚类,设计了一套缓冲式异常点处理机制,在保证数据流聚类效率和精度的同时,能够过滤噪音数据。实验结果证明,该算法能在海量的网络数据流中及时有效地发现入侵行为,并具有较强的抗干扰能力。

关键词: 入侵检测, 核心微簇, 缓冲微簇, 聚类纯度

Abstract: The capacity of dealing with data streams has become a challenge for intrusion detection system. A DC-stream algorithm is proposed in view of this situation. Adopting both online and offline clustering, the DC-stream algorithm designs a buffer type anomaly detection mechanism, which can not only ensure the efficiency and accuracy of the data stream clustering, but also filter the noise data. The experimental result shows that the algorithm can detect intrusion behaviors in the mass network data stream timely and effectively, and has strong anti-
interference ability.

Key words: intrusion detection, core micro cluster, buffer micro cluster, cluster purity